使用 Microsoft 團隊聊天室管理服務的角色型存取控制Role-based access control with the Microsoft Teams Rooms managed service

在 Microsoft 團隊聊天室管理服務中 (RBAC) 的角色式存取控制可協助您管理使用者對組織中的聊天室資源資料的存取權。Role-based access control (RBAC) in the Microsoft Teams Rooms managed service helps you manage user access to room resource data in your organization. 透過指派角色給您的服務入口網站使用者,您可以限制他們可以查看和變更的專案。By assigning roles to your service portal users, you can limit what they can see and change. 每個角色都有一組許可權,決定擁有該角色的使用者可以在貴組織記憶體取及變更哪些使用者。Each role has a set of permissions that determine what users with that role can access and change within your organization.

若要建立、編輯或指派角色,您的帳戶必須具備下列其中一項許可權:To create, edit, or assign roles, your account must have one of the following permissions:

  • 全域管理員(透過 Azure Active Directory (Azure AD) Global Administrator through Azure Active Directory (Azure AD)
  • 透過 Microsoft 團隊聊天室管理的服務入口網站管理的服務管理員Managed Service Administrator through the Microsoft Teams Rooms managed service portal

何謂角色?What is a role?

角色定義授與指派給該角色之使用者的一組許可權。A role defines the set of permissions granted to users assigned to that role. 目前,Microsoft [小組聊天室] 管理服務有三個內建角色: 受管理的服務系統管理員網站主管網站技術For now, the Microsoft Teams Rooms managed service has three built-in roles: Managed Service Administrator, Site Lead, and Site Tech. 它們涵蓋貴組織中可能涉及管理您的聊天室的使用者的一些常見案例。They cover some common scenarios for users in your organization that may be involved in managing your rooms.

若要查看角色,請在 Microsoft 團隊聊天室 managed 服務入口網站的左側導覽中,移至 [ 角色],然後選取任何角色,即可查看角色的屬性、許可權和作業。To see roles, in the left navigation of the Microsoft Teams Rooms managed service portal, go to Roles, and then select any of the roles to see the role’s properties, permissions, and assignments.

  • [屬性]:名稱、角色類型及描述Properties: The name, role type, and description
  • 許可權:列出角色有權存取的功能和許可權等級。Permissions: Lists features and level of permissions to which the role has access.
  • 作業:角色指派的清單,定義哪些使用者擁有房間資源帳戶範圍的設定許可權。Assignments: A list of role assignments defining which users have the configured permissions over the scope of room resource accounts. 角色可以有多個作業,而使用者可以有多個作業。A role can have multiple assignments, and a user can be in multiple assignments.

內建角色Built-in roles

您可以將內建角色指派給群組或使用者,而無需進一步設定。You can assign built-in roles to groups or users without further configuration. 請記住,您無法刪除或編輯內建角色的名稱、描述、類型或許可權。Keep in mind that you can't delete or edit the name, description, type, or permissions of a built-in role.

  • Managed Services 系統管理員:擁有 Microsoft 團隊聊天室 Premium 服務入口網站的完整存取權。Managed Service Administrator: Has full access to the Microsoft Teams Room Premium service portal.
  • 網站領導:組織工作室、存取報表並可管理票證。Site Lead: Organizes rooms, has access to reports and can manage tickets. 無法重設註冊金鑰或變更服務的設定。Can't reset enrollment key or make changes to the configuration of the service.
  • 網站技術:管理特定房間的票證。Site Tech: Manages tickets for specific rooms. 沒有許可權可以修改服務或管理服務中的聊天室。Doesn't have permissions to modify the service or organize rooms in the service.

下表摘要列出每個角色所能執行的動作。The following table summarizes what each role can do.

功能Features 拒絕Permission Managed Services 系統管理員Managed Service Administrator 網站領導Site Lead 網站技術Site Tech
教室Rooms 檢視View
修改Modify
重設金鑰Reset key
下載金鑰Download key
取消Unenroll
群組管理Group management 建立Create
檢視View
修改Modify
更新振鈴管理Update ring management 建立Create
檢視View
修改Modify
有關Reports 檢視View
票證管理Ticket management 建立客戶事件Create customer incident
檢視View
時更新Update
Microsoft 團隊聊天室 managed services 設定Microsoft Teams Rooms managed service settings 檢視View
修改Modify
角色管理Role management 檢視View
修改Modify

指派角色Assign a role

若要指派角色,您必須是全域管理員或受管理的服務系統管理員。To assign roles, you must be a Global Administrator or Managed Service Administrator.

  1. 在 Microsoft 團隊聊天室 managed 服務入口網站的左側導覽中,移至 [設定 > 角色]。In the left navigation of the Microsoft Teams Rooms managed service portal, go to Settings > Roles.

    顯示角色之 [存取控制] 頁面的螢幕擷取畫面

  2. 選取您要指派的角色。Select the role you want to assign.

  3. 在 [角色] 窗格中,選取 [作業 > 新增]。In the role pane, select Assignments > Add.

    新增角色的 [新增] 選項的螢幕擷取畫面。

  4. 在 [ 一般設定 ] 頁面上的 [ 作業屬性] 底下,輸入此工作分派的名稱。On the General settings page, under Assignment properties, enter a name for this assignment. 描述是選擇性的。The description is optional. 選擇 [下一步]。Choose Next.

  5. 在 [ 成員 ] 頁面上,于 [ 搜尋使用者或安全性群組 ] 方塊中,輸入您要授與許可權的租使用者或安全性群組的名稱,然後完成選取專案。On the Members page, in the Search for user or security group box, enter the name of a user or security group in your tenant to which you want to give permissions, and then complete the selection. 選擇 [下一步]Choose Next.

  6. 在 [ 範圍 ] 頁面上的 [ 搜尋聊天室或聊天室群組 ] 方塊中,輸入可允許使用者管理的聊天室或聊天室群組的名稱。On the Scope page, in the Search for room or room group box, type the name of either a room or room group that the user will be allowed to manage. 選擇 [下一步]Choose Next.

  7. 在 [ 完成] 頁面上,查看作業的詳細資料。On the Finish page, review the details of the assignment. 如果您對設定感到滿意,請選擇 [ 新增作業]。If you're satisfied with the configuration, choose Add assignment. 如果您想要編輯節,請使用 [ 上一個 ] 按鈕,或選取左側導覽中的步驟。If you want to edit a section, use the Previous button or select the step in the left navigation.