Azure 內建角色Azure built-in roles

Azure 角色型存取控制 (RBAC) 有數個 Azure 內建角色,可供您指派給使用者、群組、服務主體和受控身分識別。Azure role-based access control (Azure RBAC) has several Azure built-in roles that you can assign to users, groups, service principals, and managed identities. 角色指派是您控制 Azure 資源存取權的方式。Role assignments are the way you control access to Azure resources. 如果內建的角色無法滿足您組織的特定需求,您可以建立自己的 Azure 自訂角色If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles. 如需有關如何指派角色的詳細資訊,請參閱 指派 Azure 角色的步驟For information about how to assign roles, see Steps to assign an Azure role.

本文列出 Azure 內建角色。This article lists the Azure built-in roles. 如果您要尋找 Azure Active Directory (Azure AD) 的系統管理員角色,請參閱 Azure AD 內建角色If you are looking for administrator roles for Azure Active Directory (Azure AD), see Azure AD built-in roles.

下表提供每個內建角色的簡短說明。The following table provides a brief description of each built-in role. 按一下角色名稱,即可查看每個角色的 ActionsNotActionsDataActionsNotDataActions 清單。Click the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. 如需這些動作的意義及其如何套用至管理和資料平面的相關資訊,請參閱了解 Azure 角色定義For information about what these actions mean and how they apply to the management and data planes, see Understand Azure role definitions.

全部All

內建角色Built-in role 描述Description IDID
一般General
參與者Contributor 授與管理所有資源的完整存取權,但不允許您在 Azure RBAC 中指派角色、管理 Azure 藍圖中的指派,或共用映射資源庫。Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c
擁有者Owner 授與管理所有資源的完整存取權,包括在 Azure RBAC 中指派角色的能力。Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635
讀取者Reader 查看所有資源,但不允許您進行任何變更。View all resources, but does not allow you to make any changes. acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7
使用者存取系統管理員User Access Administrator 可讓您管理 Azure 資源的使用者存取。Lets you manage user access to Azure resources. 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9
計算Compute
傳統虛擬機器參與者Classic Virtual Machine Contributor 可讓您管理傳統虛擬機器 (不含虛擬機器所連接的虛擬網路或儲存體帳戶),但無法存取它們。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb
虛擬機器系統管理員登入Virtual Machine Administrator Login 在入口網站中檢視虛擬機器並以系統管理員身分登入View Virtual Machines in the portal and login as administrator 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4
虛擬機器參與者Virtual Machine Contributor 使用 vm 擴充功能來建立和管理虛擬機器、管理磁片和磁片快照集、安裝和執行軟體、重設虛擬機器根使用者的密碼,以及使用 VM 擴充功能管理本機使用者帳戶。Create and manage virtual machines, manage disks and disk snapshots, install and run software, reset password of the root user of the virtual machine using VM extensions, and manage local user accounts using VM extensions. 此角色不會將虛擬機器所連接之虛擬網路或儲存體帳戶的管理存取權授與您。This role does not grant you management access to the virtual network or storage account the virtual machines are connected to. 此角色不允許您在 Azure RBAC 中指派角色。This role does not allow you to assign roles in Azure RBAC. 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c
虛擬機器使用者登入Virtual Machine User Login 在入口網站中檢視虛擬機器並以一般使用者身分登入。View Virtual Machines in the portal and login as a regular user. fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52
網路功能Networking
CDN 端點參與者CDN Endpoint Contributor 可管理 CDN 端點,但無法將存取權授與其他使用者。Can manage CDN endpoints, but can't grant access to other users. 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45
CDN 端點讀者CDN Endpoint Reader 可檢視 CDN 端點,但無法變更。Can view CDN endpoints, but can't make changes. 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd
CDN 設定檔參與者CDN Profile Contributor 可管理 CDN 設定檔及其端點,但無法將存取權授與其他使用者。Can manage CDN profiles and their endpoints, but can't grant access to other users. ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432
CDN 設定檔讀者CDN Profile Reader 可檢視 CDN 設定檔及其端點,但無法變更。Can view CDN profiles and their endpoints, but can't make changes. 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af
傳統網路參與者Classic Network Contributor 可讓您管理傳統網路,但無法存取它們。Lets you manage classic networks, but not access to them. b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f
DNS 區域參與者DNS Zone Contributor 可讓您管理 Azure DNS 中的 DNS 區域與記錄集,但無法讓您控制誰可存取它們。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314
網路參與者Network Contributor 可讓您管理網路,但無法存取它們。Lets you manage networks, but not access to them. 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7
私人 DNS 區域參與者Private DNS Zone Contributor 可讓您管理私人 DNS 區域資源,但不能管理它們所連結的虛擬網路。Lets you manage private DNS zone resources, but not the virtual networks they are linked to. b12aa53e-6015-4669-85d0-8515ebb3ae7fb12aa53e-6015-4669-85d0-8515ebb3ae7f
流量管理員參與者Traffic Manager Contributor 可讓您管理「流量管理員」設定檔,但無法控制誰可以存取它們。Lets you manage Traffic Manager profiles, but does not let you control who has access to them. a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
StorageStorage
Avere 參與者Avere Contributor 可以建立和管理 Avere vFXT 叢集。Can create and manage an Avere vFXT cluster. 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a
Avere 操作員Avere Operator 供 Avere vFXT 叢集用來管理叢集Used by the Avere vFXT cluster to manage the cluster c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
備份參與者Backup Contributor 可讓您管理備份服務,但無法建立保存庫及授與存取權給其他人Lets you manage backup service, but can't create vaults and give access to others 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b
備份操作員Backup Operator 可讓您管理備份服務,但無法移除備份、建立保存庫及為其他人提供存取權Lets you manage backup services, except removal of backup, vault creation and giving access to others 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324
備份讀取者Backup Reader 可以檢視備份服務,但無法進行變更Can view backup services, but can't make changes a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912
傳統儲存體帳戶參與者Classic Storage Account Contributor 可讓您管理傳統儲存體帳戶,但無法存取它們。Lets you manage classic storage accounts, but not access to them. 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25
傳統儲存體帳戶金鑰操作員服務角色Classic Storage Account Key Operator Service Role 「傳統儲存體帳戶金鑰操作員」可以列出及重新產生「傳統儲存體帳戶」的金鑰Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d
資料箱參與者Data Box Contributor 可讓您管理資料箱服務下的所有項目,為他人賦予存取權除外。Lets you manage everything under Data Box Service except giving access to others. add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5
資料箱讀者Data Box Reader 可讓您管理資料箱服務,建立訂單或編輯訂單詳細資料和為他人賦予存取權除外。Lets you manage Data Box Service except creating order or editing order details and giving access to others. 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
Data Lake Analytics 開發人員Data Lake Analytics Developer 可讓您提交、監視及管理您自己的作業,但無法建立或刪除 Data Lake Analytics 帳戶。Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88
讀取者及資料存取Reader and Data Access 可讓您檢視所有內容,但無法讓您刪除或建立儲存體帳戶或內含的資源。Lets you view everything but will not let you delete or create a storage account or contained resource. 也可透過存取儲存體帳戶金鑰,對儲存體帳戶中內含的所有資料進行讀取/寫入存取。It will also allow read/write access to all data contained in a storage account via access to storage account keys. c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349
儲存體帳戶參與者Storage Account Contributor 允許管理儲存體帳戶。Permits management of storage accounts. 支援存取帳戶金鑰,以透過共用金鑰授權來存取資料。Provides access to the account key, which can be used to access data via Shared Key authorization. 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab
儲存體帳戶金鑰操作員服務角色Storage Account Key Operator Service Role 允許列出及重新產生儲存體帳戶存取金鑰。Permits listing and regenerating storage account access keys. 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12
儲存體 Blob 資料參與者Storage Blob Data Contributor 讀取、寫入和刪除 Azure 儲存體的容器和 blob。Read, write, and delete Azure Storage containers and blobs. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe
儲存體 Blob 資料擁有者Storage Blob Data Owner 支援完整存取 Azure 儲存體 blob 容器和資料,包括指派 POSIX 存取控制。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b
儲存體 Blob 資料讀者Storage Blob Data Reader 讀取和列出 Azure 儲存體的容器和 blob。Read and list Azure Storage containers and blobs. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1
儲存體 Blob 委派者Storage Blob Delegator 取得使用者委派金鑰,以針對使用 Azure AD 認證所簽署的容器或 blob,建立共用存取簽章。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 如需詳細資訊,請參閱建立使用者委派 SASFor more information, see Create a user delegation SAS. db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a
儲存體檔案資料 SMB 共用參與者Storage File Data SMB Share Contributor 允許讀取、寫入及刪除 Azure 檔案共用上的檔案/目錄。Allows for read, write, and delete access on files/directories in Azure file shares. 此角色在 Windows 檔案伺服器上沒有內建的對等項。This role has no built-in equivalent on Windows file servers. 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb
儲存體檔案資料 SMB 共用提升權限的參與者Storage File Data SMB Share Elevated Contributor 允許對 Azure 檔案共用上的檔案/目錄,讀取、寫入、刪除和修改 ACL。Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. 此角色相當於 Windows 檔案伺服器上的「變更」檔案共用 ACL。This role is equivalent to a file share ACL of change on Windows file servers. a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7
儲存體檔案資料 SMB 共用讀者Storage File Data SMB Share Reader 允許讀取 Azure 檔案共用上的檔案/目錄。Allows for read access on files/directories in Azure file shares. 此角色相當於 Windows 檔案伺服器上的「讀取」檔案共用 ACL。This role is equivalent to a file share ACL of read on Windows file servers. aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314
儲存體佇列資料參與者Storage Queue Data Contributor 讀取、寫入及刪除 Azure 儲存體的佇列和佇列訊息。Read, write, and delete Azure Storage queues and queue messages. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88
儲存體佇列資料訊息處理者Storage Queue Data Message Processor 從 Azure 儲存體佇列中瞄核、擷取和刪除訊息。Peek, retrieve, and delete a message from an Azure Storage queue. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed
儲存體佇列資料訊息傳送者Storage Queue Data Message Sender 將訊息新增至 Azure 儲存體佇列。Add messages to an Azure Storage queue. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a
儲存體佇列資料讀者Storage Queue Data Reader 讀取和列出 Azure 儲存體的佇列和佇列訊息。Read and list Azure Storage queues and queue messages. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925
WebWeb
Azure 地圖服務資料參與者Azure Maps Data Contributor 授與讀取、寫入和刪除許可權的存取權,以對應 Azure 地圖服務帳戶的相關資料。Grants access to read, write, and delete access to map related data from an Azure maps account. 8f5e0ce6-4f7b-4dcf-bddf-e6f48634a2048f5e0ce6-4f7b-4dcf-bddf-e6f48634a204
Azure 地圖服務資料讀者Azure Maps Data Reader 授權從 Azure 地圖服務帳戶讀取地圖相關資料。Grants access to read map related data from an Azure maps account. 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa
Azure 春季雲端資料讀取器Azure Spring Cloud Data Reader 允許對 Azure 春季雲端資料進行讀取存取Allow read access to Azure Spring Cloud Data b5537268-8956-4941-a8f0-646150406f0cb5537268-8956-4941-a8f0-646150406f0c
搜尋服務參與者Search Service Contributor 可讓您管理「搜尋」服務,但無法存取它們。Lets you manage Search services, but not access to them. 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0
SignalR AccessKey 讀者SignalR AccessKey Reader 讀取 SignalR Service 存取金鑰Read SignalR Service Access Keys 04165923-9d83-45d5-8227-78b77b0a687e04165923-9d83-45d5-8227-78b77b0a687e
SignalR 應用程式伺服器 (預覽) SignalR App Server (Preview) 使用 AAD 驗證選項,讓您的應用程式伺服器存取 SignalR Service。Lets your app server access SignalR Service with AAD auth options. 420fcaa2-552c-430f-98ca-3264be4806c7420fcaa2-552c-430f-98ca-3264be4806c7
SignalR 參與者SignalR Contributor 建立、讀取、更新和刪除 SignalR 服務資源Create, Read, Update, and Delete SignalR service resources 8cf5e20a-e4b2-4e9d-b3a1-5ceb692c27618cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761
SignalR 無伺服器參與者 (預覽) SignalR Serverless Contributor (Preview) 使用 AAD 驗證選項,讓您的應用程式在無伺服器模式下存取服務。Lets your app access service in serverless mode with AAD auth options. fd53cd77-2268-407a-8f46-7e7863d0f521fd53cd77-2268-407a-8f46-7e7863d0f521
SignalR Service 擁有者 (預覽) SignalR Service Owner (Preview) Azure SignalR Service REST Api 的完整存取權Full access to Azure SignalR Service REST APIs 7e4f1700-ea5a-4f59-8f37-079cfe29dce37e4f1700-ea5a-4f59-8f37-079cfe29dce3
SignalR Service 讀者 (預覽) SignalR Service Reader (Preview) Azure SignalR Service REST Api 的唯讀存取Read-only access to Azure SignalR Service REST APIs ddde6b66-c0df-4114-a159-3618637b3035ddde6b66-c0df-4114-a159-3618637b3035
Web 方案參與者Web Plan Contributor 可讓您管理網站的 Web 方案,但無法存取它們。Lets you manage the web plans for websites, but not access to them. 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
網站參與者Website Contributor 可讓您管理網站 (非 Web 方案),但無法存取它們。Lets you manage websites (not web plans), but not access to them. de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772
容器Containers
AcrDeleteAcrDelete 從容器登錄中刪除存放庫、標記或資訊清單。Delete repositories, tags, or manifests from a container registry. c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11
AcrImageSignerAcrImageSigner 將受信任的映射推送至或從啟用內容信任的容器登錄中提取受信任的映射。Push trusted images to or pull trusted images from a container registry enabled for content trust. 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f
AcrPullAcrPull 從容器登錄中提取成品。Pull artifacts from a container registry. 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d
AcrPushAcrPush 將成品推送至容器登錄或從中提取成品。Push artifacts to or pull artifacts from a container registry. 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec
AcrQuarantineReaderAcrQuarantineReader 從容器登錄中提取隔離的映射。Pull quarantined images from a container registry. cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04
AcrQuarantineWriterAcrQuarantineWriter 將隔離的映射推送至容器登錄,或從容器登錄提取隔離的映射。Push quarantined images to or pull quarantined images from a container registry. c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608
Azure Kubernetes Service 叢集管理員角色Azure Kubernetes Service Cluster Admin Role 列出叢集管理員認證動作。List cluster admin credential action. 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
Azure Kubernetes Service 叢集使用者角色Azure Kubernetes Service Cluster User Role 列出叢集使用者認證動作。List cluster user credential action. 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f
Azure Kubernetes Service 參與者角色Azure Kubernetes Service Contributor Role 授與讀取和寫入 Azure Kubernetes Service 叢集的存取權Grants access to read and write Azure Kubernetes Service clusters ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Azure Kubernetes Service RBAC 管理員Azure Kubernetes Service RBAC Admin 可讓您管理叢集/命名空間下的所有資源,但更新或刪除資源配額和命名空間除外。Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. 3498e952-d568-435e-9b2c-8d77e338d7f73498e952-d568-435e-9b2c-8d77e338d7f7
Azure Kubernetes Service RBAC 叢集管理員Azure Kubernetes Service RBAC Cluster Admin 可讓您管理叢集中的所有資源。Lets you manage all resources in the cluster. b1ff04bb-8a4e-4dc4-8eb5-8693973ce19bb1ff04bb-8a4e-4dc4-8eb5-8693973ce19b
Azure Kubernetes Service RBAC 讀者Azure Kubernetes Service RBAC Reader 允許唯讀存取,以查看命名空間中的大部分物件。Allows read-only access to see most objects in a namespace. 它不允許查看角色或角色系結。It does not allow viewing roles or role bindings. 此角色不允許您查看秘密,因為讀取秘密的內容可讓您存取命名空間中的 ServiceAccount 認證,這會允許 API 存取做為命名空間中的任何 ServiceAccount () 的許可權擴大形式。This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). 在叢集範圍套用此角色可讓您存取所有命名空間。Applying this role at cluster scope will give access across all namespaces. 7f6c6a51-bcf8-42ba-9220-52d62157d7db7f6c6a51-bcf8-42ba-9220-52d62157d7db
Azure Kubernetes Service RBAC 寫入器Azure Kubernetes Service RBAC Writer 允許對命名空間中大部分物件的讀取/寫入存取。此角色不允許查看或修改角色或角色系結。Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. 不過,此角色可讓您存取秘密,並以命名空間中的任何 ServiceAccount 來執行 pod,讓它可以用來取得命名空間中任何 ServiceAccount 的 API 存取層級。However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. 在叢集範圍套用此角色可讓您存取所有命名空間。Applying this role at cluster scope will give access across all namespaces. a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eba7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb
資料庫Databases
Cosmos DB 帳戶讀者角色Cosmos DB Account Reader Role 可以讀取 Azure Cosmos DB 帳戶資料。Can read Azure Cosmos DB account data. 請參閱 DocumentDB 帳戶參與者以管理 Azure Cosmos DB 帳戶。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8
Cosmos DB 操作員Cosmos DB Operator 可讓您管理 Azure Cosmos DB 帳戶,但無法存取其中的資料。Lets you manage Azure Cosmos DB accounts, but not access data in them. 防止存取帳戶金鑰和連接字串。Prevents access to account keys and connection strings. 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa
CosmosBackupOperatorCosmosBackupOperator 可為帳戶的 Cosmos DB 資料庫或容器提交還原要求Can submit restore request for a Cosmos DB database or a container for an account db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb
CosmosRestoreOperatorCosmosRestoreOperator 可以針對具有連續備份模式 Cosmos DB 資料庫帳戶執行還原動作Can perform restore action for Cosmos DB database account with continuous backup mode 5432c526-bc82-444a-b7ba-57c5b0b5b34f5432c526-bc82-444a-b7ba-57c5b0b5b34f
DocumentDB 帳戶參與者DocumentDB Account Contributor 可以管理 Azure Cosmos DB 帳戶。Can manage Azure Cosmos DB accounts. Azure Cosmos DB 先前稱為 DocumentDB。Azure Cosmos DB is formerly known as DocumentDB. 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450
Redis 快取參與者Redis Cache Contributor 可讓您管理 Redis 快取,但無法存取它們。Lets you manage Redis caches, but not access to them. e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17
SQL DB 參與者SQL DB Contributor 可讓您管理 SQL 資料庫,但無法存取它們。Lets you manage SQL databases, but not access to them. 此外,您也無法管理其安全性相關原則或其父 SQL 伺服器。Also, you can't manage their security-related policies or their parent SQL servers. 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
SQL 受控執行個體參與者SQL Managed Instance Contributor 可讓您管理 SQL 受控執行個體和必要的網路設定,但無法將存取權授與其他人。Lets you manage SQL Managed Instances and required network configuration, but can't give access to others. 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
SQL 安全性管理員SQL Security Manager 可讓您管理 SQL 伺服器及資料庫的安全性相關原則,但無法存取它們。Lets you manage the security-related policies of SQL servers and databases, but not access to them. 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3
SQL Server 參與者SQL Server Contributor 可讓您管理 SQL 伺服器及資料庫,但無法存取這些伺服器及資料庫,也無法存取其安全性相關原則。Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
分析Analytics
Azure 事件中樞資料擁有者Azure Event Hubs Data Owner 允許完整存取 Azure 事件中樞資源。Allows for full access to Azure Event Hubs resources. f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec
Azure 事件中樞資料接收者Azure Event Hubs Data Receiver 允許接收 Azure 事件中樞資源。Allows receive access to Azure Event Hubs resources. a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde
Azure 事件中樞資料傳送者Azure Event Hubs Data Sender 允許傳送 Azure 事件中樞資源。Allows send access to Azure Event Hubs resources. 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975
Data Factory 參與者Data Factory Contributor 建立和管理 Data Factory,以及其中的子資源。Create and manage data factories, as well as child resources within them. 673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5
資料清除者Data Purger 從 Log Analytics 工作區刪除私用資料。Delete private data from a Log Analytics workspace. 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90
HDInsight 叢集操作員HDInsight Cluster Operator 可讓您讀取和修改 HDInsight 叢集設定。Lets you read and modify HDInsight cluster configurations. 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a
HDInsight 網域服務參與者HDInsight Domain Services Contributor 可讀取、建立、修改和刪除 HDInsight 企業安全性套件所需的網域服務相關作業Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c
Log Analytics 參與者Log Analytics Contributor 「Log Analytics 參與者」角色可以讀取所有監視資料和編輯監視設定。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 編輯監視設定包括將 VM 延伸模組新增至 VM、讀取儲存體帳戶金鑰以便能夠設定從「Azure 儲存體」收集記錄、建立及設定「自動化」帳戶、新增解決方案,以及設定所有 Azure 資源上的 Azure 診斷。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293
Log Analytics 讀者Log Analytics Reader 「Log Analytics 讀者」可以檢視和搜尋所有監視資料,以及檢視監視設定,包括檢視所有 Azure 資源上的 Azure 診斷設定。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893
範疇資料編者Purview Data Curator 範疇資料編者可以建立、讀取、修改和刪除目錄資料物件,以及建立物件之間的關聯性。The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. 此角色目前為預覽狀態,可能會變更。This role is in preview and subject to change. 8a3c2885-9b38-4fd2-9d99-91af537c13478a3c2885-9b38-4fd2-9d99-91af537c1347
範疇資料讀取器Purview Data Reader 範疇資料讀取器可以讀取目錄資料物件。The Microsoft.Purview data reader can read catalog data objects. 此角色目前為預覽狀態,可能會變更。This role is in preview and subject to change. ff100721-1b9d-43d8-af52-42b69c1272dbff100721-1b9d-43d8-af52-42b69c1272db
範疇資料來源管理員Purview Data Source Administrator 範疇資料來源管理員可以管理資料來源和資料掃描。The Microsoft.Purview data source administrator can manage data sources and data scans. 此角色目前為預覽狀態,可能會變更。This role is in preview and subject to change. 200bba9e-f0c8-430f-892b-6f0794863803200bba9e-f0c8-430f-892b-6f0794863803
結構描述登錄參與者 (預覽)Schema Registry Contributor (Preview) 讀取、寫入及刪除結構描述登錄群組和結構描述。Read, write, and delete Schema Registry groups and schemas. 5dffeca3-4936-4216-b2bc-10343a5abb255dffeca3-4936-4216-b2bc-10343a5abb25
結構描述登錄讀取器 (預覽)Schema Registry Reader (Preview) 讀取並列出結構描述登錄群組和結構描述。Read and list Schema Registry groups and schemas. 2c56ea50-c6b3-40a6-83c0-9d98858bc7d22c56ea50-c6b3-40a6-83c0-9d98858bc7d2
區塊鏈Blockchain
區塊鏈成員節點存取 (預覽)Blockchain Member Node Access (Preview) 允許存取區塊鏈成員節點Allows for access to Blockchain Member nodes 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24
AI + 機器學習AI + machine learning
認知服務參與者Cognitive Services Contributor 可讓您建立、讀取、更新、刪除及管理認知服務的金鑰。Lets you create, read, update, delete and manage keys of Cognitive Services. 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
認知服務自訂視覺參與者Cognitive Services Custom Vision Contributor 專案的完整存取權,包括查看、建立、編輯或刪除專案的能力。Full access to the project, including the ability to view, create, edit, or delete projects. c1ff6cc2-c111-46fe-8896-e0ef812ad9f3c1ff6cc2-c111-46fe-8896-e0ef812ad9f3
認知服務自訂視覺部署Cognitive Services Custom Vision Deployment 發行、取消發行或匯出模型。Publish, unpublish or export models. 部署可查看專案,但無法更新。Deployment can view the project but can't update. 5c4089e1-6d96-4d2f-b296-c1bc7137275f5c4089e1-6d96-4d2f-b296-c1bc7137275f
認知服務自訂視覺標籤人員Cognitive Services Custom Vision Labeler 查看、編輯定型影像,以及建立、新增、移除或刪除影像標記。View, edit training images and create, add, remove, or delete the image tags. 標籤者可查看專案,但無法更新定型影像和標記以外的任何專案。Labelers can view the project but can't update anything other than training images and tags. 88424f51-ebe7-446f-bc41-7fa16989e96c88424f51-ebe7-446f-bc41-7fa16989e96c
認知服務自訂視覺讀者Cognitive Services Custom Vision Reader 專案中的唯讀動作。Read-only actions in the project. 讀者無法建立或更新專案。Readers can't create or update the project. 93586559-c37d-4a6b-ba08-b9f0940c2d7393586559-c37d-4a6b-ba08-b9f0940c2d73
認知服務自訂視覺講師Cognitive Services Custom Vision Trainer 查看、編輯專案和定型模型,包括發行、取消發行、匯出模型的功能。View, edit projects and train the models, including the ability to publish, unpublish, export the models. 講師無法建立或刪除專案。Trainers can't create or delete the project. 0a5ae4ab-0d65-4eeb-be61-29fc9b54394b0a5ae4ab-0d65-4eeb-be61-29fc9b54394b
認知服務資料讀者 (預覽)Cognitive Services Data Reader (Preview) 可讓您讀取認知服務資料。Lets you read Cognitive Services data. b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c
認知服務臉部辨識器Cognitive Services Face Recognizer 可讓您在臉部 API 上執行偵測、驗證、識別、群組和尋找類似的作業。Lets you perform detect, verify, identify, group, and find similar operations on Face API. 此角色不允許建立或刪除作業,這項作業非常適合只需要推斷功能的端點,遵循「最低許可權」的最佳作法。This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices. 9894cab4-e18a-44aa-828b-cb588cd6f2d79894cab4-e18a-44aa-828b-cb588cd6f2d7
認知服務計量顧問系統管理員Cognitive Services Metrics Advisor Administrator 專案的完整存取權,包括系統層級設定。Full access to the project, including the system level configuration. cb43c632-a144-4ec5-977c-e80c4affc34acb43c632-a144-4ec5-977c-e80c4affc34a
認知服務 QnA Maker 編輯器Cognitive Services QnA Maker Editor 讓您建立、編輯、匯入和匯出 KB。Let's you create, edit, import and export a KB. 您無法發行或刪除知識庫。You cannot publish or delete a KB. f4cc2bf9-21be-47a1-bdf1-5c5804381025f4cc2bf9-21be-47a1-bdf1-5c5804381025
認知服務 QnA Maker 讀者Cognitive Services QnA Maker Reader 讓您讀取並測試 KB。Let's you read and test a KB only. 466ccd10-b268-4a11-b098-b4849f024126466ccd10-b268-4a11-b098-b4849f024126
認知服務使用者Cognitive Services User 可讓您讀取和列出認知服務的金鑰。Lets you read and list keys of Cognitive Services. a97b65f3-24c7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908
物聯網Internet of things
IoT 中樞資料參與者IoT Hub Data Contributor 允許完整存取 IoT 中樞資料平面作業。Allows for full access to IoT Hub data plane operations. 4fc6c259-987e-4a07-842e-c321cc9d413f4fc6c259-987e-4a07-842e-c321cc9d413f
IoT 中樞資料讀取器IoT Hub Data Reader 允許對 IoT 中樞資料平面屬性進行完整讀取存取Allows for full read access to IoT Hub data-plane properties b447c946-2db7-41ec-983d-d8bf3b1c77e3b447c946-2db7-41ec-983d-d8bf3b1c77e3
IoT 中樞登錄參與者IoT Hub Registry Contributor 允許完整存取 IoT 中樞裝置登錄。Allows for full access to IoT Hub device registry. 4ea46cd5-c1b2-4a8e-910b-273211f9ce474ea46cd5-c1b2-4a8e-910b-273211f9ce47
IoT 中樞對應項參與者IoT Hub Twin Contributor 允許對所有 IoT 中樞裝置和模組 twins 的讀取和寫入權限。Allows for read and write access to all IoT Hub device and module twins. 494bdba2-168f-4f31-a0a1-191d2f7c028c494bdba2-168f-4f31-a0a1-191d2f7c028c
裝置更新系統管理員Device Update Administrator 提供您完整的管理和內容作業存取權Gives you full access to management and content operations 02ca0879-e8e4-47a5-a61e-5c618b76e64a02ca0879-e8e4-47a5-a61e-5c618b76e64a
裝置更新內容系統管理員Device Update Content Administrator 提供內容作業的完整存取權Gives you full access to content operations 0378884a-3af5-44ab-8323-f5b22f9f3c980378884a-3af5-44ab-8323-f5b22f9f3c98
裝置更新內容讀取程式Device Update Content Reader 提供內容作業的讀取存取權,但不允許進行變更Gives you read access to content operations, but does not allow making changes d1ee9a80-8b14-47f0-bdc2-f4a351625a7bd1ee9a80-8b14-47f0-bdc2-f4a351625a7b
裝置更新部署系統管理員Device Update Deployments Administrator 提供您完整的管理作業存取權Gives you full access to management operations e4237640-0e3d-4a46-8fda-70bc94856432e4237640-0e3d-4a46-8fda-70bc94856432
裝置更新部署讀者Device Update Deployments Reader 提供管理作業的讀取權限,但不允許進行變更Gives you read access to management operations, but does not allow making changes 49e2f5d2-7741-4835-8efa-19e1fe35e47f49e2f5d2-7741-4835-8efa-19e1fe35e47f
裝置更新讀取器Device Update Reader 可讓您讀取管理和內容作業的存取權,但不允許進行變更Gives you read access to management and content operations, but does not allow making changes e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0fe9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f
混合實境Mixed reality
遠端呈現系統管理員Remote Rendering Administrator 為使用者提供轉換、管理會話、轉譯和診斷功能,以供 Azure 遠端轉譯Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering 3df8b902-2a6f-47c7-8cc5-360e9b272a7e3df8b902-2a6f-47c7-8cc5-360e9b272a7e
遠端呈現用戶端Remote Rendering Client 為使用者提供 Azure 遠端轉譯管理會話、轉譯及診斷功能。Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. d39065c4-c120-43c9-ab0a-63eed9795f0ad39065c4-c120-43c9-ab0a-63eed9795f0a
空間錨點帳戶參與者Spatial Anchors Account Contributor 可讓您管理帳戶中的空間錨點,但無法刪除Lets you manage spatial anchors in your account, but not delete them 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
空間錨點帳戶擁有者Spatial Anchors Account Owner 可讓您管理帳戶中的空間錨點,包含刪除Lets you manage spatial anchors in your account, including deleting them 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c
空間錨點帳戶讀者Spatial Anchors Account Reader 可讓您尋找和讀取帳戶中空間錨點的屬性Lets you locate and read properties of spatial anchors in your account 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413
整合Integration
API 管理服務參與者API Management Service Contributor 可管理服務與 APICan manage service and the APIs 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c
API 管理服務操作員角色API Management Service Operator Role 可管理服務,但無法管理 APICan manage service but not the APIs e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61
API 管理服務讀取者角色API Management Service Reader Role 具有服務與 API 的唯讀存取權Read-only access to service and APIs 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d
應用程式組態資料擁有者App Configuration Data Owner 允許完整存取應用程式組態資料。Allows full access to App Configuration data. 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b
應用程式組態資料讀者App Configuration Data Reader 允許讀取應用程式組態資料。Allows read access to App Configuration data. 516239f1-63e1-4d78-a4de-a74fb236a071516239f1-63e1-4d78-a4de-a74fb236a071
Azure 服務匯流排資料擁有者Azure Service Bus Data Owner 允許完整存取 Azure 服務匯流排資源。Allows for full access to Azure Service Bus resources. 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419
Azure 服務匯流排資料接收者Azure Service Bus Data Receiver 允許接收 Azure 服務匯流排資源。Allows for receive access to Azure Service Bus resources. 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0
Azure 服務匯流排資料傳送者Azure Service Bus Data Sender 允許傳送 Azure 服務匯流排資源。Allows for send access to Azure Service Bus resources. 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39
Azure Stack 註冊擁有者Azure Stack Registration Owner 可讓您管理 Azure Stack 註冊。Lets you manage Azure Stack registrations. 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a
EventGrid 參與者EventGrid Contributor 可讓您管理 EventGrid 作業。Lets you manage EventGrid operations. 1e241071-0855-49ea-94dc-649edcd759de1e241071-0855-49ea-94dc-649edcd759de
EventGrid EventSubscription 參與者EventGrid EventSubscription Contributor 可讓您管理 EventGrid 事件訂用帳戶作業。Lets you manage EventGrid event subscription operations. 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443
EventGrid EventSubscription 讀者EventGrid EventSubscription Reader 可讓您讀取 EventGrid 事件訂用帳戶。Lets you read EventGrid event subscriptions. 2414bbcf-6497-4faf-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405
FHIR 資料參與者FHIR Data Contributor 角色可讓使用者或主體完整存取 FHIR 資料Role allows user or principal full access to FHIR Data 5a1fc7df-4bf1-4951-a576-89034ee01acd5a1fc7df-4bf1-4951-a576-89034ee01acd
FHIR 資料匯出工具FHIR Data Exporter 角色可讓使用者或主體讀取和匯出 FHIR 資料Role allows user or principal to read and export FHIR Data 3db33094-8700-4567-8da5-1501d4e7e8433db33094-8700-4567-8da5-1501d4e7e843
FHIR 資料讀取器FHIR Data Reader 角色可讓使用者或主體讀取 FHIR 資料Role allows user or principal to read FHIR Data 4c8d0bbc-75d3-4935-991f-5f3c56d815084c8d0bbc-75d3-4935-991f-5f3c56d81508
FHIR 資料寫入器外掛程式FHIR Data Writer 角色可讓使用者或主體讀取和寫入 FHIR 資料Role allows user or principal to read and write FHIR Data 3f88fce4-5892-4214-ae73-ba52945599133f88fce4-5892-4214-ae73-ba5294559913
整合服務環境參與者Integration Service Environment Contributor 可讓您管理整合服務環境,但無法存取它們。Lets you manage integration service environments, but not access to them. a41e2c5b-bd99-4a07-88f4-9bf657a760b8a41e2c5b-bd99-4a07-88f4-9bf657a760b8
整合服務環境開發人員Integration Service Environment Developer 可讓開發人員在整合服務環境中建立和更新工作流程、整合帳戶和 API 連接。Allows developers to create and update workflows, integration accounts and API connections in integration service environments. c7aa55d3-1abb-444a-a5ca-5e51e485d6ecc7aa55d3-1abb-444a-a5ca-5e51e485d6ec
Intelligent Systems 帳戶參與者Intelligent Systems Account Contributor 可讓您管理「智慧型系統」帳戶,但無法存取它們。Lets you manage Intelligent Systems accounts, but not access to them. 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e
邏輯應用程式參與者Logic App Contributor 可讓您管理邏輯應用程式,但無法變更對邏輯應用程式的存取。Lets you manage logic apps, but not change access to them. 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e
邏輯應用程式操作員Logic App Operator 可讓您讀取、啟用及停用邏輯應用程式,但無法編輯或更新邏輯應用程式。Lets you read, enable, and disable logic apps, but not edit or update them. 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
身分識別Identity
受控身分識別參與者Managed Identity Contributor 建立、讀取、更新及刪除使用者指派的身分識別Create, Read, Update, and Delete User Assigned Identity e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
受控身分識別操作員Managed Identity Operator 讀取及指派使用者指派的身分識別Read and Assign User Assigned Identity f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830
安全性Security
證明參與者Attestation Contributor 可以讀取寫入或刪除證明提供者實例Can read write or delete the attestation provider instance bbf86eb8-f7b4-4cce-96e4-18cddf81d86ebbf86eb8-f7b4-4cce-96e4-18cddf81d86e
證明讀者Attestation Reader 可以讀取證明提供者屬性Can read the attestation provider properties fd1bd22b-8476-40bc-a0bc-69b95687b9f3fd1bd22b-8476-40bc-a0bc-69b95687b9f3
Azure Sentinel 自動化參與者Azure Sentinel Automation Contributor Azure Sentinel 自動化參與者Azure Sentinel Automation Contributor f4c81013-99ee-4d62-a7ee-b3f1f648599af4c81013-99ee-4d62-a7ee-b3f1f648599a
Azure Sentinel 參與者Azure Sentinel Contributor Azure Sentinel 參與者Azure Sentinel Contributor ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade
Azure Sentinel 讀者Azure Sentinel Reader Azure Sentinel 讀者Azure Sentinel Reader 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb
Azure Sentinel 回應者Azure Sentinel Responder Azure Sentinel 回應者Azure Sentinel Responder 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056
Key Vault 系統管理員Key Vault Administrator 在金鑰保存庫和其中的所有物件上執行所有資料平面作業,包括憑證、金鑰和秘密。Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. 無法管理金鑰保存庫資源或管理角色指派。Cannot manage key vault resources or manage role assignments. 僅適用于使用「Azure 角色型存取控制」許可權模型的金鑰保存庫。Only works for key vaults that use the 'Azure role-based access control' permission model. 00482a5a-887f-4fb3-b363-3b7fe8e7448300482a5a-887f-4fb3-b363-3b7fe8e74483
Key Vault 憑證官員Key Vault Certificates Officer 對金鑰保存庫的憑證執行任何動作,但管理許可權除外。Perform any action on the certificates of a key vault, except manage permissions. 僅適用于使用「Azure 角色型存取控制」許可權模型的金鑰保存庫。Only works for key vaults that use the 'Azure role-based access control' permission model. a4417e6f-fecd-4de8-b567-7b0420556985a4417e6f-fecd-4de8-b567-7b0420556985
Key Vault 參與者Key Vault Contributor 管理金鑰保存庫,但不允許您在 Azure RBAC 中指派角色,也不允許您存取秘密、金鑰或憑證。Manage key vaults, but does not allow you to assign roles in Azure RBAC, and does not allow you to access secrets, keys, or certificates. f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395
Key Vault 加密長Key Vault Crypto Officer 在金鑰保存庫的金鑰上執行任何動作,但管理許可權除外。Perform any action on the keys of a key vault, except manage permissions. 僅適用于使用「Azure 角色型存取控制」許可權模型的金鑰保存庫。Only works for key vaults that use the 'Azure role-based access control' permission model. 14b46e9e-c2b7-41b4-b07b-48a6ebf6060314b46e9e-c2b7-41b4-b07b-48a6ebf60603
Key Vault 加密服務加密使用者Key Vault Crypto Service Encryption User 讀取金鑰的中繼資料,並執行包裝/解除包裝作業。Read metadata of keys and perform wrap/unwrap operations. 僅適用于使用「Azure 角色型存取控制」許可權模型的金鑰保存庫。Only works for key vaults that use the 'Azure role-based access control' permission model. e147488a-f6f5-4113-8e2d-b22465e65bf6e147488a-f6f5-4113-8e2d-b22465e65bf6
Key Vault 加密使用者Key Vault Crypto User 使用金鑰執行密碼編譯作業。Perform cryptographic operations using keys. 僅適用于使用「Azure 角色型存取控制」許可權模型的金鑰保存庫。Only works for key vaults that use the 'Azure role-based access control' permission model. 12338af0-0e69-4776-bea7-57ae8d29742412338af0-0e69-4776-bea7-57ae8d297424
Key Vault 讀者Key Vault Reader 讀取金鑰保存庫的中繼資料及其憑證、金鑰和秘密。Read metadata of key vaults and its certificates, keys, and secrets. 無法讀取敏感性值,例如秘密內容或金鑰內容。Cannot read sensitive values such as secret contents or key material. 僅適用于使用「Azure 角色型存取控制」許可權模型的金鑰保存庫。Only works for key vaults that use the 'Azure role-based access control' permission model. 21090545-7ca7-4776-b22c-e363652d74d221090545-7ca7-4776-b22c-e363652d74d2
Key Vault 秘密長Key Vault Secrets Officer 對金鑰保存庫的秘密執行任何動作,但管理許可權除外。Perform any action on the secrets of a key vault, except manage permissions. 僅適用于使用「Azure 角色型存取控制」許可權模型的金鑰保存庫。Only works for key vaults that use the 'Azure role-based access control' permission model. b86a8fe4-44ce-4948-aee5-eccb2c155cd7b86a8fe4-44ce-4948-aee5-eccb2c155cd7
Key Vault 秘密使用者Key Vault Secrets User 讀取秘密內容。Read secret contents. 僅適用于使用「Azure 角色型存取控制」許可權模型的金鑰保存庫。Only works for key vaults that use the 'Azure role-based access control' permission model. 4633458b-17de-408a-b874-0445c86b69e64633458b-17de-408a-b874-0445c86b69e6
受控 HSM 參與者Managed HSM contributor 可讓您管理受管理的 HSM 集區,但無法存取它們。Lets you manage managed HSM pools, but not access to them. 18500a29-7fe2-46b2-a342-b16a415e101d18500a29-7fe2-46b2-a342-b16a415e101d
安全性系統管理員Security Admin 資訊安全中心的檢視和更新權限。View and update permissions for Security Center. 與「安全性讀者」角色的權限相同,還可以更新安全性原則及關閉警示和建議。Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations. fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd
安全性評量參與者Security Assessment Contributor 可讓您將評量推送至資訊安全中心Lets you push assessments to Security Center 612c2aa1-cb24-443b-ac28-3ab7272de6f5612c2aa1-cb24-443b-ac28-3ab7272de6f5
安全性管理員 (舊版)Security Manager (Legacy) 此為舊版角色。This is a legacy role. 請改用「安全性系統管理員」。Please use Security Admin instead. e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10
安全性讀取者Security Reader 資訊安全中心的檢視權限。View permissions for Security Center. 可以檢視建議、警示、安全性原則和安全性狀態,但無法變更。Can view recommendations, alerts, a security policy, and security states, but cannot make changes. 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4
DevOpsDevOps
DevTest Labs 使用者DevTest Labs User 可讓您連線、啟動、重新啟及關閉您 Azure DevTest Labs 中的虛擬機器。Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64
實驗室建立者Lab Creator 可讓您在 Azure 實驗室帳戶下建立新的實驗室。Lets you create new labs under your Azure Lab Accounts. b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead
監視Monitor
Application Insights 元件參與者Application Insights Component Contributor 可以管理 Application Insights 元件Can manage Application Insights components ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e
Application Insights 快照集偵錯工具Application Insights Snapshot Debugger 給予使用者權限,以便檢視及下載使用 Application Insights 快照偵錯工具所收集的偵錯快照。Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. 請注意,擁有者參與者角色未包含這些權限。Note that these permissions are not included in the Owner or Contributor roles. 將 Application Insights 快照偵錯者角色指派給使用者時,您必須直接將此角色授與使用者。When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. 此角色若新增至自訂角色,則無法辨識。The role is not recognized when it is added to a custom role. 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b
監視參與者Monitoring Contributor 可以讀取所有監視資料並編輯監視設定。Can read all monitoring data and edit monitoring settings. 請參閱開始使用 Azure 監視器的角色、權限和安全性See also Get started with roles, permissions, and security with Azure Monitor. 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa
監視計量發行者Monitoring Metrics Publisher 針對 Azure 資源啟用發佈計量Enables publishing metrics against Azure resources 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb
監視讀取器Monitoring Reader 可以讀取所有監視資料 (計量、記錄等等)。Can read all monitoring data (metrics, logs, etc.). 請參閱開始使用 Azure 監視器的角色、權限和安全性See also Get started with roles, permissions, and security with Azure Monitor. 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05
活頁簿參與者Workbook Contributor 可以儲存共用活頁簿。Can save shared workbooks. e8ddcd69-c73f-4f9f-9844-4100522f16ade8ddcd69-c73f-4f9f-9844-4100522f16ad
活頁簿讀者Workbook Reader 可以讀取活頁簿。Can read workbooks. b279062a-9be3-42a0-92ae-8b3cf002ec4db279062a-9be3-42a0-92ae-8b3cf002ec4d
管理和治理Management + governance
自動化作業運算子Automation Job Operator 使用「自動化 Runbook」來建立及管理作業。Create and Manage Jobs using Automation Runbooks. 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f
自動化運算子Automation Operator 「自動化運算子」能夠啟動、停止、暫止及繼續作業Automation Operators are able to start, stop, suspend, and resume jobs d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404
自動化 Runbook 運算子Automation Runbook Operator 讀取 Runbook 屬性 - 以便能夠建立 Runbook 的作業。Read Runbook properties - to be able to create Jobs of the runbook. 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5
Azure Arc 啟用的 Kubernetes 叢集使用者角色Azure Arc Enabled Kubernetes Cluster User Role 列出叢集使用者認證動作。List cluster user credentials action. 00493d72-78f6-4148-b6c5-d3ce8e4799dd00493d72-78f6-4148-b6c5-d3ce8e4799dd
Azure Arc Kubernetes 管理員Azure Arc Kubernetes Admin 可讓您管理叢集/命名空間下的所有資源,但更新或刪除資源配額和命名空間除外。Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. dffb1e0c-446f-4dde-a09f-99eb5cc68b96dffb1e0c-446f-4dde-a09f-99eb5cc68b96
Azure Arc Kubernetes Cluster AdminAzure Arc Kubernetes Cluster Admin 可讓您管理叢集中的所有資源。Lets you manage all resources in the cluster. 8393591c-06b9-48a2-a542-1bd6b377f6a28393591c-06b9-48a2-a542-1bd6b377f6a2
Azure Arc Kubernetes 檢視器Azure Arc Kubernetes Viewer 可讓您查看叢集/命名空間中的所有資源,但秘密除外。Lets you view all resources in cluster/namespace, except secrets. 63f0a09d-1495-4db4-a681-037d84835eb463f0a09d-1495-4db4-a681-037d84835eb4
Azure Arc Kubernetes 寫入器Azure Arc Kubernetes Writer 可讓您更新叢集/命名空間中的所有專案,但 (叢集) 角色和 (叢集) 角色系結除外。Lets you update everything in cluster/namespace, except (cluster)roles and (cluster)role bindings. 5b999177-9696-4545-85c7-50de3797e5a15b999177-9696-4545-85c7-50de3797e5a1
Azure Connected Machine 上線Azure Connected Machine Onboarding 可以讓 Azure Connected Machine 上線。Can onboard Azure Connected Machines. b64e21ea-ac4e-4cdf-9dc9-5b892992bee7b64e21ea-ac4e-4cdf-9dc9-5b892992bee7
Azure Connected Machine 資源管理員Azure Connected Machine Resource Administrator 可以讀取、寫入、刪除 Azure Connected Machine 及使之重新上線。Can read, write, delete and re-onboard Azure Connected Machines. cd570a14-e51a-42ad-bac8-bafd67325302cd570a14-e51a-42ad-bac8-bafd67325302
帳單讀取器Billing Reader 允許對計費資料進行讀取存取Allows read access to billing data fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
藍圖參與者Blueprint Contributor 可以管理藍圖定義,但不能加以指派。Can manage blueprint definitions, but not assign them. 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4
藍圖操作員Blueprint Operator 可以指派現有已發佈的藍圖,但無法建立新的藍圖。Can assign existing published blueprints, but cannot create new blueprints. 請注意,只有在以使用者指派的受控識別來指派時才有效。Note that this only works if the assignment is done with a user-assigned managed identity. 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090
成本管理參與者Cost Management Contributor 可檢視成本和管理成本組態 (例如預算、匯出)Can view costs and manage cost configuration (e.g. budgets, exports) 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430
成本管理讀者Cost Management Reader 可檢視成本資料和組態 (例如預算、匯出)Can view cost data and configuration (e.g. budgets, exports) 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3
階層設定管理員Hierarchy Settings Administrator 允許使用者編輯和刪除階層設定Allows users to edit and delete Hierarchy Settings 350f8d15-c687-4448-8ae1-157740a3936d350f8d15-c687-4448-8ae1-157740a3936d
Kubernetes Cluster-Azure Arc 上架Kubernetes Cluster - Azure Arc Onboarding 用以授權任何使用者/服務建立 connectedClusters 資源的角色定義Role definition to authorize any user/service to create connectedClusters resource 34e09817-6cbe-4d01-b1a2-e0eac5743d4134e09817-6cbe-4d01-b1a2-e0eac5743d41
受控應用程式參與者角色Managed Application Contributor Role 允許建立受控應用程式資源。Allows for creating managed application resources. 641177b8-a67a-45b9-a033-47bc880bb21e641177b8-a67a-45b9-a033-47bc880bb21e
受控應用程式操作員角色Managed Application Operator Role 可讓您讀取受控應用程式資源及對其執行動作Lets you read and perform actions on Managed Application resources c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae
受控應用程式讀者Managed Applications Reader 可讓您讀取受控應用程式中的資源及要求 JIT 存取權。Lets you read resources in a managed app and request JIT access. b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44
受控服務註冊指派刪除角色Managed Services Registration assignment Delete Role 「受控服務註冊指派刪除角色」可讓管理租用戶使用者刪除指派給其租用戶的註冊指派。Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46
管理群組參與者Management Group Contributor 管理群組參與者角色Management Group Contributor Role 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
管理群組讀者Management Group Reader 管理群組讀者角色Management Group Reader Role ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d
New Relic APM 帳戶參與者New Relic APM Account Contributor 可讓您管理 New Relic Application Performance Management 帳戶及應用程式,但無法存取它們。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237
原則深入解析資料寫入者 (預覽)Policy Insights Data Writer (Preview) 允許讀取資源原則及寫入資源元件原則事件。Allows read access to resource policies and write access to resource component policy events. 66bb4e9e-b016-4a94-8249-4c0511c2be8466bb4e9e-b016-4a94-8249-4c0511c2be84
配額要求操作員Quota Request Operator 讀取及建立配額要求、取得配額要求狀態,以及建立支援票證。Read and create quota requests, get quota request status, and create support tickets. 0e5f05e5-9ab9-446b-b98d-1e2157c941250e5f05e5-9ab9-446b-b98d-1e2157c94125
保留購買者Reservation Purchaser 可讓您購買保留專案Lets you purchase reservations f7b75c60-3036-4b75-91c3-6b41c27c1689f7b75c60-3036-4b75-91c3-6b41c27c1689
資源原則參與者Resource Policy Contributor 有權建立/修改資源原則、建立支援票證及讀取資源/階層的使用者。Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608
Site Recovery 參與者Site Recovery Contributor 可讓您管理 Site Recovery 服務,但無法建立保存庫和指派角色Lets you manage Site Recovery service except vault creation and role assignment 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567
Site Recovery 操作員Site Recovery Operator 可讓您容錯移轉及容錯回復,但無法執行其他 Site Recovery 管理作業Lets you failover and failback but not perform other Site Recovery management operations 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca
Site Recovery 讀取者Site Recovery Reader 可讓您檢視 Site Recovery 狀態,但無法執行其他管理作業Lets you view Site Recovery status but not perform other management operations dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149
支援要求參與者Support Request Contributor 可讓您建立及管理支援要求Lets you create and manage Support requests cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
標記參與者Tag Contributor 可讓您管理實體上的標記,無需提供對實體本身的存取。Lets you manage tags on entities, without providing access to the entities themselves. 4a9ae827-6dc8-4573-8ac7-8239d42aa03f4a9ae827-6dc8-4573-8ac7-8239d42aa03f
其他Other
Azure 數位 Twins 資料擁有者Azure Digital Twins Data Owner 數位 Twins 資料平面的完整存取角色Full access role for Digital Twins data-plane bcd981a7-7f74-457b-83e1-cceb9e632ffebcd981a7-7f74-457b-83e1-cceb9e632ffe
Azure 數位 Twins 資料讀者Azure Digital Twins Data Reader 數位 Twins 資料平面屬性的唯讀角色Read-only role for Digital Twins data-plane properties d57506d4-4c8d-48b1-8587-93c323f6a5a3d57506d4-4c8d-48b1-8587-93c323f6a5a3
BizTalk 參與者BizTalk Contributor 可讓您管理 BizTalk 服務,但無法存取它們。Lets you manage BizTalk services, but not access to them. 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342
桌面虛擬化應用程式群組參與者Desktop Virtualization Application Group Contributor 桌面虛擬化應用程式群組的參與者。Contributor of the Desktop Virtualization Application Group. 86240b0e-9422-4c43-887b-b61143f32ba886240b0e-9422-4c43-887b-b61143f32ba8
桌面虛擬化應用程式群組讀者Desktop Virtualization Application Group Reader 桌面虛擬化應用程式群組的讀者。Reader of the Desktop Virtualization Application Group. aebf23d0-b568-4e86-b8f9-fe83a2c6ab55aebf23d0-b568-4e86-b8f9-fe83a2c6ab55
桌面虛擬化參與者Desktop Virtualization Contributor 桌面虛擬化的參與者。Contributor of Desktop Virtualization. 082f0a83-3be5-4ba1-904c-961cca79b387082f0a83-3be5-4ba1-904c-961cca79b387
桌面虛擬化主機集區參與者Desktop Virtualization Host Pool Contributor 桌面虛擬化主機集區的參與者。Contributor of the Desktop Virtualization Host Pool. e307426c-f9b6-4e81-87de-d99efb3c32bce307426c-f9b6-4e81-87de-d99efb3c32bc
桌面虛擬化主機集區讀取器Desktop Virtualization Host Pool Reader 桌面虛擬化主機集區的讀取器。Reader of the Desktop Virtualization Host Pool. ceadfde2-b300-400a-ab7b-6143895aa822ceadfde2-b300-400a-ab7b-6143895aa822
桌上型電腦虛擬化讀者Desktop Virtualization Reader 桌面虛擬化的讀者。Reader of Desktop Virtualization. 49a72310-ab8d-41df-bbb0-79b64920386849a72310-ab8d-41df-bbb0-79b649203868
桌面虛擬化工作階段主機操作員Desktop Virtualization Session Host Operator 桌面虛擬化工作階段主機的操作員。Operator of the Desktop Virtualization Session Host. 2ad6aaab-ead9-4eaa-8ac5-da422f5624082ad6aaab-ead9-4eaa-8ac5-da422f562408
桌面虛擬化使用者Desktop Virtualization User 允許使用者使用應用程式群組中的應用程式。Allows user to use the applications in an application group. 1d18fff3-a72a-46b5-b4a9-0b38a3cd7e631d18fff3-a72a-46b5-b4a9-0b38a3cd7e63
桌面虛擬化使用者會話操作員Desktop Virtualization User Session Operator 桌面虛擬化 Uesr 會話的操作員。Operator of the Desktop Virtualization Uesr Session. ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6
桌面虛擬化工作區參與者Desktop Virtualization Workspace Contributor 桌面虛擬化工作區的參與者。Contributor of the Desktop Virtualization Workspace. 21efdde3-836f-432b-bf3d-3e8e734d4b2b21efdde3-836f-432b-bf3d-3e8e734d4b2b
桌面虛擬化工作區讀者Desktop Virtualization Workspace Reader 桌面虛擬化工作區的讀者。Reader of the Desktop Virtualization Workspace. 0fa44ee9-7a7d-466b-9bb2-2bf446b1204d0fa44ee9-7a7d-466b-9bb2-2bf446b1204d
磁片備份讀取器Disk Backup Reader 提供備份保存庫執行磁片備份的許可權。Provides permission to backup vault to perform disk backup. 3e5e47e6-65f7-47ef-90b5-e5dd4d455f243e5e47e6-65f7-47ef-90b5-e5dd4d455f24
磁片還原操作員Disk Restore Operator 提供備份保存庫執行磁片還原的許可權。Provides permission to backup vault to perform disk restore. b50d9833-a0cb-478e-945f-707fcc997c13b50d9833-a0cb-478e-945f-707fcc997c13
磁片快照集參與者Disk Snapshot Contributor 提供備份保存庫管理磁片快照集的許可權。Provides permission to backup vault to manage disk snapshots. 7efff54f-a5b4-42b5-a1c5-5411624893ce7efff54f-a5b4-42b5-a1c5-5411624893ce
排程器工作集合參與者Scheduler Job Collections Contributor 可讓您管理「排程器」工作集合,但無法存取它們。Lets you manage Scheduler job collections, but not access to them. 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94
服務中樞操作員Services Hub Operator 服務中樞操作員可讓您執行與服務中樞連接器相關的所有讀取、寫入和刪除作業。Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors. 82200a5b-e217-47a5-b665-6d8765ee745b82200a5b-e217-47a5-b665-6d8765ee745b

一般General

參與者Contributor

授與管理所有資源的完整存取權,但不允許您在 Azure RBAC 中指派角色、管理 Azure 藍圖中的指派,或共用映射資源庫。Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. 深入了解Learn more

動作Actions 描述Description
* 建立和管理所有類型的資源Create and manage resources of all types
NotActionsNotActions
Microsoft. 授權/*/deleteMicrosoft.Authorization/*/Delete 刪除角色、原則指派、原則定義和原則集定義Delete roles, policy assignments, policy definitions and policy set definitions
Microsoft 授權/*/WriteMicrosoft.Authorization/*/Write 建立角色、角色指派、原則指派、原則定義和原則集定義Create roles, role assignments, policy assignments, policy definitions and policy set definitions
Microsoft 授權/elevateAccess/ActionMicrosoft.Authorization/elevateAccess/Action 授與呼叫者租用戶範圍的使用者存取管理員存取Grants the caller User Access Administrator access at the tenant scope
Microsoft 藍圖/blueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write 建立或更新任何藍圖指派Create or update any blueprint assignments
Microsoft 藍圖/blueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete 刪除任何藍圖指派Delete any blueprint assignments
Microsoft. 計算/galleries/share/actionMicrosoft.Compute/galleries/share/action 共用資源庫至不同的範圍Shares a Gallery to different scopes
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
  "name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [
        "Microsoft.Authorization/*/Delete",
        "Microsoft.Authorization/*/Write",
        "Microsoft.Authorization/elevateAccess/Action",
        "Microsoft.Blueprint/blueprintAssignments/write",
        "Microsoft.Blueprint/blueprintAssignments/delete",
        "Microsoft.Compute/galleries/share/action"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

擁有者Owner

授與管理所有資源的完整存取權,包括在 Azure RBAC 中指派角色的能力。Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. 深入了解Learn more

動作Actions 描述Description
* 建立和管理所有類型的資源Create and manage resources of all types
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

讀取者Reader

查看所有資源,但不允許您進行任何變更。View all resources, but does not allow you to make any changes. 深入了解Learn more

動作Actions 描述Description
*/read*/read 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "View all resources, but does not allow you to make any changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "permissions": [
    {
      "actions": [
        "*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

使用者存取系統管理員User Access Administrator

可讓您管理 Azure 資源的使用者存取。Lets you manage user access to Azure resources. 深入了解Learn more

動作Actions 描述Description
*/read*/read 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets.
Microsoft 授權/*Microsoft.Authorization/* 管理授權Manage authorization
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage user access to Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Authorization/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "User Access Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

計算Compute

傳統虛擬機器參與者Classic Virtual Machine Contributor

可讓您管理傳統虛擬機器 (不含虛擬機器所連接的虛擬網路或儲存體帳戶),但無法存取它們。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft. Microsoft.classiccompute/domainNames/*Microsoft.ClassicCompute/domainNames/* 建立和管理傳統運算網域名稱Create and manage classic compute domain names
Microsoft. Microsoft.classiccompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* 建立和管理虛擬機器Create and manage virtual machines
Microsoft. Microsoft.classicnetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action
Microsoft. Microsoft.classicnetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action 連結保留的 IPLink a reserved Ip
Microsoft. Microsoft.classicnetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read 取得保留的 IPGets the reserved Ips
Microsoft. Microsoft.classicnetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action 加入虛擬網路。Joins the virtual network.
Microsoft. Microsoft.classicnetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read 取得虛擬網路。Get the virtual network.
Microsoft. Microsoft.classicstorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read 傳回儲存體帳戶磁碟。Returns the storage account disk.
Microsoft. Microsoft.classicstorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read 傳回儲存體帳戶映像。Returns the storage account image. (已淘汰。(Deprecated. 使用 'Microsoft.ClassicStorage/storageAccounts/vmImages')Use 'Microsoft.ClassicStorage/storageAccounts/vmImages')
Microsoft. Microsoft.classicstorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action 列出儲存體帳戶的存取金鑰。Lists the access keys for the storage accounts.
Microsoft. Microsoft.classicstorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read 傳回具有給定帳戶的儲存體帳戶。Return the storage account with the given account.
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicCompute/domainNames/*",
        "Microsoft.ClassicCompute/virtualMachines/*",
        "Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
        "Microsoft.ClassicNetwork/reservedIps/link/action",
        "Microsoft.ClassicNetwork/reservedIps/read",
        "Microsoft.ClassicNetwork/virtualNetworks/join/action",
        "Microsoft.ClassicNetwork/virtualNetworks/read",
        "Microsoft.ClassicStorage/storageAccounts/disks/read",
        "Microsoft.ClassicStorage/storageAccounts/images/read",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.ClassicStorage/storageAccounts/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

虛擬機器系統管理員登入Virtual Machine Administrator Login

在入口網站中查看虛擬機器,並以系統管理員身分登入 深入瞭解View Virtual Machines in the portal and login as administrator Learn more

動作Actions 描述Description
Microsoft. Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 取得公用 IP 位址定義。Gets a public ip address definition.
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft. Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 取得負載平衡器定義Gets a load balancer definition
Microsoft. Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 取得網路介面定義。Gets a network interface definition.
Microsoft. Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 計算/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action 以一般使用者身分登入虛擬機器Log in to a virtual machine as a regular user
Microsoft. 計算/virtualMachines/loginAsAdmin/actionMicrosoft.Compute/virtualMachines/loginAsAdmin/action 以 Windows 系統管理員或 Linux 根使用者權限登入虛擬機器Log in to a virtual machine with Windows administrator or Linux root user privileges
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as administrator",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action",
        "Microsoft.Compute/virtualMachines/loginAsAdmin/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Administrator Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

虛擬機器參與者Virtual Machine Contributor

使用 vm 擴充功能來建立和管理虛擬機器、管理磁片和磁片快照集、安裝和執行軟體、重設虛擬機器根使用者的密碼,以及使用 VM 擴充功能管理本機使用者帳戶。Create and manage virtual machines, manage disks and disk snapshots, install and run software, reset password of the root user of the virtual machine using VM extensions, and manage local user accounts using VM extensions. 此角色不會將虛擬機器所連接之虛擬網路或儲存體帳戶的管理存取權授與您。This role does not grant you management access to the virtual network or storage account the virtual machines are connected to. 此角色不允許您在 Azure RBAC 中指派角色。This role does not allow you to assign roles in Azure RBAC. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft. Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* 建立和管理運算可用性集合Create and manage compute availability sets
Microsoft. Compute/locations/*Microsoft.Compute/locations/* 建立和管理運算位置Create and manage compute locations
Microsoft. Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* 執行所有虛擬機器動作,包括建立、更新、刪除、啟動、重新開機和關閉虛擬機器的電源。Perform all virtual machine actions including create, update, delete, start, restart, and power off virtual machines. 在虛擬機器上執行腳本。Execute scripts on virtual machines.
Microsoft. Compute/virtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* 建立和管理虛擬機器擴展集Create and manage virtual machine scale sets
Microsoft. 計算/disks/writeMicrosoft.Compute/disks/write 建立新的磁碟,或更新現有磁碟Creates a new Disk or updates an existing one
Microsoft. 計算/disks/readMicrosoft.Compute/disks/read 取得磁碟的屬性Get the properties of a Disk
Microsoft. 計算/disks/deleteMicrosoft.Compute/disks/delete 刪除磁碟Deletes the Disk
Microsoft. microsoft.devtestlab/schedules/*Microsoft.DevTestLab/schedules/*
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action 加入應用程式閘道後端位址集區。Joins an application gateway backend address pool. 不可警示。Not Alertable.
Microsoft. Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action 加入負載平衡器後端位址集區。Joins a load balancer backend address pool. 不可警示。Not Alertable.
Microsoft. Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action 加入負載平衡器輸入 NAT 集區。Joins a load balancer inbound NAT pool. 不可警示。Not alertable.
Microsoft. Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action 加入負載平衡器輸入 nat 規則。Joins a load balancer inbound nat rule. 不可警示。Not Alertable.
Microsoft. Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action 允許使用負載平衡器的探查。Allows using probes of a load balancer. 例如,使用此權限,VM 擴展集的 healthProbe 屬性就可以參考探查。For example, with this permission healthProbe property of VM scale set can reference the probe. 不可警示。Not alertable.
Microsoft. Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 取得負載平衡器定義Gets a load balancer definition
Microsoft. Network/locations/*Microsoft.Network/locations/* 建立和管理網路位置Create and manage network locations
Microsoft. Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* 建立和管理網路介面Create and manage network interfaces
Microsoft. Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 加入網路安全性群組。Joins a network security group. 不可警示。Not Alertable.
Microsoft. Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read 取得網路安全性群組定義Gets a network security group definition
Microsoft. Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action 加入公用 IP 位址。Joins a public ip address. 不可警示。Not Alertable.
Microsoft. Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 取得公用 IP 位址定義。Gets a public ip address definition.
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft. Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虛擬網路。Joins a virtual network. 不可警示。Not Alertable.
Microsoft. az.recoveryservices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft. Az.recoveryservices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write 建立備份保護用途Create a backup Protection Intent
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/*/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 傳回受保護項目的物件詳細資料Returns object details of the Protected Item
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write 建立備用的受保護項目Create a backup Protected Item
Microsoft. Az.recoveryservices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 傳回所有保護原則Returns all Protection Policies
Microsoft. Az.recoveryservices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write 建立保護原則Creates Protection Policy
Microsoft. Az.recoveryservices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft. Az.recoveryservices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 傳回復原服務保存庫的使用量詳細資料。Returns usage details for a Recovery Services Vault.
Microsoft. Az.recoveryservices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write 「建立保存庫」作業會建立 'vault' 類型的 Azure 資源Create Vault operation creates an Azure resource of type 'vault'
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.sqlvirtualmachine/*Microsoft.SqlVirtualMachine/*
Microsoft. 儲存體/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account.
Microsoft. 儲存體/storageAccounts/readMicrosoft.Storage/storageAccounts/read 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/locations/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/virtualMachineScaleSets/*",
        "Microsoft.Compute/disks/write",
        "Microsoft.Compute/disks/read",
        "Microsoft.Compute/disks/delete",
        "Microsoft.DevTestLab/schedules/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/applicationGateways/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatRules/join/action",
        "Microsoft.Network/loadBalancers/probes/join/action",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/locations/*",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Network/networkSecurityGroups/read",
        "Microsoft.Network/publicIPAddresses/join/action",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/write",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.SqlVirtualMachine/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

虛擬機器使用者登入Virtual Machine User Login

在入口網站中檢視虛擬機器並以一般使用者身分登入。View Virtual Machines in the portal and login as a regular user. 深入了解Learn more

動作Actions 描述Description
Microsoft. Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 取得公用 IP 位址定義。Gets a public ip address definition.
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft. Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 取得負載平衡器定義Gets a load balancer definition
Microsoft. Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 取得網路介面定義。Gets a network interface definition.
Microsoft. Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 計算/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action 以一般使用者身分登入虛擬機器Log in to a virtual machine as a regular user
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as a regular user.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
  "name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine User Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

網路功能Networking

CDN 端點參與者CDN Endpoint Contributor

可管理 CDN 端點,但無法將存取權授與其他使用者。Can manage CDN endpoints, but can't grant access to other users.

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft Cdn/profiles/endpoints/*Microsoft.Cdn/profiles/endpoints/*
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CDN 端點讀者CDN Endpoint Reader

可檢視 CDN 端點,但無法變更。Can view CDN endpoints, but can't make changes.

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft Cdn/operationresults/*Microsoft.Cdn/operationresults/*
/Profiles/endpoints/*/readMicrosoft.Cdn/profiles/endpoints/*/read
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CDN 設定檔參與者CDN Profile Contributor

可管理 CDN 設定檔及其端點,但無法將存取權授與其他使用者。Can manage CDN profiles and their endpoints, but can't grant access to other users. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft Cdn/profiles/*Microsoft.Cdn/profiles/*
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CDN 設定檔讀者CDN Profile Reader

可檢視 CDN 設定檔及其端點,但無法變更。Can view CDN profiles and their endpoints, but can't make changes.

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft Cdn/operationresults/*Microsoft.Cdn/operationresults/*
/Profiles/*/readMicrosoft.Cdn/profiles/*/read
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN profiles and their endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
  "name": "8f96442b-4075-438f-813d-ad51ab4019af",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

傳統網路參與者Classic Network Contributor

可讓您管理傳統網路,但無法存取它們。Lets you manage classic networks, but not access to them. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.classicnetwork/*Microsoft.ClassicNetwork/* 建立和管理傳統網路Create and manage classic networks
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicNetwork/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DNS 區域參與者DNS Zone Contributor

可讓您管理 Azure DNS 中的 DNS 區域與記錄集,但無法讓您控制誰可存取它們。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. Network/dnsZones/*Microsoft.Network/dnsZones/* 建立和管理 DNS 區域和記錄Create and manage DNS zones and records
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
  "name": "befefa01-2a29-4197-83a8-272ff33ce314",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/dnsZones/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

網路參與者Network Contributor

可讓您管理網路,但無法存取它們。Lets you manage networks, but not access to them.

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft 網路/*Microsoft.Network/* 建立和管理網路Create and manage networks
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
  "name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

私人 DNS 區域參與者Private DNS Zone Contributor

可讓您管理私人 DNS 區域資源,但不能管理它們所連結的虛擬網路。Lets you manage private DNS zone resources, but not the virtual networks they are linked to. 深入了解Learn more

動作Actions 描述Description
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft. Network/privateDnsZones/*Microsoft.Network/privateDnsZones/*
Microsoft. Network/privateDnsOperationResults/*Microsoft.Network/privateDnsOperationResults/*
Microsoft. Network/privateDnsOperationStatuses/*Microsoft.Network/privateDnsOperationStatuses/*
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft. Network/virtualNetworks/join/actionMicrosoft.Network/virtualNetworks/join/action 加入虛擬網路。Joins a virtual network. 不可警示。Not Alertable.
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage private DNS zone resources, but not the virtual networks they are linked to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "name": "b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/privateDnsZones/*",
        "Microsoft.Network/privateDnsOperationResults/*",
        "Microsoft.Network/privateDnsOperationStatuses/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/join/action",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Private DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

流量管理員參與者Traffic Manager Contributor

可讓您管理「流量管理員」設定檔,但無法控制誰可以存取它們。Lets you manage Traffic Manager profiles, but does not let you control who has access to them.

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/*
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/trafficManagerProfiles/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Traffic Manager Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體Storage

Avere 參與者Avere Contributor

可以建立和管理 Avere vFXT 叢集。Can create and manage an Avere vFXT cluster. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft. Compute/*/readMicrosoft.Compute/*/read
Microsoft. Compute/availabilitySets/*Microsoft.Compute/availabilitySets/*
Microsoft. Compute/proximityPlacementGroups/*Microsoft.Compute/proximityPlacementGroups/*
Microsoft. Compute/virtualMachines/*Microsoft.Compute/virtualMachines/*
Microsoft. Compute/disks/*Microsoft.Compute/disks/*
Microsoft. Network/*/readMicrosoft.Network/*/read
Microsoft. Network/networkInterfaces/*Microsoft.Network/networkInterfaces/*
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft. Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read 取得虛擬網路子網路定義Gets a virtual network subnet definition
Microsoft. Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虛擬網路。Joins a virtual network. 不可警示。Not Alertable.
Microsoft. Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable.
Microsoft. Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 加入網路安全性群組。Joins a network security group. 不可警示。Not Alertable.
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft. Storage/*/readMicrosoft.Storage/*/read
Microsoft. 儲存體/storageAccounts/*Microsoft.Storage/storageAccounts/* 建立及管理儲存體帳戶Create and manage storage accounts
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft .Resources/subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read 取得資源群組的資源。Gets the resources for the resource group.
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 儲存體/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete 傳回刪除 Blob 的結果Returns the result of deleting a blob
Microsoft. 儲存體/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 傳回 Blob 或 Blob 清單Returns a blob or a list of blobs
Microsoft. 儲存體/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write 傳回寫入 Blob 的結果Returns the result of writing a blob
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can create and manage an Avere vFXT cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/proximityPlacementGroups/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/disks/*",
        "Microsoft.Network/*/read",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/*/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*",
        "Microsoft.Resources/subscriptions/resourceGroups/resources/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Avere 操作員Avere Operator

Avere vFXT 叢集用來管理叢集的 深入瞭解Used by the Avere vFXT cluster to manage the cluster Learn more

動作Actions 描述Description
Microsoft. 計算/virtualMachines/readMicrosoft.Compute/virtualMachines/read 取得虛擬機器的屬性Get the properties of a virtual machine
Microsoft. Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 取得網路介面定義。Gets a network interface definition.
Microsoft. Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write 建立網路介面,或更新現有的網路介面。Creates a network interface or updates an existing network interface.
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft. Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read 取得虛擬網路子網路定義Gets a virtual network subnet definition
Microsoft. Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虛擬網路。Joins a virtual network. 不可警示。Not Alertable.
Microsoft. Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 加入網路安全性群組。Joins a network security group. 不可警示。Not Alertable.
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft. 儲存體/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete 傳回刪除容器的結果Returns the result of deleting a container
Microsoft. 儲存體/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 傳回容器的清單Returns list of containers
Microsoft. 儲存體/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write 傳回放置 Blob 容器的結果Returns the result of put blob container
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 儲存體/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete 傳回刪除 Blob 的結果Returns the result of deleting a blob
Microsoft. 儲存體/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 傳回 Blob 或 Blob 清單Returns a blob or a list of blobs
Microsoft. 儲存體/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write 傳回寫入 Blob 的結果Returns the result of writing a blob
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Used by the Avere vFXT cluster to manage the cluster",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "permissions": [
    {
      "actions": [
        "Microsoft.Compute/virtualMachines/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/write",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

備份參與者Backup Contributor

可讓您管理備份服務,但無法建立保存庫並將存取權授與其他人 深入瞭解Lets you manage backup service, but can't create vaults and give access to others Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft. az.recoveryservices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft. Az.recoveryservices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* 管理備份管理上作業的結果Manage results of operation on backup management
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* 在復原服務保存庫的備份網狀架構內建立和管理備份容器Create and manage backup containers inside backup fabrics of Recovery Services vault
Microsoft. Az.recoveryservices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action 重新整理容器清單Refreshes the container list
Microsoft. Az.recoveryservices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* 建立和管理備份作業Create and manage backup jobs
Microsoft. Az.recoveryservices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 匯出作業Export Jobs
Microsoft. Az.recoveryservices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* 建立和管理備份管理作業的結果Create and manage Results of backup management operations
Microsoft. Az.recoveryservices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* 建立和管理備份原則Create and manage backup policies
Microsoft. Az.recoveryservices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* 建立和管理可以備份的項目Create and manage items which can be backed up
Microsoft. Az.recoveryservices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* 建立和管理備份項目Create and manage backed up items
Microsoft. Az.recoveryservices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* 建立和管理保存備份項目的容器Create and manage containers holding backup items
Microsoft. Az.recoveryservices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*
Microsoft. Az.recoveryservices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read 傳回復原服務之受保護項目和受保護伺服器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft. Az.recoveryservices/Vaults/certificates/*Microsoft.RecoveryServices/Vaults/certificates/* 建立和管理備份復原服務保存庫中與備份相關的憑證Create and manage certificates related to backup in Recovery Services vault
Microsoft. Az.recoveryservices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* 建立和管理與保存庫相關的擴充資訊Create and manage extended info related to vault
Microsoft. Az.recoveryservices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 取得復原服務保存庫的警示。Gets the alerts for the Recovery services vault.
Microsoft. Az.recoveryservices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft. Az.recoveryservices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft. Az.recoveryservices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* 建立和管理註冊的身分識別Create and manage registered identities
Microsoft. Az.recoveryservices/Vaults/usages/*Microsoft.RecoveryServices/Vaults/usages/* 建立和管理復原服務保存庫的使用方式Create and manage usage of Recovery Services vault
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft. 儲存體/storageAccounts/readMicrosoft.Storage/storageAccounts/read 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft. Az.recoveryservices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft. Az.recoveryservices/Vaults/backupconfig/*Microsoft.RecoveryServices/Vaults/backupconfig/*
Microsoft. Az.recoveryservices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action 驗證受保護項目上的作業Validate Operation on Protected Item
Microsoft. Az.recoveryservices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write 「建立保存庫」作業會建立 'vault' 類型的 Azure 資源Create Vault operation creates an Azure resource of type 'vault'
Microsoft. Az.recoveryservices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read 傳回復原服務保存庫的備份作業狀態。Returns Backup Operation Status for Recovery Services Vault.
Microsoft. Az.recoveryservices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 傳回已向保存庫註冊的所有備份管理伺服器。Returns all the backup management servers registered with vault.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read 取得所有可保護的容器Get all protectable containers
Microsoft. Az.recoveryservices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action 檢查復原服務保存庫的備份狀態Check Backup Status for Recovery Services Vaults
Microsoft. Az.recoveryservices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft. Az.recoveryservices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 驗證功能Validate Features
Microsoft. Az.recoveryservices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 解決警示。Resolves the alert.
Microsoft. az.recoveryservices/operations/readMicrosoft.RecoveryServices/operations/read 作業會傳回資源提供者的作業清單Operation returns the list of Operations for a Resource Provider
Microsoft. Az.recoveryservices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 取得給定作業的作業狀態Gets Operation Status for a given Operation
Microsoft. Az.recoveryservices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 列出所有的備份保護用途List all backup Protection Intents
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup service,but can't create vaults and give access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
  "name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/*",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
        "Microsoft.RecoveryServices/Vaults/usages/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

備份操作員Backup Operator

可讓您管理備份服務,但移除備份、建立保存庫以及為其他人提供存取權的 詳細資訊Lets you manage backup services, except removal of backup, vault creation and giving access to others Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft. Az.recoveryservices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read 傳回作業的狀態Returns status of the operation
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read 取得對保護容器執行之作業的結果。Gets result of Operation performed on Protection Container.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action 對受保護的項目執行備份。Performs Backup for Protected Item.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read 取得對受保護項目執行之作業的結果。Gets Result of Operation Performed on Protected Items.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read 傳回對受保護項目執行之作業的狀態。Returns the status of Operation performed on Protected Items.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 傳回受保護項目的物件詳細資料Returns object details of the Protected Item
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action 為受保護的項目佈建即時項目復原Provision Instant Item Recovery for Protected Item
Microsoft. Az.recoveryservices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/actionMicrosoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action 取得跨區域還原的 AccessToken。Get AccessToken for Cross Region Restore.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read 取得受保護項目的復原點。Get Recovery Points for Protected Items.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action 還原受保護項目的復原點。Restore Recovery Points for Protected Items.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action 為受保護的項目撤銷即時項目復原Revoke Instant Item Recovery for Protected Item
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write 建立備用的受保護項目Create a backup Protected Item
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read 傳回所有已註冊的容器Returns all registered containers
Microsoft. Az.recoveryservices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action 重新整理容器清單Refreshes the container list
Microsoft. Az.recoveryservices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* 建立和管理備份作業Create and manage backup jobs
Microsoft. Az.recoveryservices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 匯出作業Export Jobs
Microsoft. Az.recoveryservices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* 建立和管理備份管理作業的結果Create and manage Results of backup management operations
Microsoft. Az.recoveryservices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read 取得原則作業的結果。Get Results of Policy Operation.
Microsoft. Az.recoveryservices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 傳回所有保護原則Returns all Protection Policies
Microsoft. Az.recoveryservices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* 建立和管理可以備份的項目Create and manage items which can be backed up
Microsoft. Az.recoveryservices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read 傳回所有受保護項目的清單。Returns the list of all Protected Items.
Microsoft. Az.recoveryservices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read 傳回屬於訂用帳戶的所有容器Returns all containers belonging to the subscription
Microsoft. Az.recoveryservices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read 傳回復原服務之受保護項目和受保護伺服器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft. Az.recoveryservices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write 「更新資源憑證」作業會更新資源/保存庫的認證憑證。The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft. Az.recoveryservices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read 「取得延伸資訊」作業會取得物件的延伸資訊,此延伸資訊代表 'vault' 類型的 Azure 資源The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft. Az.recoveryservices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write 「取得延伸資訊」作業會取得物件的延伸資訊,此延伸資訊代表 'vault' 類型的 Azure 資源The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft. Az.recoveryservices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 取得復原服務保存庫的警示。Gets the alerts for the Recovery services vault.
Microsoft. Az.recoveryservices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft. Az.recoveryservices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft. Az.recoveryservices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read 「取得作業結果」作業可用來取得以非同步方式提交之作業的作業狀態和結果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft. Az.recoveryservices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read 「取得容器」作業可用來取得為資源註冊的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft. Az.recoveryservices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write 「註冊服務容器」作業可用來向復原服務註冊容器。The Register Service Container operation can be used to register a container with Recovery Service.
Microsoft. Az.recoveryservices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 傳回復原服務保存庫的使用量詳細資料。Returns usage details for a Recovery Services Vault.
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft. 儲存體/storageAccounts/readMicrosoft.Storage/storageAccounts/read 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft. Az.recoveryservices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft. Az.recoveryservices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action 驗證受保護項目上的作業Validate Operation on Protected Item
Microsoft. Az.recoveryservices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read 傳回復原服務保存庫的備份作業狀態。Returns Backup Operation Status for Recovery Services Vault.
Microsoft. Az.recoveryservices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read 取得原則作業的狀態。Get Status of Policy Operation.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write 建立已註冊的容器Creates a registered container
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action 執行容器內工作負載的查詢Do inquiry for workloads within a container
Microsoft. Az.recoveryservices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 傳回已向保存庫註冊的所有備份管理伺服器。Returns all the backup management servers registered with vault.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write 建立備份保護用途Create a backup Protection Intent
Microsoft. Az.recoveryservices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read 取得備份保護用途Get a backup Protection Intent
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read 取得所有可保護的容器Get all protectable containers
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read 取得容器中的所有項目Get all items in a container
Microsoft. Az.recoveryservices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action 檢查復原服務保存庫的備份狀態Check Backup Status for Recovery Services Vaults
Microsoft. Az.recoveryservices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft. Az.recoveryservices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 驗證功能Validate Features
Microsoft. Az.recoveryservices/locations/backupAadProperties/readMicrosoft.RecoveryServices/locations/backupAadProperties/read 取得用於跨區域還原的第三個區域中進行驗證的 AAD 屬性。Get AAD Properties for authentication in the third region for Cross Region Restore.
Microsoft. Az.recoveryservices/locations/backupCrrJobs/actionMicrosoft.RecoveryServices/locations/backupCrrJobs/action 列出復原服務保存庫次要區域中的跨區域還原作業。List Cross Region Restore Jobs in the secondary region for Recovery Services Vault.
Microsoft. Az.recoveryservices/locations/backupCrrJob/actionMicrosoft.RecoveryServices/locations/backupCrrJob/action 在復原服務保存庫的次要區域中取得跨區域還原作業詳細資料。Get Cross Region Restore Job Details in the secondary region for Recovery Services Vault.
Microsoft. Az.recoveryservices/locations/backupCrossRegionRestore/actionMicrosoft.RecoveryServices/locations/backupCrossRegionRestore/action 觸發跨區域還原。Trigger Cross region restore.
Microsoft. Az.recoveryservices/locations/backupCrrOperationResults/readMicrosoft.RecoveryServices/locations/backupCrrOperationResults/read 傳回復原服務保存庫的 CRR 操作結果。Returns CRR Operation Result for Recovery Services Vault.
Microsoft. Az.recoveryservices/locations/backupCrrOperationsStatus/readMicrosoft.RecoveryServices/locations/backupCrrOperationsStatus/read 傳回復原服務保存庫的 CRR 操作狀態。Returns CRR Operation Status for Recovery Services Vault.
Microsoft. Az.recoveryservices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 解決警示。Resolves the alert.
Microsoft. az.recoveryservices/operations/readMicrosoft.RecoveryServices/operations/read 作業會傳回資源提供者的作業清單Operation returns the list of Operations for a Resource Provider
Microsoft. Az.recoveryservices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 取得給定作業的作業狀態Gets Operation Status for a given Operation
Microsoft. Az.recoveryservices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 列出所有的備份保護用途List all backup Protection Intents
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
  "name": "00c29273-979b-4161-815c-10b084fb9324",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
        "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/write",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/write",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/locations/backupAadProperties/read",
        "Microsoft.RecoveryServices/locations/backupCrrJobs/action",
        "Microsoft.RecoveryServices/locations/backupCrrJob/action",
        "Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action",
        "Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
        "Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

備份讀取者Backup Reader

可以查看備份服務,但無法進行變更 深入瞭解Can view backup services, but can't make changes Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft. Az.recoveryservices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp 是服務所使用的內部作業GetAllocatedStamp is internal operation used by service
Microsoft. Az.recoveryservices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read 傳回作業的狀態Returns status of the operation
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read 取得對保護容器執行之作業的結果。Gets result of Operation performed on Protection Container.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read 取得對受保護項目執行之作業的結果。Gets Result of Operation Performed on Protected Items.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read 傳回對受保護項目執行之作業的狀態。Returns the status of Operation performed on Protected Items.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 傳回受保護項目的物件詳細資料Returns object details of the Protected Item
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read 取得受保護項目的復原點。Get Recovery Points for Protected Items.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read 傳回所有已註冊的容器Returns all registered containers
Microsoft. Az.recoveryservices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read 傳回作業的作業結果。Returns the Result of Job Operation.
Microsoft. Az.recoveryservices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read 傳回所有作業物件Returns all Job Objects
Microsoft. Az.recoveryservices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 匯出作業Export Jobs
Microsoft. Az.recoveryservices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read 傳回復原服務保存庫的備份作業結果。Returns Backup Operation Result for Recovery Services Vault.
Microsoft. Az.recoveryservices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read 取得原則作業的結果。Get Results of Policy Operation.
Microsoft. Az.recoveryservices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 傳回所有保護原則Returns all Protection Policies
Microsoft. Az.recoveryservices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read 傳回所有受保護項目的清單。Returns the list of all Protected Items.
Microsoft. Az.recoveryservices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read 傳回屬於訂用帳戶的所有容器Returns all containers belonging to the subscription
Microsoft. Az.recoveryservices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read 傳回復原服務之受保護項目和受保護伺服器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft. Az.recoveryservices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read 「取得延伸資訊」作業會取得物件的延伸資訊,此延伸資訊代表 'vault' 類型的 Azure 資源The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft. Az.recoveryservices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 取得復原服務保存庫的警示。Gets the alerts for the Recovery services vault.
Microsoft. Az.recoveryservices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft. Az.recoveryservices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read 「取得作業結果」作業可用來取得以非同步方式提交之作業的作業狀態和結果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft. Az.recoveryservices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read 「取得容器」作業可用來取得為資源註冊的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft. Az.recoveryservices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read 傳回復原服務保存庫的儲存體組態。Returns Storage Configuration for Recovery Services Vault.
Microsoft. Az.recoveryservices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read 傳回復原服務保存庫的組態。Returns Configuration for Recovery Services Vault.
Microsoft. Az.recoveryservices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read 傳回復原服務保存庫的備份作業狀態。Returns Backup Operation Status for Recovery Services Vault.
Microsoft. Az.recoveryservices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read 取得原則作業的狀態。Get Status of Policy Operation.
Microsoft. Az.recoveryservices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 傳回已向保存庫註冊的所有備份管理伺服器。Returns all the backup management servers registered with vault.
Microsoft. Az.recoveryservices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read 取得備份保護用途Get a backup Protection Intent
Microsoft. Az.recoveryservices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read 取得容器中的所有項目Get all items in a container
Microsoft. Az.recoveryservices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action 檢查復原服務保存庫的備份狀態Check Backup Status for Recovery Services Vaults
Microsoft. Az.recoveryservices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft. Az.recoveryservices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 解決警示。Resolves the alert.
Microsoft. az.recoveryservices/operations/readMicrosoft.RecoveryServices/operations/read 作業會傳回資源提供者的作業清單Operation returns the list of Operations for a Resource Provider
Microsoft. Az.recoveryservices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 取得給定作業的作業狀態Gets Operation Status for a given Operation
Microsoft. Az.recoveryservices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 列出所有的備份保護用途List all backup Protection Intents
Microsoft. Az.recoveryservices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 傳回復原服務保存庫的使用量詳細資料。Returns usage details for a Recovery Services Vault.
Microsoft. Az.recoveryservices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 驗證功能Validate Features
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view backup services, but can't make changes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/read",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

傳統儲存體帳戶參與者Classic Storage Account Contributor

可讓您管理傳統儲存體帳戶,但無法存取它們。Lets you manage classic storage accounts, but not access to them.

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft. Microsoft.classicstorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* 建立及管理儲存體帳戶Create and manage storage accounts
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic storage accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicStorage/storageAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

傳統儲存體帳戶金鑰操作員服務角色Classic Storage Account Key Operator Service Role

您可以使用傳統儲存體帳戶金鑰操作員,在傳統儲存體帳戶上列出和重新產生金鑰。 深入瞭解Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts Learn more

動作Actions 描述Description
Microsoft. Microsoft.classicstorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action 列出儲存體帳戶的存取金鑰。Lists the access keys for the storage accounts.
Microsoft. Microsoft.classicstorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action 重新產生儲存體帳戶的現有存取金鑰。Regenerates the existing access keys for the storage account.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ClassicStorage/storageAccounts/listkeys/action",
        "Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

資料箱參與者Data Box Contributor

可讓您管理資料箱服務下的所有項目,為他人賦予存取權除外。Lets you manage everything under Data Box Service except giving access to others. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
資料箱/*Microsoft.Databox/*
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything under Data Box Service except giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
  "name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Databox/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

資料箱讀者Data Box Reader

可讓您管理資料箱服務,建立訂單或編輯訂單詳細資料和為他人賦予存取權除外。Lets you manage Data Box Service except creating order or editing order details and giving access to others. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
資料箱/*/readMicrosoft.Databox/*/read
Microsoft. 資料箱/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action
Microsoft. 資料箱/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action 列出與訂單相關的未加密認證。Lists the unencrypted credentials related to the order.
Microsoft. 資料箱/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action 此方法會傳回可用的 SKU 清單。This method returns the list of available skus.
Microsoft. 資料箱/locations/validateInputs/actionMicrosoft.Databox/locations/validateInputs/action 此方法會執行所有類型的驗證。This method does all type of validations.
Microsoft. 資料箱/locations/regionConfiguration/actionMicrosoft.Databox/locations/regionConfiguration/action 此方法會傳回區域的設定。This method returns the configurations for the region.
Microsoft. 資料箱/locations/validateAddress/actionMicrosoft.Databox/locations/validateAddress/action 驗證出貨地址,並提供備用的地址 (若有的話)。Validates the shipping address and provides alternate addresses if any.
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Databox/*/read",
        "Microsoft.Databox/jobs/listsecrets/action",
        "Microsoft.Databox/jobs/listcredentials/action",
        "Microsoft.Databox/locations/availableSkus/action",
        "Microsoft.Databox/locations/validateInputs/action",
        "Microsoft.Databox/locations/regionConfiguration/action",
        "Microsoft.Databox/locations/validateAddress/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Lake Analytics 開發人員Data Lake Analytics Developer

可讓您提交、監視及管理您自己的作業,但無法建立或刪除 Data Lake Analytics 帳戶。Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.BigAnalytics/accounts/*Microsoft.BigAnalytics/accounts/*
Microsoft. DataLakeAnalytics/accounts/*Microsoft.DataLakeAnalytics/accounts/*
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
Microsoft.BigAnalytics/accounts/DeleteMicrosoft.BigAnalytics/accounts/Delete
Microsoft.BigAnalytics/accounts/TakeOwnership/actionMicrosoft.BigAnalytics/accounts/TakeOwnership/action
Microsoft.BigAnalytics/accounts/WriteMicrosoft.BigAnalytics/accounts/Write
Microsoft. DataLakeAnalytics/accounts/DeleteMicrosoft.DataLakeAnalytics/accounts/Delete 刪除 DataLakeAnalytics 帳戶。Delete a DataLakeAnalytics account.
Microsoft. DataLakeAnalytics/accounts/TakeOwnership/actionMicrosoft.DataLakeAnalytics/accounts/TakeOwnership/action 授與權限以取消其他使用者所提交的作業。Grant permissions to cancel jobs submitted by other users.
Microsoft. DataLakeAnalytics/accounts/WriteMicrosoft.DataLakeAnalytics/accounts/Write 建立或更新 DataLakeAnalytics 帳戶。Create or update a DataLakeAnalytics account.
Microsoft. DataLakeAnalytics/accounts/dataLakeStoreAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write 建立或更新 DataLakeAnalytics 帳戶所連結的 DataLakeStore 帳戶。Create or update a linked DataLakeStore account of a DataLakeAnalytics account.
Microsoft. DataLakeAnalytics/accounts/dataLakeStoreAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete 取消 DataLakeStore 帳戶與 DataLakeAnalytics 帳戶的連結。Unlink a DataLakeStore account from a DataLakeAnalytics account.
Microsoft. DataLakeAnalytics/accounts/storageAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Write 建立或更新 DataLakeAnalytics 帳戶所連結的儲存體帳戶。Create or update a linked Storage account of a DataLakeAnalytics account.
Microsoft. DataLakeAnalytics/accounts/storageAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Delete 取消儲存體帳戶與 DataLakeAnalytics 帳戶的連結。Unlink a Storage account from a DataLakeAnalytics account.
Microsoft. DataLakeAnalytics/accounts/firewallRules/WriteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Write 建立或更新防火牆規則。Create or update a firewall rule.
Microsoft. DataLakeAnalytics/accounts/firewallRules/DeleteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Delete 刪除防火牆規則。Delete a firewall rule.
Microsoft. DataLakeAnalytics/accounts/computePolicies/WriteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Write 建立或更新計算原則。Create or update a compute policy.
Microsoft. DataLakeAnalytics/accounts/computePolicies/DeleteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Delete 刪除計算原則。Delete a compute policy.
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
  "name": "47b7735b-770e-4598-a7da-8b91488b4c88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.BigAnalytics/accounts/*",
        "Microsoft.DataLakeAnalytics/accounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.BigAnalytics/accounts/Delete",
        "Microsoft.BigAnalytics/accounts/TakeOwnership/action",
        "Microsoft.BigAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
        "Microsoft.DataLakeAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Lake Analytics Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

讀取者及資料存取Reader and Data Access

可讓您檢視所有內容,但無法讓您刪除或建立儲存體帳戶或內含的資源。Lets you view everything but will not let you delete or create a storage account or contained resource. 也可透過存取儲存體帳戶金鑰,對儲存體帳戶中內含的所有資料進行讀取/寫入存取。It will also allow read/write access to all data contained in a storage account via access to storage account keys.

動作Actions 描述Description
Microsoft. 儲存體/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account.
Microsoft. 儲存體/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action 傳回指定儲存體帳戶的帳戶 SAS 權杖。Returns the Account SAS token for the specified storage account.
Microsoft. 儲存體/storageAccounts/readMicrosoft.Storage/storageAccounts/read 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
  "name": "c12c1c16-33a1-487b-954d-41c89c60f349",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/ListAccountSas/action",
        "Microsoft.Storage/storageAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader and Data Access",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體帳戶參與者Storage Account Contributor

允許管理儲存體帳戶。Permits management of storage accounts. 支援存取帳戶金鑰,以透過共用金鑰授權來存取資料。Provides access to the account key, which can be used to access data via Shared Key authorization. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 建立、更新或讀取 Analysis Server 的診斷設定Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft. Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable.
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft. 儲存體/storageAccounts/*Microsoft.Storage/storageAccounts/* 建立及管理儲存體帳戶Create and manage storage accounts
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體帳戶金鑰操作員服務角色Storage Account Key Operator Service Role

允許列出及重新產生儲存體帳戶存取金鑰。Permits listing and regenerating storage account access keys. 深入了解Learn more

動作Actions 描述Description
Microsoft. 儲存體/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account.
Microsoft. 儲存體/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action 重新產生指定儲存體帳戶的存取金鑰。Regenerates the access keys for the specified storage account.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
  "name": "81a9662b-bebf-436f-a333-f67b29880f12",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listkeys/action",
        "Microsoft.Storage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體 Blob 資料參與者Storage Blob Data Contributor

讀取、寫入和刪除 Azure 儲存體的容器和 blob。Read, write, and delete Azure Storage containers and blobs. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 深入了解Learn more

動作Actions 描述Description
Microsoft. 儲存體/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete 刪除容器。Delete a container.
Microsoft. 儲存體/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 傳回一個容器或一份容器清單。Return a container or a list of containers.
Microsoft. 儲存體/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write 修改容器的中繼資料或屬性。Modify a container's metadata or properties.
Microsoft. 儲存體/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action 傳回 Blob 服務的使用者委派金鑰。Returns a user delegation key for the Blob service.
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 儲存體/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete 刪除 Blob。Delete a blob.
Microsoft. 儲存體/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 傳回一個 blob 或一份 blob 清單。Return a blob or a list of blobs.
Microsoft. 儲存體/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write 寫入 blob。Write to a blob.
Microsoft. 儲存體/storageAccounts/blobServices/containers/blobs/move/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/move/action 將 blob 從一個路徑移到另一個路徑Moves the blob from one path to another
Microsoft. 儲存體/storageAccounts/blobServices/containers/blobs/add/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/add/action 傳回新增 Blob 內容的結果Returns the result of adding blob content
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write and delete access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體 Blob 資料擁有者Storage Blob Data Owner

支援完整存取 Azure 儲存體 blob 容器和資料,包括指派 POSIX 存取控制。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 深入了解Learn more

動作Actions 描述Description
Microsoft. 儲存體/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* 容器的完整權限。Full permissions on containers.
Microsoft. 儲存體/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action 傳回 Blob 服務的使用者委派金鑰。Returns a user delegation key for the Blob service.
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 儲存體/storageAccounts/blobServices/containers/blobs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* Blob 的完整權限。Full permissions on blobs.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/*",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體 Blob 資料讀者Storage Blob Data Reader

讀取和列出 Azure 儲存體的容器和 blob。Read and list Azure Storage containers and blobs. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 深入了解Learn more

動作Actions 描述Description
Microsoft. 儲存體/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 傳回一個容器或一份容器清單。Return a container or a list of containers.
Microsoft. 儲存體/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action 傳回 Blob 服務的使用者委派金鑰。Returns a user delegation key for the Blob service.
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 儲存體/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 傳回一個 blob 或一份 blob 清單。Return a blob or a list of blobs.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體 Blob 委派者Storage Blob Delegator

取得使用者委派金鑰,以針對使用 Azure AD 認證所簽署的容器或 blob,建立共用存取簽章。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 如需詳細資訊,請參閱建立使用者委派 SASFor more information, see Create a user delegation SAS. 深入了解Learn more

動作Actions 描述Description
Microsoft. 儲存體/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action 傳回 Blob 服務的使用者委派金鑰。Returns a user delegation key for the Blob service.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Delegator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體檔案資料 SMB 共用參與者Storage File Data SMB Share Contributor

允許讀取、寫入及刪除 Azure 檔案共用上的檔案/目錄。Allows for read, write, and delete access on files/directories in Azure file shares. 此角色在 Windows 檔案伺服器上沒有內建的對等項。This role has no built-in equivalent on Windows file servers. 深入了解Learn more

動作Actions 描述Description
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 儲存體/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read 傳回一個檔案/資料夾,或一份檔案/資料夾清單。Returns a file/folder or a list of files/folders.
Microsoft. 儲存體/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write 傳回寫入檔案或建立資料夾的結果。Returns the result of writing a file or creating a folder.
Microsoft. 儲存體/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete 傳回刪除檔案/資料夾的結果。Returns the result of deleting a file/folder.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體檔案資料 SMB 共用提升權限的參與者Storage File Data SMB Share Elevated Contributor

允許對 Azure 檔案共用上的檔案/目錄,讀取、寫入、刪除和修改 ACL。Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. 此角色相當於 Windows 檔案伺服器上的「變更」檔案共用 ACL。This role is equivalent to a file share ACL of change on Windows file servers. 深入了解Learn more

動作Actions 描述Description
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 儲存體/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read 傳回一個檔案/資料夾,或一份檔案/資料夾清單。Returns a file/folder or a list of files/folders.
Microsoft. 儲存體/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write 傳回寫入檔案或建立資料夾的結果。Returns the result of writing a file or creating a folder.
Microsoft. 儲存體/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete 傳回刪除檔案/資料夾的結果。Returns the result of deleting a file/folder.
Microsoft. 儲存體/storageAccounts/fileServices/fileshares/files/modifypermissions/actionMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action 傳回修改檔案/資料夾權限的結果。Returns the result of modifying permission on a file/folder.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
  "name": "a7264617-510b-434b-a828-9731dc254ea7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Elevated Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體檔案資料 SMB 共用讀者Storage File Data SMB Share Reader

允許讀取 Azure 檔案共用上的檔案/目錄。Allows for read access on files/directories in Azure file shares. 此角色相當於 Windows 檔案伺服器上的「讀取」檔案共用 ACL。This role is equivalent to a file share ACL of read on Windows file servers. 深入了解Learn more

動作Actions 描述Description
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 儲存體/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read 傳回一個檔案/資料夾,或一份檔案/資料夾清單。Returns a file/folder or a list of files/folders.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure File Share over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
  "name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體佇列資料參與者Storage Queue Data Contributor

讀取、寫入及刪除 Azure 儲存體的佇列和佇列訊息。Read, write, and delete Azure Storage queues and queue messages. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 深入了解Learn more

動作Actions 描述Description
Microsoft. 儲存體/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete 刪除佇列。Delete a queue.
Microsoft. 儲存體/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read 傳回一個佇列或一份佇列清單。Return a queue or a list of queues.
Microsoft. 儲存體/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write 修改佇列中繼資料或屬性。Modify queue metadata or properties.
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 儲存體/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete 從佇列中刪除一或多個訊息。Delete one or more messages from a queue.
Microsoft. 儲存體/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 從佇列中瞄核或取出一或多個訊息。Peek or retrieve one or more messages from a queue.
Microsoft. 儲存體/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write 將訊息新增至佇列。Add a message to a queue.
Microsoft. 儲存體/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action 傳回處理訊息的結果Returns the result of processing a message
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/write",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體佇列資料訊息處理者Storage Queue Data Message Processor

從 Azure 儲存體佇列中瞄核、擷取和刪除訊息。Peek, retrieve, and delete a message from an Azure Storage queue. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 深入了解Learn more

動作Actions 描述Description
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 儲存體/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 瞄核訊息。Peek a message.
Microsoft. 儲存體/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action 取出和刪除訊息。Retrieve and delete a message.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Processor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體佇列資料訊息傳送者Storage Queue Data Message Sender

將訊息新增至 Azure 儲存體佇列。Add messages to an Azure Storage queue. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 深入了解Learn more

動作Actions 描述Description
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 儲存體/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action 將訊息新增至佇列。Add a message to a queue.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for sending of Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體佇列資料讀者Storage Queue Data Reader

讀取和列出 Azure 儲存體的佇列和佇列訊息。Read and list Azure Storage queues and queue messages. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 深入了解Learn more

動作Actions 描述Description
Microsoft. 儲存體/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read 傳回佇列或佇列清單。Returns a queue or a list of queues.
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 儲存體/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 從佇列中瞄核或取出一或多個訊息。Peek or retrieve one or more messages from a queue.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
  "name": "19e7f393-937e-4f77-808e-94535e297925",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

WebWeb

Azure 地圖服務資料參與者Azure Maps Data Contributor

授與讀取、寫入和刪除許可權的存取權,以對應 Azure 地圖服務帳戶的相關資料。Grants access to read, write, and delete access to map related data from an Azure maps account. 深入了解Learn more

動作Actions 描述Description
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft. Maps/accounts/*/readMicrosoft.Maps/accounts/*/read
Microsoft. Maps/accounts/*/writeMicrosoft.Maps/accounts/*/write
Microsoft. Maps/accounts/*/deleteMicrosoft.Maps/accounts/*/delete
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read, write, and delete access to map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
  "name": "8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read",
        "Microsoft.Maps/accounts/*/write",
        "Microsoft.Maps/accounts/*/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 地圖服務資料讀者Azure Maps Data Reader

授權從 Azure 地圖服務帳戶讀取地圖相關資料。Grants access to read map related data from an Azure maps account. 深入了解Learn more

動作Actions 描述Description
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft. Maps/accounts/*/readMicrosoft.Maps/accounts/*/read
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 春季雲端資料讀取器Azure Spring Cloud Data Reader

允許對 Azure 春季 Cloud Data 的讀取存取權 深入瞭解Allow read access to Azure Spring Cloud Data Learn more

動作Actions 描述Description
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft. AppPlatform/Spring/*/readMicrosoft.AppPlatform/Spring/*/read
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allow read access to Azure Spring Cloud Data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b5537268-8956-4941-a8f0-646150406f0c",
  "name": "b5537268-8956-4941-a8f0-646150406f0c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppPlatform/Spring/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Spring Cloud Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

搜尋服務參與者Search Service Contributor

可讓您管理「搜尋」服務,但無法存取它們。Lets you manage Search services, but not access to them. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft. Search/searchServices/*Microsoft.Search/searchServices/* 建立和管理搜尋服務Create and manage search services
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Search services, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Search/searchServices/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Search Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SignalR AccessKey 讀者SignalR AccessKey Reader

讀取 SignalR Service 存取金鑰Read SignalR Service Access Keys

動作Actions 描述Description
Microsoft.signalrservice/*/readMicrosoft.SignalRService/*/read
Microsoft. Microsoft.signalrservice/SignalR/listkeys/actionMicrosoft.SignalRService/SignalR/listkeys/action 在管理入口網站中或透過 API 檢視 SignalR 存取金鑰View the value of SignalR access keys in the management portal or through API
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read SignalR Service Access Keys",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e",
  "name": "04165923-9d83-45d5-8227-78b77b0a687e",
  "permissions": [
    {
      "actions": [
        "Microsoft.SignalRService/*/read",
        "Microsoft.SignalRService/SignalR/listkeys/action",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR AccessKey Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SignalR 應用程式伺服器 (預覽) SignalR App Server (Preview)

使用 AAD 驗證選項,讓您的應用程式伺服器存取 SignalR Service。Lets your app server access SignalR Service with AAD auth options.

動作Actions 描述Description
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft. Microsoft.signalrservice/SignalR/auth/accessKey/actionMicrosoft.SignalRService/SignalR/auth/accessKey/action 產生 AccessKey 來簽署 AccessTokens,依預設,金鑰會在90分鐘內到期。Generate an AccessKey for signing AccessTokens, the key will expire in 90 minutes by default.
Microsoft. Microsoft.signalrservice/SignalR/serverConnection/writeMicrosoft.SignalRService/SignalR/serverConnection/write 啟動伺服器連接。Start a server connection.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets your app server access SignalR Service with AAD auth options.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/420fcaa2-552c-430f-98ca-3264be4806c7",
  "name": "420fcaa2-552c-430f-98ca-3264be4806c7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/auth/accessKey/action",
        "Microsoft.SignalRService/SignalR/serverConnection/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR App Server (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SignalR 參與者SignalR Contributor

建立、讀取、更新和刪除 SignalR 服務資源Create, Read, Update, and Delete SignalR service resources

動作Actions 描述Description
Microsoft.signalrservice/*Microsoft.SignalRService/*
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, Read, Update, and Delete SignalR service resources",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
  "name": "8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
  "permissions": [
    {
      "actions": [
        "Microsoft.SignalRService/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SignalR 無伺服器參與者 (預覽) SignalR Serverless Contributor (Preview)

使用 AAD 驗證選項,讓您的應用程式在無伺服器模式下存取服務。Lets your app access service in serverless mode with AAD auth options.

動作Actions 描述Description
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft. Microsoft.signalrservice/SignalR/auth/clientToken/actionMicrosoft.SignalRService/SignalR/auth/clientToken/action 產生 AccessToken,讓用戶端連線到 ASRS,權杖預設會在5分鐘內到期。Generate an AccessToken for client to connect to ASRS, the token will expire in 5 minutes by default.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets your app access service in serverless mode with AAD auth options.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fd53cd77-2268-407a-8f46-7e7863d0f521",
  "name": "fd53cd77-2268-407a-8f46-7e7863d0f521",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/auth/clientToken/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Serverless Contributor (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SignalR Service 擁有者 (預覽) SignalR Service Owner (Preview)

Azure SignalR Service REST Api 的完整存取權Full access to Azure SignalR Service REST APIs

動作Actions 描述Description
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft. Microsoft.signalrservice/SignalR/auth/accessKey/actionMicrosoft.SignalRService/SignalR/auth/accessKey/action 產生 AccessKey 來簽署 AccessTokens,依預設,金鑰會在90分鐘內到期。Generate an AccessKey for signing AccessTokens, the key will expire in 90 minutes by default.
Microsoft. Microsoft.signalrservice/SignalR/auth/clientToken/actionMicrosoft.SignalRService/SignalR/auth/clientToken/action 產生 AccessToken,讓用戶端連線到 ASRS,權杖預設會在5分鐘內到期。Generate an AccessToken for client to connect to ASRS, the token will expire in 5 minutes by default.
Microsoft. Microsoft.signalrservice/SignalR/hub/send/actionMicrosoft.SignalRService/SignalR/hub/send/action 將訊息廣播至中樞內的所有用戶端連接。Broadcast messages to all client connections in hub.
Microsoft. Microsoft.signalrservice/SignalR/group/send/actionMicrosoft.SignalRService/SignalR/group/send/action 將訊息廣播到群組。Broadcast message to group.
Microsoft. Microsoft.signalrservice/SignalR/group/readMicrosoft.SignalRService/SignalR/group/read 檢查群組是否存在或使用者存在於群組中。Check group existence or user existence in group.
Microsoft. Microsoft.signalrservice/SignalR/group/writeMicrosoft.SignalRService/SignalR/group/write 加入/離開群組。Join / Leave group.
Microsoft. Microsoft.signalrservice/SignalR/clientConnection/send/actionMicrosoft.SignalRService/SignalR/clientConnection/send/action 將訊息直接傳送至用戶端連接。Send messages directly to a client connection.
Microsoft. Microsoft.signalrservice/SignalR/clientConnection/readMicrosoft.SignalRService/SignalR/clientConnection/read 檢查用戶端連接是否存在。Check client connection existence.
Microsoft. Microsoft.signalrservice/SignalR/clientConnection/writeMicrosoft.SignalRService/SignalR/clientConnection/write 關閉用戶端連接。Close client connection.
Microsoft. Microsoft.signalrservice/SignalR/user/send/actionMicrosoft.SignalRService/SignalR/user/send/action 傳送訊息給使用者,其中可能包含多個用戶端連接。Send messages to user, who may consist of multiple client connections.
Microsoft. Microsoft.signalrservice/SignalR/user/readMicrosoft.SignalRService/SignalR/user/read 檢查使用者是否存在。Check user existence.
Microsoft. Microsoft.signalrservice/SignalR/user/writeMicrosoft.SignalRService/SignalR/user/write 修改使用者。Modify a user.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to Azure SignalR Service REST APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
  "name": "7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/auth/accessKey/action",
        "Microsoft.SignalRService/SignalR/auth/clientToken/action",
        "Microsoft.SignalRService/SignalR/hub/send/action",
        "Microsoft.SignalRService/SignalR/group/send/action",
        "Microsoft.SignalRService/SignalR/group/read",
        "Microsoft.SignalRService/SignalR/group/write",
        "Microsoft.SignalRService/SignalR/clientConnection/send/action",
        "Microsoft.SignalRService/SignalR/clientConnection/read",
        "Microsoft.SignalRService/SignalR/clientConnection/write",
        "Microsoft.SignalRService/SignalR/user/send/action",
        "Microsoft.SignalRService/SignalR/user/read",
        "Microsoft.SignalRService/SignalR/user/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Service Owner (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SignalR Service 讀者 (預覽) SignalR Service Reader (Preview)

Azure SignalR Service REST Api 的唯讀存取Read-only access to Azure SignalR Service REST APIs

動作Actions 描述Description
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft. Microsoft.signalrservice/SignalR/group/readMicrosoft.SignalRService/SignalR/group/read 檢查群組是否存在或使用者存在於群組中。Check group existence or user existence in group.
Microsoft. Microsoft.signalrservice/SignalR/clientConnection/readMicrosoft.SignalRService/SignalR/clientConnection/read 檢查用戶端連接是否存在。Check client connection existence.
Microsoft. Microsoft.signalrservice/SignalR/user/readMicrosoft.SignalRService/SignalR/user/read 檢查使用者是否存在。Check user existence.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only access to Azure SignalR Service REST APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ddde6b66-c0df-4114-a159-3618637b3035",
  "name": "ddde6b66-c0df-4114-a159-3618637b3035",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/group/read",
        "Microsoft.SignalRService/SignalR/clientConnection/read",
        "Microsoft.SignalRService/SignalR/user/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Service Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Web 方案參與者Web Plan Contributor

可讓您管理網站的 Web 方案,但無法存取它們。Lets you manage the web plans for websites, but not access to them.

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft. Web/serverFarms/*Microsoft.Web/serverFarms/* 建立和管理伺服器陣列Create and manage server farms
Microsoft. Web/hostingEnvironments/Join/ActionMicrosoft.Web/hostingEnvironments/Join/Action 加入 App Service 環境Joins an App Service Environment
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the web plans for websites, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/serverFarms/*",
        "Microsoft.Web/hostingEnvironments/Join/Action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Web Plan Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

網站參與者Website Contributor

可讓您管理網站 (非 Web 方案),但無法存取它們。Lets you manage websites (not web plans), but not access to them.

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft Insights/components/*Microsoft.Insights/components/* 建立和管理 Insights 元件Create and manage Insights components
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft. Web/certificates/*Microsoft.Web/certificates/* 建立和管理網站憑證Create and manage website certificates
Microsoft. Web/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read 取得指派給主機名稱之網站的名稱。Get names of sites assigned to hostname.
Microsoft. Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action 加入 App Service 計畫Joins an App Service Plan
Microsoft. Web/serverFarms/readMicrosoft.Web/serverFarms/read 取得 App Service 方案的屬性Get the properties on an App Service Plan
Microsoft. Web/sites/*Microsoft.Web/sites/* 建立和管理網站 (建立網站也需要相關聯應用程式服務方案的寫入權限)Create and manage websites (site creation also requires write permissions to the associated App Service Plan)
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage websites (not web plans), but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
  "name": "de139f84-1756-47ae-9be6-808fbbe84772",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/certificates/*",
        "Microsoft.Web/listSitesAssignedToHostName/read",
        "Microsoft.Web/serverFarms/join/action",
        "Microsoft.Web/serverFarms/read",
        "Microsoft.Web/sites/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Website Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

容器Containers

AcrDeleteAcrDelete

從容器登錄中刪除存放庫、標記或資訊清單。Delete repositories, tags, or manifests from a container registry. 深入了解Learn more

動作Actions 描述Description
Microsoft. >microsoft.containerregistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete 刪除容器登錄中的成品。Delete artifact in a container registry.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr delete",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/artifacts/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrDelete",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrImageSignerAcrImageSigner

將受信任的映射推送至或從啟用內容信任的容器登錄中提取受信任的映射。Push trusted images to or pull trusted images from a container registry enabled for content trust. 深入了解Learn more

動作Actions 描述Description
Microsoft. >microsoft.containerregistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write 推送/提取容器登錄的內容信任中繼資料。Push/Pull content trust metadata for a container registry.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr image signer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
  "name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/sign/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrImageSigner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPullAcrPull

從容器登錄中提取成品。Pull artifacts from a container registry. 深入了解Learn more

動作Actions 描述Description
Microsoft. >microsoft.containerregistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read 從容器登錄中提取或取得映像。Pull or Get images from a container registry.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr pull",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPull",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPushAcrPush

acr push 深入瞭解acr push Learn more

動作Actions 描述Description
Microsoft. >microsoft.containerregistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read 從容器登錄中提取或取得映像。Pull or Get images from a container registry.
Microsoft. >microsoft.containerregistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write 將映像推送或寫入至容器登錄。Push or Write images to a container registry.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr push",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
  "name": "8311e382-0749-4cb8-b61a-304f252e45ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read",
        "Microsoft.ContainerRegistry/registries/push/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPush",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineReaderAcrQuarantineReader

從容器登錄中提取隔離的映射。Pull quarantined images from a container registry. 深入了解Learn more

動作Actions 描述Description
Microsoft. >microsoft.containerregistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read 從容器登錄中提取或取得隔離的映像Pull or Get quarantined images from container registry
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data reader",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
  "name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineReader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineWriterAcrQuarantineWriter

將隔離的映射推送至容器登錄,或從容器登錄提取隔離的映射。Push quarantined images to or pull quarantined images from a container registry. 深入了解Learn more

動作Actions 描述Description
Microsoft. >microsoft.containerregistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read 從容器登錄中提取或取得隔離的映像Pull or Get quarantined images from container registry
Microsoft. >microsoft.containerregistry/registries/quarantine/writeMicrosoft.ContainerRegistry/registries/quarantine/write 寫入/修改已隔離映像的隔離狀態Write/Modify quarantine state of quarantined images
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data writer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read",
        "Microsoft.ContainerRegistry/registries/quarantine/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineWriter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service 叢集管理員角色Azure Kubernetes Service Cluster Admin Role

列出叢集管理員認證動作。List cluster admin credential action. 深入了解Learn more

動作Actions 描述Description
Microsoft. >microsoft.containerservice/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action 列出受控叢集的 clusterAdmin 認證List the clusterAdmin credential of a managed cluster
Microsoft. >microsoft.containerservice/managedClusters/accessProfiles/listCredential/actionMicrosoft.ContainerService/managedClusters/accessProfiles/listCredential/action 使用清單認證依角色名稱取得受控叢集存取設定檔Get a managed cluster access profile by role name using list credential
Microsoft. >microsoft.containerservice/managedClusters/readMicrosoft.ContainerService/managedClusters/read 取得受控叢集Get a managed cluster
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster admin credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
        "Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster Admin Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service 叢集使用者角色Azure Kubernetes Service Cluster User Role

列出叢集使用者認證動作。List cluster user credential action. 深入了解Learn more

動作Actions 描述Description
Microsoft. >microsoft.containerservice/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action 列出受控叢集的 clusterUser 認證List the clusterUser credential of a managed cluster
Microsoft. >microsoft.containerservice/managedClusters/readMicrosoft.ContainerService/managedClusters/read 取得受控叢集Get a managed cluster
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster user credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster User Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service 參與者角色Azure Kubernetes Service Contributor Role

授與讀取和寫入 Azure Kubernetes Service 叢集的存取權 深入瞭解Grants access to read and write Azure Kubernetes Service clusters Learn more

動作Actions 描述Description
Microsoft. >microsoft.containerservice/managedClusters/readMicrosoft.ContainerService/managedClusters/read 取得受控叢集Get a managed cluster
Microsoft. >microsoft.containerservice/managedClusters/writeMicrosoft.ContainerService/managedClusters/write 建立新的受控叢集,或更新現有的受控叢集Creates a new managed cluster or updates an existing one
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read and write Azure Kubernetes Service clusters",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "name": "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/read",
        "Microsoft.ContainerService/managedClusters/write",
        "Microsoft.Resources/deployments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Contributor Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service RBAC 管理員Azure Kubernetes Service RBAC Admin

可讓您管理叢集/命名空間下的所有資源,但更新或刪除資源配額和命名空間除外。Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft .resources/deployments/writeMicrosoft.Resources/deployments/write 建立或更新部署。Creates or updates an deployment.
Microsoft .resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。Get the subscription operation results.
Microsoft .resources/subscriptions/readMicrosoft.Resources/subscriptions/read 取得訂用帳戶清單。Gets the list of subscriptions.
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft. >microsoft.containerservice/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action 列出受控叢集的 clusterUser 認證List the clusterUser credential of a managed cluster
NotActionsNotActions
none
DataActionsDataActions
Microsoft. >microsoft.containerservice/managedClusters/*Microsoft.ContainerService/managedClusters/*
NotDataActionsNotDataActions
Microsoft. >microsoft.containerservice/managedClusters/resourcequotas/writeMicrosoft.ContainerService/managedClusters/resourcequotas/write 寫入 resourcequotasWrites resourcequotas
Microsoft. >microsoft.containerservice/managedClusters/resourcequotas/deleteMicrosoft.ContainerService/managedClusters/resourcequotas/delete 刪除 resourcequotasDeletes resourcequotas
Microsoft. >microsoft.containerservice/managedClusters/namespaces/writeMicrosoft.ContainerService/managedClusters/namespaces/write 寫入命名空間Writes namespaces
Microsoft. >microsoft.containerservice/managedClusters/namespaces/deleteMicrosoft.ContainerService/managedClusters/namespaces/delete 刪除命名空間Deletes namespaces
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7",
  "name": "3498e952-d568-435e-9b2c-8d77e338d7f7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": [
        "Microsoft.ContainerService/managedClusters/resourcequotas/write",
        "Microsoft.ContainerService/managedClusters/resourcequotas/delete",
        "Microsoft.ContainerService/managedClusters/namespaces/write",
        "Microsoft.ContainerService/managedClusters/namespaces/delete"
      ]
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service RBAC 叢集管理員Azure Kubernetes Service RBAC Cluster Admin

可讓您管理叢集中的所有資源。Lets you manage all resources in the cluster. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft .resources/deployments/writeMicrosoft.Resources/deployments/write 建立或更新部署。Creates or updates an deployment.
Microsoft .resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。Get the subscription operation results.
Microsoft .resources/subscriptions/readMicrosoft.Resources/subscriptions/read 取得訂用帳戶清單。Gets the list of subscriptions.
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft. >microsoft.containerservice/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action 列出受控叢集的 clusterUser 認證List the clusterUser credential of a managed cluster
NotActionsNotActions
none
DataActionsDataActions
Microsoft. >microsoft.containerservice/managedClusters/*Microsoft.ContainerService/managedClusters/*
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources in the cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "name": "b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Cluster Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service RBAC 讀者Azure Kubernetes Service RBAC Reader

允許唯讀存取,以查看命名空間中的大部分物件。Allows read-only access to see most objects in a namespace. 它不允許查看角色或角色系結。It does not allow viewing roles or role bindings. 此角色不允許您查看秘密,因為讀取秘密的內容可讓您存取命名空間中的 ServiceAccount 認證,這會允許 API 存取做為命名空間中的任何 ServiceAccount () 的許可權擴大形式。This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). 在叢集範圍套用此角色可讓您存取所有命名空間。Applying this role at cluster scope will give access across all namespaces. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft .resources/deployments/writeMicrosoft.Resources/deployments/write 建立或更新部署。Creates or updates an deployment.
Microsoft .resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。Get the subscription operation results.
Microsoft .resources/subscriptions/readMicrosoft.Resources/subscriptions/read 取得訂用帳戶清單。Gets the list of subscriptions.
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
Microsoft. >microsoft.containerservice/managedClusters/apps/controllerrevisions/readMicrosoft.ContainerService/managedClusters/apps/controllerrevisions/read 讀取 controllerrevisionsReads controllerrevisions
Microsoft. >microsoft.containerservice/managedClusters/apps/daemonsets/readMicrosoft.ContainerService/managedClusters/apps/daemonsets/read 讀取 daemonsetReads daemonsets
Microsoft. >microsoft.containerservice/managedClusters/apps/deployments/readMicrosoft.ContainerService/managedClusters/apps/deployments/read 讀取部署Reads deployments
Microsoft. >microsoft.containerservice/managedClusters/apps/replicasets/readMicrosoft.ContainerService/managedClusters/apps/replicasets/read 讀取 replicasetReads replicasets
Microsoft. >microsoft.containerservice/managedClusters/apps/statefulsets/readMicrosoft.ContainerService/managedClusters/apps/statefulsets/read 讀取 statefulsetReads statefulsets
Microsoft. >microsoft.containerservice/managedClusters/autoscaling/horizontalpodautoscalers/readMicrosoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read 讀取 horizontalpodautoscalersReads horizontalpodautoscalers
Microsoft. >microsoft.containerservice/managedClusters/batch/cronjobs/readMicrosoft.ContainerService/managedClusters/batch/cronjobs/read 讀取 cronjobsReads cronjobs
Microsoft. >microsoft.containerservice/managedClusters/batch/jobs/readMicrosoft.ContainerService/managedClusters/batch/jobs/read 讀取作業Reads jobs
Microsoft. >microsoft.containerservice/managedClusters/configmaps/readMicrosoft.ContainerService/managedClusters/configmaps/read 讀取 configmapsReads configmaps
Microsoft. >microsoft.containerservice/managedClusters/endpoints/readMicrosoft.ContainerService/managedClusters/endpoints/read 讀取端點Reads endpoints
Microsoft. >microsoft.containerservice/managedClusters/events.k8s.io/events/readMicrosoft.ContainerService/managedClusters/events.k8s.io/events/read 讀取事件Reads events
Microsoft. >microsoft.containerservice/managedClusters/events/readMicrosoft.ContainerService/managedClusters/events/read 讀取事件Reads events
Microsoft. >microsoft.containerservice/managedClusters/extensions/daemonsets/readMicrosoft.ContainerService/managedClusters/extensions/daemonsets/read 讀取 daemonsetReads daemonsets
Microsoft. >microsoft.containerservice/managedClusters/extensions/deployments/readMicrosoft.ContainerService/managedClusters/extensions/deployments/read 讀取部署Reads deployments
Microsoft. >microsoft.containerservice/managedClusters/extensions/ingresses/readMicrosoft.ContainerService/managedClusters/extensions/ingresses/read 讀取 ingressesReads ingresses
Microsoft. >microsoft.containerservice/managedClusters/extensions/networkpolicies/readMicrosoft.ContainerService/managedClusters/extensions/networkpolicies/read 讀取 networkpoliciesReads networkpolicies
Microsoft. >microsoft.containerservice/managedClusters/extensions/replicasets/readMicrosoft.ContainerService/managedClusters/extensions/replicasets/read 讀取 replicasetReads replicasets
Microsoft. >microsoft.containerservice/managedClusters/limitranges/readMicrosoft.ContainerService/managedClusters/limitranges/read 讀取 limitrangesReads limitranges
Microsoft. >microsoft.containerservice/managedClusters/namespaces/readMicrosoft.ContainerService/managedClusters/namespaces/read 讀取命名空間Reads namespaces
Microsoft. >microsoft.containerservice/managedClusters/networking.k8s.io/ingresses/readMicrosoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read 讀取 ingressesReads ingresses
Microsoft. >microsoft.containerservice/managedClusters/networking.k8s.io/networkpolicies/readMicrosoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read 讀取 networkpoliciesReads networkpolicies
Microsoft. >microsoft.containerservice/managedClusters/persistentvolumeclaims/readMicrosoft.ContainerService/managedClusters/persistentvolumeclaims/read 讀取 persistentvolumeclaimsReads persistentvolumeclaims
Microsoft. >microsoft.containerservice/managedClusters/pods/readMicrosoft.ContainerService/managedClusters/pods/read 讀取 podReads pods
Microsoft. >microsoft.containerservice/managedClusters/policy/poddisruptionbudgets/readMicrosoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read 讀取 poddisruptionbudgetsReads poddisruptionbudgets
Microsoft. >microsoft.containerservice/managedClusters/replicationcontrollers/readMicrosoft.ContainerService/managedClusters/replicationcontrollers/read 讀取 replicationcontrollersReads replicationcontrollers
Microsoft. >microsoft.containerservice/managedClusters/replicationcontrollers/readMicrosoft.ContainerService/managedClusters/replicationcontrollers/read 讀取 replicationcontrollersReads replicationcontrollers
Microsoft. >microsoft.containerservice/managedClusters/resourcequotas/readMicrosoft.ContainerService/managedClusters/resourcequotas/read 讀取 resourcequotasReads resourcequotas
Microsoft. >microsoft.containerservice/managedClusters/serviceaccounts/readMicrosoft.ContainerService/managedClusters/serviceaccounts/read 讀取 serviceaccountsReads serviceaccounts
Microsoft. >microsoft.containerservice/managedClusters/services/readMicrosoft.ContainerService/managedClusters/services/read 讀取服務Reads services
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "name": "7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
        "Microsoft.ContainerService/managedClusters/apps/daemonsets/read",
        "Microsoft.ContainerService/managedClusters/apps/deployments/read",
        "Microsoft.ContainerService/managedClusters/apps/replicasets/read",
        "Microsoft.ContainerService/managedClusters/apps/statefulsets/read",
        "Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read",
        "Microsoft.ContainerService/managedClusters/batch/cronjobs/read",
        "Microsoft.ContainerService/managedClusters/batch/jobs/read",
        "Microsoft.ContainerService/managedClusters/configmaps/read",
        "Microsoft.ContainerService/managedClusters/endpoints/read",
        "Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
        "Microsoft.ContainerService/managedClusters/events/read",
        "Microsoft.ContainerService/managedClusters/extensions/daemonsets/read",
        "Microsoft.ContainerService/managedClusters/extensions/deployments/read",
        "Microsoft.ContainerService/managedClusters/extensions/ingresses/read",
        "Microsoft.ContainerService/managedClusters/extensions/networkpolicies/read",
        "Microsoft.ContainerService/managedClusters/extensions/replicasets/read",
        "Microsoft.ContainerService/managedClusters/limitranges/read",
        "Microsoft.ContainerService/managedClusters/namespaces/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read",
        "Microsoft.ContainerService/managedClusters/persistentvolumeclaims/read",
        "Microsoft.ContainerService/managedClusters/pods/read",
        "Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
        "Microsoft.ContainerService/managedClusters/resourcequotas/read",
        "Microsoft.ContainerService/managedClusters/serviceaccounts/read",
        "Microsoft.ContainerService/managedClusters/services/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service RBAC 寫入器Azure Kubernetes Service RBAC Writer

允許對命名空間中大部分物件的讀取/寫入存取。此角色不允許查看或修改角色或角色系結。Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. 不過,此角色可讓您存取秘密,並以命名空間中的任何 ServiceAccount 來執行 pod,讓它可以用來取得命名空間中任何 ServiceAccount 的 API 存取層級。However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. 在叢集範圍套用此角色可讓您存取所有命名空間。Applying this role at cluster scope will give access across all namespaces. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft .resources/deployments/writeMicrosoft.Resources/deployments/write 建立或更新部署。Creates or updates an deployment.
Microsoft .resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。Get the subscription operation results.
Microsoft .resources/subscriptions/readMicrosoft.Resources/subscriptions/read 取得訂用帳戶清單。Gets the list of subscriptions.
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
Microsoft. >microsoft.containerservice/managedClusters/apps/controllerrevisions/readMicrosoft.ContainerService/managedClusters/apps/controllerrevisions/read 讀取 controllerrevisionsReads controllerrevisions
Microsoft. >microsoft.containerservice/managedClusters/apps/daemonsets/*Microsoft.ContainerService/managedClusters/apps/daemonsets/*
Microsoft. >microsoft.containerservice/managedClusters/apps/deployments/*Microsoft.ContainerService/managedClusters/apps/deployments/*
Microsoft. >microsoft.containerservice/managedClusters/apps/replicasets/*Microsoft.ContainerService/managedClusters/apps/replicasets/*
Microsoft. >microsoft.containerservice/managedClusters/apps/statefulsets/*Microsoft.ContainerService/managedClusters/apps/statefulsets/*
Microsoft. >microsoft.containerservice/managedClusters/autoscaling/horizontalpodautoscalers/*Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*
Microsoft. >microsoft.containerservice/managedClusters/batch/cronjobs/*Microsoft.ContainerService/managedClusters/batch/cronjobs/*
Microsoft. >microsoft.containerservice/managedClusters/batch/jobs/*Microsoft.ContainerService/managedClusters/batch/jobs/*
Microsoft. >microsoft.containerservice/managedClusters/configmaps/*Microsoft.ContainerService/managedClusters/configmaps/*
Microsoft. >microsoft.containerservice/managedClusters/endpoints/*Microsoft.ContainerService/managedClusters/endpoints/*
Microsoft. >microsoft.containerservice/managedClusters/events.k8s.io/events/readMicrosoft.ContainerService/managedClusters/events.k8s.io/events/read 讀取事件Reads events
Microsoft. >microsoft.containerservice/managedClusters/events/readMicrosoft.ContainerService/managedClusters/events/read 讀取事件Reads events
Microsoft. >microsoft.containerservice/managedClusters/extensions/daemonsets/*Microsoft.ContainerService/managedClusters/extensions/daemonsets/*
Microsoft. >microsoft.containerservice/managedClusters/extensions/deployments/*Microsoft.ContainerService/managedClusters/extensions/deployments/*
Microsoft. >microsoft.containerservice/managedClusters/extensions/ingresses/*Microsoft.ContainerService/managedClusters/extensions/ingresses/*
Microsoft. >microsoft.containerservice/managedClusters/extensions/networkpolicies/*Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*
Microsoft. >microsoft.containerservice/managedClusters/extensions/replicasets/*Microsoft.ContainerService/managedClusters/extensions/replicasets/*
Microsoft. >microsoft.containerservice/managedClusters/limitranges/readMicrosoft.ContainerService/managedClusters/limitranges/read 讀取 limitrangesReads limitranges
Microsoft. >microsoft.containerservice/managedClusters/namespaces/readMicrosoft.ContainerService/managedClusters/namespaces/read 讀取命名空間Reads namespaces
Microsoft. >microsoft.containerservice/managedClusters/networking.k8s.io/ingresses/*Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*
Microsoft. >microsoft.containerservice/managedClusters/networking.k8s.io/networkpolicies/*Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*
Microsoft. >microsoft.containerservice/managedClusters/persistentvolumeclaims/*Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*
Microsoft. >microsoft.containerservice/managedClusters/pods/*Microsoft.ContainerService/managedClusters/pods/*
Microsoft. >microsoft.containerservice/managedClusters/policy/poddisruptionbudgets/*Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*
Microsoft. >microsoft.containerservice/managedClusters/replicationcontrollers/*Microsoft.ContainerService/managedClusters/replicationcontrollers/*
Microsoft. >microsoft.containerservice/managedClusters/replicationcontrollers/*Microsoft.ContainerService/managedClusters/replicationcontrollers/*
Microsoft. >microsoft.containerservice/managedClusters/resourcequotas/readMicrosoft.ContainerService/managedClusters/resourcequotas/read 讀取 resourcequotasReads resourcequotas
Microsoft. >microsoft.containerservice/managedClusters/secrets/*Microsoft.ContainerService/managedClusters/secrets/*
Microsoft. >microsoft.containerservice/managedClusters/serviceaccounts/*Microsoft.ContainerService/managedClusters/serviceaccounts/*
Microsoft. >microsoft.containerservice/managedClusters/services/*Microsoft.ContainerService/managedClusters/services/*
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "name": "a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
        "Microsoft.ContainerService/managedClusters/apps/daemonsets/*",
        "Microsoft.ContainerService/managedClusters/apps/deployments/*",
        "Microsoft.ContainerService/managedClusters/apps/replicasets/*",
        "Microsoft.ContainerService/managedClusters/apps/statefulsets/*",
        "Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*",
        "Microsoft.ContainerService/managedClusters/batch/cronjobs/*",
        "Microsoft.ContainerService/managedClusters/batch/jobs/*",
        "Microsoft.ContainerService/managedClusters/configmaps/*",
        "Microsoft.ContainerService/managedClusters/endpoints/*",
        "Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
        "Microsoft.ContainerService/managedClusters/events/read",
        "Microsoft.ContainerService/managedClusters/extensions/daemonsets/*",
        "Microsoft.ContainerService/managedClusters/extensions/deployments/*",
        "Microsoft.ContainerService/managedClusters/extensions/ingresses/*",
        "Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*",
        "Microsoft.ContainerService/managedClusters/extensions/replicasets/*",
        "Microsoft.ContainerService/managedClusters/limitranges/read",
        "Microsoft.ContainerService/managedClusters/namespaces/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*",
        "Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*",
        "Microsoft.ContainerService/managedClusters/pods/*",
        "Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
        "Microsoft.ContainerService/managedClusters/resourcequotas/read",
        "Microsoft.ContainerService/managedClusters/secrets/*",
        "Microsoft.ContainerService/managedClusters/serviceaccounts/*",
        "Microsoft.ContainerService/managedClusters/services/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

資料庫Databases

Cosmos DB 帳戶讀者角色Cosmos DB Account Reader Role

可以讀取 Azure Cosmos DB 帳戶資料。Can read Azure Cosmos DB account data. 請參閱 DocumentDB 帳戶參與者以管理 Azure Cosmos DB 帳戶。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.DocumentDB/*/readMicrosoft.DocumentDB/*/read 讀取任何集合Read any collection
Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action 讀取資料庫帳戶的唯讀金鑰。Reads the database account readonly keys.
Microsoft Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read 讀取計量定義Read metric definitions
Microsoft Insights/Metrics/readMicrosoft.Insights/Metrics/read 讀取計量Read metrics
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read Azure Cosmos DB Accounts data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDB/*/read",
        "Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
        "Microsoft.Insights/MetricDefinitions/read",
        "Microsoft.Insights/Metrics/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Account Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cosmos DB 操作員Cosmos DB Operator

可讓您管理 Azure Cosmos DB 帳戶,但無法存取其中的資料。Lets you manage Azure Cosmos DB accounts, but not access data in them. 防止存取帳戶金鑰和連接字串。Prevents access to account keys and connection strings. 深入了解Learn more

動作Actions 描述Description
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/*
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft. Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable.
NotActionsNotActions
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*
Microsoft.DocumentDB/databaseAccounts/regenerateKey/*Microsoft.DocumentDB/databaseAccounts/regenerateKey/*
Microsoft.DocumentDB/databaseAccounts/listKeys/*Microsoft.DocumentDB/databaseAccounts/listKeys/*
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/writeMicrosoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write 建立或更新 SQL 角色定義Create or update a SQL Role Definition
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/deleteMicrosoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/delete 刪除 SQL 角色定義Delete a SQL Role Definition
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/writeMicrosoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write 建立或更新 SQL 角色指派Create or update a SQL Role Assignment
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/deleteMicrosoft.DocumentDB/databaseAccounts/sqlRoleAssignments/delete 刪除 SQL 角色指派Delete a SQL Role Assignment
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
  "name": "230815da-be43-4aae-9cb4-875f7bd000aa",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [
        "Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
        "Microsoft.DocumentDB/databaseAccounts/listKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/delete",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosBackupOperatorCosmosBackupOperator

可以提交 Cosmos DB 資料庫或帳戶的容器的還原要求 深入瞭解Can submit restore request for a Cosmos DB database or a container for an account Learn more

動作Actions 描述Description
Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action 提交要求以設定備份Submit a request to configure backup
Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action 提交還原要求Submit a restore request
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can submit restore request for a Cosmos DB database or a container for an account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/databaseAccounts/backup/action",
        "Microsoft.DocumentDB/databaseAccounts/restore/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosBackupOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosRestoreOperatorCosmosRestoreOperator

可以針對具有連續備份模式 Cosmos DB 資料庫帳戶執行還原動作Can perform restore action for Cosmos DB database account with continuous backup mode

動作Actions 描述Description
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/actionMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action 提交還原要求Submit a restore request
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/readMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/*/read
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/readMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/read 讀取可還原的資料庫帳戶,或列出所有可還原的資料庫帳戶Read a restorable database account or List all the restorable database accounts
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform restore action for Cosmos DB database account with continuous backup mode",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5432c526-bc82-444a-b7ba-57c5b0b5b34f",
  "name": "5432c526-bc82-444a-b7ba-57c5b0b5b34f",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action",
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/read",
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosRestoreOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DocumentDB 帳戶參與者DocumentDB Account Contributor

可以管理 Azure Cosmos DB 帳戶。Can manage Azure Cosmos DB accounts. Azure Cosmos DB 先前稱為 DocumentDB。Azure Cosmos DB is formerly known as DocumentDB. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* 建立及管理 Azure Cosmos DB 帳戶Create and manage Azure Cosmos DB accounts
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft. Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DocumentDB accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
  "name": "5bd9cd88-fe45-4216-938b-f97437e15450",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DocumentDB Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Redis 快取參與者Redis Cache Contributor

可讓您管理 Redis 快取,但無法存取它們。Lets you manage Redis caches, but not access to them.

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft. Cache/register/actionMicrosoft.Cache/register/action 向訂用帳戶註冊 'Microsoft.Cache' 資源提供者Registers the 'Microsoft.Cache' resource provider with a subscription
Microsoft. Cache/redis/*Microsoft.Cache/redis/* 建立和管理 Redis 快取Create and manage Redis caches
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Redis caches, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
  "name": "e0f68234-74aa-48ed-b826-c38b57376e17",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cache/register/action",
        "Microsoft.Cache/redis/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Redis Cache Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL DB 參與者SQL DB Contributor

可讓您管理 SQL 資料庫,但無法存取它們。Lets you manage SQL databases, but not access to them. 此外,您也無法管理其安全性相關原則或其父 SQL 伺服器。Also, you can't manage their security-related policies or their parent SQL servers. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
/Locations/*/readMicrosoft.Sql/locations/*/read
/Servers/databases/*Microsoft.Sql/servers/databases/* 建立和管理 SQL 資料庫Create and manage SQL databases
Microsoft .sql/servers/readMicrosoft.Sql/servers/read 傳回伺服器清單,或取得指定伺服器的屬性。Return the list of servers or gets the properties for the specified server.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft Insights/metrics/readMicrosoft.Insights/metrics/read 讀取計量Read metrics
Microsoft Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 讀取計量定義Read metric definitions
NotActionsNotActions
/ManagedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
/ManagedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
/ManagedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
/ManagedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
/ManagedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
/ManagedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
/ManagedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
/ManagedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
/Servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* 編輯稽核設定Edit audit settings
Microsoft .Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 擷取資料庫 Blob 稽核記錄Retrieve the database blob audit records
/Servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
/Servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* 編輯資料遮罩原則Edit data masking policies
/Servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
/Servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
/Servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
/Servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* 編輯安全性警示原則Edit security alert policies
/Servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* 編輯安全性計量Edit security metrics
/Servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
/Servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
/Servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
/Servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
/Servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/databases/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL DB Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL 受控執行個體參與者SQL Managed Instance Contributor

可讓您管理 SQL 受控執行個體和必要的網路設定,但無法將存取權授與其他人。Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.

動作Actions 描述Description
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft. Network/networkSecurityGroups/*Microsoft.Network/networkSecurityGroups/*
Microsoft. Network/routeTables/*Microsoft.Network/routeTables/*
/Locations/*/readMicrosoft.Sql/locations/*/read
/Locations/instanceFailoverGroups/*Microsoft.Sql/locations/instanceFailoverGroups/*
/ManagedInstances/*Microsoft.Sql/managedInstances/*
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft. Network/virtualNetworks/subnets/*Microsoft.Network/virtualNetworks/subnets/*
Microsoft. Network/virtualNetworks/*Microsoft.Network/virtualNetworks/*
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft Insights/metrics/readMicrosoft.Insights/metrics/read 讀取計量Read metrics
Microsoft Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 讀取計量定義Read metric definitions
NotActionsNotActions
Microsoft .Sql/managedInstances/azureADOnlyAuthentications/deleteMicrosoft.Sql/managedInstances/azureADOnlyAuthentications/delete 只 Azure Active Directory authentication 物件刪除特定的受管理伺服器Deletes a specific managed server Azure Active Directory only authentication object
Microsoft .Sql/managedInstances/azureADOnlyAuthentications/writeMicrosoft.Sql/managedInstances/azureADOnlyAuthentications/write 新增或更新特定的受管理伺服器 Azure Active Directory 僅限驗證物件Adds or updates a specific managed server Azure Active Directory only authentication object
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Network/networkSecurityGroups/*",
        "Microsoft.Network/routeTables/*",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/locations/instanceFailoverGroups/*",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/*",
        "Microsoft.Network/virtualNetworks/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/delete",
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/write"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Managed Instance Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL 安全性管理員SQL Security Manager

可讓您管理 SQL 伺服器及資料庫的安全性相關原則,但無法存取它們。Lets you manage the security-related policies of SQL servers and databases, but not access to them. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable.
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft .Sql/locations/administratorAzureAsyncOperation/readMicrosoft.Sql/locations/administratorAzureAsyncOperation/read 取得受控實例的 azure async 系統管理員作業結果。Gets the Managed instance azure async administrator operations result.
/ManagedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
/ManagedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
/ManagedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
/ManagedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
/ManagedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
/ManagedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
/ManagedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
/ManagedInstances/databases/transparentDataEncryption/*Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*
/ManagedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
/Servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* 建立和管理 SQL Server 稽核設定Create and manage SQL server auditing setting
Microsoft .Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read 擷取指定伺服器上所設定之擴充伺服器 Blob 稽核原則的詳細資料Retrieve details of the extended server blob auditing policy configured on a given server
/Servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* 建立和管理 SQL Server 資料庫稽核設定Create and manage SQL server database auditing settings
Microsoft .Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 擷取資料庫 Blob 稽核記錄Retrieve the database blob audit records
/Servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
/Servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* 建立和管理 SQL Server 資料庫資料遮罩原則Create and manage SQL server database data masking policies
Microsoft .Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read 擷取指定資料庫上所設定之擴充 Blob 稽核原則的詳細資料Retrieve details of the extended blob auditing policy configured on a given database
Microsoft .sql/servers/databases/readMicrosoft.Sql/servers/databases/read 傳回資料庫清單,或取得指定資料庫的屬性。Return the list of databases or gets the properties for the specified database.
/Servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft .sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read 取得資料庫結構描述。Get a database schema.
Microsoft .sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read 取得資料庫資料行。Get a database column.
/Servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft .sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read 取得資料庫資料表。Get a database table.
/Servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* 建立和管理 SQL Server 資料庫安全性警示原則Create and manage SQL server database security alert policies
/Servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* 建立和管理 SQL Server 資料庫安全性度量Create and manage SQL server database security metrics
/Servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
/Servers/databases/transparentDataEncryption/*Microsoft.Sql/servers/databases/transparentDataEncryption/*
/Servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
/Servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
/Servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
/Servers/devOpsAuditingSettings/*Microsoft.Sql/servers/devOpsAuditingSettings/*
/Servers/firewallRules/*Microsoft.Sql/servers/firewallRules/*
Microsoft .sql/servers/readMicrosoft.Sql/servers/read 傳回伺服器清單,或取得指定伺服器的屬性。Return the list of servers or gets the properties for the specified server.
/Servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* 建立和管理 SQL Server 安全性警示原則Create and manage SQL server security alert policies
/Servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
/Servers/azureADOnlyAuthentications/*Microsoft.Sql/servers/azureADOnlyAuthentications/*
Microsoft .Sql/managedInstances/readMicrosoft.Sql/managedInstances/read 傳回受控執行個體的清單,或取得指定受控執行個體的屬性。Return the list of managed instances or gets the properties for the specified managed instance.
/ManagedInstances/azureADOnlyAuthentications/*Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*
Microsoft. Security/sqlVulnerabilityAssessments/*Microsoft.Security/sqlVulnerabilityAssessments/*
Microsoft .Sql/managedInstances/administrators/readMicrosoft.Sql/managedInstances/administrators/read 取得受控執行個體系統管理員的清單。Gets a list of managed instance administrators.
Microsoft .sql/servers/administrators/readMicrosoft.Sql/servers/administrators/read 取得特定的 Azure Active Directory 系統管理員物件Gets a specific Azure Active Directory administrator object
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/administratorAzureAsyncOperation/read",
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/read",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/read",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/transparentDataEncryption/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/devOpsAuditingSettings/*",
        "Microsoft.Sql/servers/firewallRules/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Support/*",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/*",
        "Microsoft.Sql/managedInstances/read",
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*",
        "Microsoft.Security/sqlVulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/administrators/read",
        "Microsoft.Sql/servers/administrators/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Security Manager",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL Server 參與者SQL Server Contributor

可讓您管理 SQL 伺服器及資料庫,但無法存取這些伺服器及資料庫,也無法存取其安全性相關原則。Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
/Locations/*/readMicrosoft.Sql/locations/*/read
/Servers/*Microsoft.Sql/servers/* 建立和管理 SQL ServerCreate and manage SQL servers
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft Insights/metrics/readMicrosoft.Insights/metrics/read 讀取計量Read metrics
Microsoft Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 讀取計量定義Read metric definitions
NotActionsNotActions
/ManagedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
/ManagedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
/ManagedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
/ManagedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
/ManagedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
/ManagedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
/ManagedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
/ManagedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
/Servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* 編輯 SQL Server 稽核設定Edit SQL server auditing settings
/Servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* 編輯 SQL Server 資料庫稽核設定Edit SQL server database auditing settings
Microsoft .Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 擷取資料庫 Blob 稽核記錄Retrieve the database blob audit records
/Servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
/Servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* 編輯 SQL Server 資料庫資料遮罩原則Edit SQL server database data masking policies
/Servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
/Servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
/Servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
/Servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* 編輯 SQL Server 資料庫安全性警示原則Edit SQL server database security alert policies
/Servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* 編輯 SQL Server 資料庫安全性度量Edit SQL server database security metrics
/Servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
/Servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
/Servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
/Servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
/Servers/devOpsAuditingSettings/*Microsoft.Sql/servers/devOpsAuditingSettings/*
/Servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/*
/Servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* 編輯 SQL Server 安全性警示原則Edit SQL server security alert policies
/Servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft .Sql/servers/azureADOnlyAuthentications/deleteMicrosoft.Sql/servers/azureADOnlyAuthentications/delete 只 Azure Active Directory authentication 物件刪除特定伺服器Deletes a specific server Azure Active Directory only authentication object
Microsoft .Sql/servers/azureADOnlyAuthentications/writeMicrosoft.Sql/servers/azureADOnlyAuthentications/write 將特定伺服器新增或更新 Azure Active Directory 只有驗證物件Adds or updates a specific server Azure Active Directory only authentication object
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/*",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/devOpsAuditingSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/delete",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/write"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Server Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

分析Analytics

Azure 事件中樞資料擁有者Azure Event Hubs Data Owner

允許完整存取 Azure 事件中樞資源。Allows for full access to Azure Event Hubs resources. 深入了解Learn more

動作Actions 描述Description
Microsoft EventHub/*Microsoft.EventHub/*
NotActionsNotActions
none
DataActionsDataActions
Microsoft EventHub/*Microsoft.EventHub/*
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
  "name": "f526a384-b230-433a-b45c-95f59c4a2dec",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 事件中樞資料接收者Azure Event Hubs Data Receiver

允許接收 Azure 事件中樞資源。Allows receive access to Azure Event Hubs resources. 深入了解Learn more

動作Actions 描述Description
Microsoft EventHub/*/eventhubs/consumergroups/readMicrosoft.EventHub/*/eventhubs/consumergroups/read
NotActionsNotActions
none
DataActionsDataActions
Microsoft EventHub/*/receive/actionMicrosoft.EventHub/*/receive/action
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows receive access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/consumergroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 事件中樞資料傳送者Azure Event Hubs Data Sender

允許傳送 Azure 事件中樞資源。Allows send access to Azure Event Hubs resources. 深入了解Learn more

動作Actions 描述Description
Microsoft EventHub/*/eventhubs/readMicrosoft.EventHub/*/eventhubs/read
NotActionsNotActions
none
DataActionsDataActions
Microsoft EventHub/*/send/actionMicrosoft.EventHub/*/send/action
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows send access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
  "name": "2b629674-e913-4c01-ae53-ef4638d8f975",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Factory 參與者Data Factory Contributor

建立和管理 Data Factory,以及其中的子資源。Create and manage data factories, as well as child resources within them. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft. DataFactory/dataFactories/*Microsoft.DataFactory/dataFactories/* 建立和管理 Data Factory 以及其中的子資源。Create and manage data factories, and child resources within them.
Microsoft. DataFactory/factories/*Microsoft.DataFactory/factories/* 建立和管理 Data Factory 以及其中的子資源。Create and manage data factories, and child resources within them.
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft. EventGrid/eventSubscriptions/writeMicrosoft.EventGrid/eventSubscriptions/write 建立或更新 eventSubscriptionCreate or update an eventSubscription
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and manage data factories, as well as child resources within them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
  "name": "673868aa-7521-48a0-acc6-0f60742d39f5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DataFactory/dataFactories/*",
        "Microsoft.DataFactory/factories/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.EventGrid/eventSubscriptions/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Factory Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

資料清除者Data Purger

從 Log Analytics 工作區刪除私用資料。Delete private data from a Log Analytics workspace. 深入了解Learn more

動作Actions 描述Description
/Components/*/readMicrosoft.Insights/components/*/read
Microsoft Insights/components/purge/actionMicrosoft.Insights/components/purge/action 從 Application Insights 清除資料Purging data from Application Insights
Microsoft. OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read 檢視記錄分析資料View log analytics data
Microsoft. OperationalInsights/workspaces/purge/actionMicrosoft.OperationalInsights/workspaces/purge/action 從工作區刪除指定的資料Delete specified data from workspace
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can purge analytics data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/components/*/read",
        "Microsoft.Insights/components/purge/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/purge/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Purger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

HDInsight 叢集操作員HDInsight Cluster Operator

可讓您讀取和修改 HDInsight 叢集設定。Lets you read and modify HDInsight cluster configurations. 深入了解Learn more

動作Actions 描述Description
Microsoft HDInsight/*/readMicrosoft.HDInsight/*/read
Microsoft HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action 取得 HDInsight 叢集的閘道設定Get gateway settings for HDInsight Cluster
Microsoft HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action 更新 HDInsight 叢集的閘道設定Update gateway settings for HDInsight Cluster
Microsoft HDInsight/clusters/configurations/*Microsoft.HDInsight/clusters/configurations/*
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft .resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 取得或列出部署作業。Gets or lists deployment operations.
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and modify HDInsight cluster configurations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
  "name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
  "permissions": [
    {
      "actions": [
        "Microsoft.HDInsight/*/read",
        "Microsoft.HDInsight/clusters/getGatewaySettings/action",
        "Microsoft.HDInsight/clusters/updateGatewaySettings/action",
        "Microsoft.HDInsight/clusters/configurations/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Cluster Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

HDInsight 網域服務參與者HDInsight Domain Services Contributor

可以讀取、建立、修改和刪除 HDInsight 所需的網域服務相關作業企業安全性套件 深入瞭解Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package Learn more

動作Actions 描述Description
MICROSOFT AAD/*/readMicrosoft.AAD/*/read
MICROSOFT AAD/domainServices/*/readMicrosoft.AAD/domainServices/*/read
MICROSOFT AAD/domainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/*
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "permissions": [
    {
      "actions": [
        "Microsoft.AAD/*/read",
        "Microsoft.AAD/domainServices/*/read",
        "Microsoft.AAD/domainServices/oucontainer/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Domain Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Log Analytics 參與者Log Analytics Contributor

「Log Analytics 參與者」角色可以讀取所有監視資料和編輯監視設定。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 編輯監視設定包括將 VM 延伸模組新增至 VM、讀取儲存體帳戶金鑰以便能夠設定從「Azure 儲存體」收集記錄、建立及設定「自動化」帳戶、新增解決方案,以及設定所有 Azure 資源上的 Azure 診斷。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. 深入了解Learn more

動作Actions 描述Description
*/read*/read 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets.
Microsoft. Automation/automationAccounts/*Microsoft.Automation/automationAccounts/*
Microsoft. Microsoft.classiccompute/virtualMachines/extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/*
Microsoft. Microsoft.classicstorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action 列出儲存體帳戶的存取金鑰。Lists the access keys for the storage accounts.
Microsoft. Compute/virtualMachines/extensions/*Microsoft.Compute/virtualMachines/extensions/*
Microsoft. HybridCompute/machines/extensions/writeMicrosoft.HybridCompute/machines/extensions/write 安裝或更新 Azure Arc 擴充Installs or Updates an Azure Arc extensions
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 建立、更新或讀取 Analysis Server 的診斷設定Creates, updates, or reads the diagnostic setting for Analysis Server
OperationalInsights/*Microsoft.OperationalInsights/*
Microsoft.operationsmanagement/*Microsoft.OperationsManagement/*
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft. 儲存體/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Automation/automationAccounts/*",
        "Microsoft.ClassicCompute/virtualMachines/extensions/*",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.Compute/virtualMachines/extensions/*",
        "Microsoft.HybridCompute/machines/extensions/write",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.OperationalInsights/*",
        "Microsoft.OperationsManagement/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Log Analytics 讀者Log Analytics Reader

「Log Analytics 讀者」可以檢視和搜尋所有監視資料,以及檢視監視設定,包括檢視所有 Azure 資源上的 Azure 診斷設定。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. 深入了解Learn more

動作Actions 描述Description
*/read*/read 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets.
Microsoft. OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action 使用新的引擎進行搜尋。Search using new engine.
Microsoft. OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action 執行搜尋查詢Executes a search query
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
Microsoft. OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read 擷取工作區的共用金鑰。Retrieves the shared keys for the workspace. 這些金鑰可用來將 Microsoft Operational Insights 代理程式連線到工作區。These keys are used to connect Microsoft Operational Insights agents to the workspace.
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
  "name": "73c42c96-874c-492b-b04d-ab87d138a893",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.OperationalInsights/workspaces/sharedKeys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

範疇資料編者Purview Data Curator

範疇資料編者可以建立、讀取、修改和刪除目錄資料物件,以及建立物件之間的關聯性。The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. 此角色目前為預覽狀態,可能會變更。This role is in preview and subject to change.

動作Actions 描述Description
Microsoft. 範疇/accounts/readMicrosoft.Purview/accounts/read 讀取 Microsoft 範疇提供者的帳戶資源。Read account resource for Microsoft Purview provider.
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 範疇/accounts/data/readMicrosoft.Purview/accounts/data/read 讀取資料物件。Read data objects.
Microsoft. 範疇/accounts/data/writeMicrosoft.Purview/accounts/data/write 建立、更新和刪除資料物件。Create, update and delete data objects.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a3c2885-9b38-4fd2-9d99-91af537c1347",
  "name": "8a3c2885-9b38-4fd2-9d99-91af537c1347",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/data/read",
        "Microsoft.Purview/accounts/data/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Curator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

範疇資料讀取器Purview Data Reader

範疇資料讀取器可以讀取目錄資料物件。The Microsoft.Purview data reader can read catalog data objects. 此角色目前為預覽狀態,可能會變更。This role is in preview and subject to change.

動作Actions 描述Description
Microsoft. 範疇/accounts/readMicrosoft.Purview/accounts/read 讀取 Microsoft 範疇提供者的帳戶資源。Read account resource for Microsoft Purview provider.
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 範疇/accounts/data/readMicrosoft.Purview/accounts/data/read 讀取資料物件。Read data objects.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data reader can read catalog data objects. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ff100721-1b9d-43d8-af52-42b69c1272db",
  "name": "ff100721-1b9d-43d8-af52-42b69c1272db",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/data/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

範疇資料來源管理員Purview Data Source Administrator

範疇資料來源管理員可以管理資料來源和資料掃描。The Microsoft.Purview data source administrator can manage data sources and data scans. 此角色目前為預覽狀態,可能會變更。This role is in preview and subject to change.

動作Actions 描述Description
Microsoft. 範疇/accounts/readMicrosoft.Purview/accounts/read 讀取 Microsoft 範疇提供者的帳戶資源。Read account resource for Microsoft Purview provider.
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 範疇/accounts/scan/readMicrosoft.Purview/accounts/scan/read 讀取資料來源和掃描。Read data sources and scans.
Microsoft. 範疇/accounts/scan/writeMicrosoft.Purview/accounts/scan/write 建立、更新和刪除資料來源,以及管理掃描。Create, update and delete data sources and manage scans.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data source administrator can manage data sources and data scans. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/200bba9e-f0c8-430f-892b-6f0794863803",
  "name": "200bba9e-f0c8-430f-892b-6f0794863803",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/scan/read",
        "Microsoft.Purview/accounts/scan/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Source Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

結構描述登錄參與者 (預覽)Schema Registry Contributor (Preview)

讀取、寫入及刪除結構描述登錄群組和結構描述。Read, write, and delete Schema Registry groups and schemas.

動作Actions 描述Description
/Namespaces/schemagroups/*Microsoft.EventHub/namespaces/schemagroups/*
NotActionsNotActions
none
DataActionsDataActions
/Namespaces/schemas/*Microsoft.EventHub/namespaces/schemas/*
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read, write, and delete Schema Registry groups and schemas.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
  "name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Contributor (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

結構描述登錄讀取器 (預覽)Schema Registry Reader (Preview)

讀取並列出結構描述登錄群組和結構描述。Read and list Schema Registry groups and schemas.

動作Actions 描述Description
/Namespaces/schemagroups/readMicrosoft.EventHub/namespaces/schemagroups/read 取得 SchemaGroup 資源描述的清單Get list of SchemaGroup Resource Descriptions
NotActionsNotActions
none
DataActionsDataActions
/Namespaces/schemas/readMicrosoft.EventHub/namespaces/schemas/read 取出架構Retrieve schemas
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read and list Schema Registry groups and schemas.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

區塊鏈Blockchain

區塊鏈成員節點存取 (預覽)Blockchain Member Node Access (Preview)

允許存取區塊鏈成員節點 深入瞭解Allows for access to Blockchain Member nodes Learn more

動作Actions 描述Description
Microsoft. 區塊鏈/blockchainMembers/transactionNodes/readMicrosoft.Blockchain/blockchainMembers/transactionNodes/read 取得或列出現有的區塊鏈成員交易節點。Gets or Lists existing Blockchain Member Transaction Node(s).
NotActionsNotActions
none
DataActionsDataActions
Microsoft. 區塊鏈/blockchainMembers/transactionNodes/connect/actionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action 連線至區塊鏈成員交易節點。Connects to a Blockchain Member Transaction Node.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for access to Blockchain Member nodes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "permissions": [
    {
      "actions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Blockchain Member Node Access (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AI + 機器學習AI + machine learning

認知服務參與者Cognitive Services Contributor

可讓您建立、讀取、更新、刪除及管理認知服務的金鑰。Lets you create, read, update, delete and manage keys of Cognitive Services. 深入了解Learn more

動作Actions 描述Description
Microsoft 授權/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
CognitiveServices/*Microsoft.CognitiveServices/*
Microsoft. 功能/features/readMicrosoft.Features/features/read 取得訂用帳戶的功能。Gets the features of a subscription.
Microsoft. 功能/providers/features/readMicrosoft.Features/providers/features/read 取得給定資源提供者中某個訂用帳戶的功能。Gets the feature of a subscription in a given resource provider.
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 建立、更新或讀取 Analysis Server 的診斷設定Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read 讀取記錄定義Read log definitions
Microsoft Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read 讀取計量定義Read metric definitions
Microsoft Insights/metrics/readMicrosoft.Insights/metrics/read 讀取計量Read metrics
Microsoft. ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft .resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft .resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 取得或列出部署作業。Gets or lists deployment operations.
Microsoft .resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。Get the subscription operation results.
Microsoft .resources/subscriptions/readMicrosoft.Resources/subscriptions/read 取得訂用帳戶清單。Gets the list of subscriptions.
Microsoft .resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft .Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft 支援/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*",
        "Microsoft.Features/features/read",
        "Microsoft.Features/providers/features/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

認知服務自訂視覺參與者Cognitive Services Custom Vision Contributor

專案的完整存取權,包括查看、建立、編輯或刪除專案的能力。Full access to the project, including the ability to view, create, edit, or delete projects. 深入了解Learn more

動作Actions 描述Description
CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotActionsNotActions
none
DataActionsDataActions
Microsoft. CognitiveServices/accounts/CustomVision/*Microsoft.CognitiveServices/accounts/CustomVision/*
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to the project, including the ability to view, create, edit, or delete projects.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Custom Vision Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

認知服務自訂視覺部署Cognitive Services Custom Vision Deployment

發行、取消發行或匯出模型。Publish, unpublish or export models. 部署可查看專案,但無法更新。Deployment can view the project but can't update. 深入了解Learn more

動作Actions 描述Description
CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotActionsNotActions
none
DataActionsDataActions
Microsoft. CognitiveServices/accounts/CustomVision/*/readMicrosoft.CognitiveServices/accounts/CustomVision/*/read
Microsoft. CognitiveServices/accounts/CustomVision/projects/predictions/*Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*
Microsoft. CognitiveServices/accounts/CustomVision/projects/iterations/publish/*Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*
Microsoft. CognitiveServices/accounts/CustomVision/projects/iterations/export/*Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*
Microsoft. CognitiveServices/accounts/CustomVision/projects/quicktest/*Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*
Microsoft. CognitiveServices/accounts/CustomVision/classify/*Microsoft.CognitiveServices/accounts/CustomVision/classify/*
Microsoft. CognitiveServices/accounts/CustomVision/detect/*Microsoft.CognitiveServices/accounts/CustomVision/detect/*
NotDataActionsNotDataActions
Microsoft. CognitiveServices/accounts/CustomVision/projects/export/readMicrosoft.CognitiveServices/accounts/CustomVision/projects/export/read 匯出專案。Exports a project.
{
  "assignableScopes": [
    "/"
  ],
  "description": "Publish, unpublish or export models. Deployment can view the project but can't update.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f",
  "name": "5c4089e1-6d96-4d2f-b296-c1bc7137275f",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/classify/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/detect/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Deployment",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

認知服務自訂視覺標籤人員Cognitive Services Custom Vision Labeler

查看、編輯定型影像,以及建立、新增、移除或刪除影像標記。View, edit training images and create, add, remove, or delete the image tags. 標籤者可查看專案,但無法更新定型影像和標記以外的任何專案。Labelers can view the project but can't update anything other than training images and tags. 深入了解Learn more

動作Actions 描述Description
CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotActionsNotActions
none
DataActionsDataActions
Microsoft. CognitiveServices/accounts/CustomVision/*/readMicrosoft.CognitiveServices/accounts/CustomVision/*/read
Microsoft. CognitiveServices/accounts/CustomVision/projects/predictions/query/actionMicrosoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action 取得已傳送至您預測端點的影像。Get images that were sent to your prediction endpoint.
Microsoft. CognitiveServices/accounts/CustomVision/projects/images/*Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*
Microsoft. CognitiveServices/accounts/CustomVision/projects/tags/*Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*
Microsoft. CognitiveServices/accounts/CustomVision/projects/images/suggested/*Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*
Microsoft. CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/actionMicrosoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action 此 API 會針對未標記影像的陣列/批次,以及標記的 confidences 取得建議的標記和區域。This API will get suggested tags and regions for an array/batch of untagged images along with confidences for the tags. 如果找不到標記,則會傳回空陣列。It returns an empty array if no tags are found.
NotDataActionsNotDataActions
Microsoft. CognitiveServices/accounts/CustomVision/projects/export/readMicrosoft.CognitiveServices/accounts/CustomVision/projects/export/read 匯出專案。Exports a project.
{
  "assignableScopes": [
    "/"
  ],
  "description": "View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c",
  "name": "88424f51-ebe7-446f-bc41-7fa16989e96c",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Labeler",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

認知服務自訂視覺讀者Cognitive Services Custom Vision Reader

專案中的唯讀動作。Read-only actions in the project. 讀者無法建立或更新專案。Readers can't create or update the project. 深入了解Learn more

動作Actions 描述Description
CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotActionsNotActions
none
DataActionsDataActions
Microsoft. CognitiveServices/accounts/CustomVision/*/readMicrosoft.CognitiveServices/accounts/CustomVision/*/read
Microsoft. CognitiveServices/accounts/CustomVision/projects/predictions/query/actionMicrosoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action 取得已傳送至您預測端點的影像。Get images that were sent to your prediction endpoint.
NotDataActionsNotDataActions
Microsoft. CognitiveServices/accounts/CustomVision/projects/export/readMicrosoft.CognitiveServices/accounts/CustomVision/projects/export/read