Nota:
El acceso a esta página requiere autorización. Puede intentar iniciar sesión o cambiar directorios.
El acceso a esta página requiere autorización. Puede intentar cambiar los directorios.
本文列出了“物联网”类别的 Azure 内置角色。
Azure 设备注册表参与者
允许在Azure设备注册命名空间内对物联网设备进行全面访问。
| 操作 | 说明 |
|---|---|
| microsoft.deviceregistry/namespaces/read | 获取命名空间 |
| microsoft.deviceregistry/namespaces/devices/* | |
| microsoft.deviceregistry/namespaces/discovereddevices/* | |
| microsoft.deviceregistry/namespaces/credentials/read | 获取证书 |
| microsoft.deviceregistry/namespaces/credentials/policies/read | 按凭证列表政策资源 |
| microsoft.devices/iothubs/certificates/* | |
| microsoft.devices/iothubs/read | 获取IotHub资源 |
| 不操作 | |
| 无 | |
| DataActions | |
| microsoft.deviceregistry/namespaces/credentials/policies/issueCertificate/action | 允许使用基于证书的策略进行证书发布。 |
| microsoft.devices/iothubs/devices/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to IoT devices within Azure Device Registry Namespace.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a5c3590a-3a1a-4cd4-9648-ea0a32b15137",
"name": "a5c3590a-3a1a-4cd4-9648-ea0a32b15137",
"permissions": [
{
"actions": [
"microsoft.deviceregistry/namespaces/read",
"microsoft.deviceregistry/namespaces/devices/*",
"microsoft.deviceregistry/namespaces/discovereddevices/*",
"microsoft.deviceregistry/namespaces/credentials/read",
"microsoft.deviceregistry/namespaces/credentials/policies/read",
"microsoft.devices/iothubs/certificates/*",
"microsoft.devices/iothubs/read"
],
"notActions": [],
"dataActions": [
"microsoft.deviceregistry/namespaces/credentials/policies/issueCertificate/action",
"microsoft.devices/iothubs/devices/*"
],
"notDataActions": []
}
],
"roleName": "Azure Device Registry Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 设备注册表凭据参与者
允许在Azure设备注册表命名空间内完全管理凭证和策略。
| 操作 | 说明 |
|---|---|
| microsoft.deviceregistry/namespaces/credentials/* | |
| microsoft.deviceregistry/namespaces/credentials/policies/* | |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to manage credentials and policies within Azure Device Registry Namespace.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/09267e11-2e06-40b5-8fe4-68cea20794c9",
"name": "09267e11-2e06-40b5-8fe4-68cea20794c9",
"permissions": [
{
"actions": [
"microsoft.deviceregistry/namespaces/credentials/*",
"microsoft.deviceregistry/namespaces/credentials/policies/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Device Registry Credentials Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 设备注册表载入
允许完全访问Azure设备注册表命名空间和X.509证书配置。
| 操作 | 说明 |
|---|---|
| Microsoft.DeviceRegistry/namespaces/read | 获取命名空间 |
| Microsoft.DeviceRegistry/namespaces/write | 更新命名空间 |
| Microsoft.DeviceRegistry/namespaces/delete | 删除命名空间 |
| Microsoft.DeviceRegistry/namespaces/credentials/* | |
| Microsoft.DeviceRegistry/namespaces/credentials/policies/* | |
| Microsoft.Devices/iothubs/* | |
| Microsoft.Devices/provisioningServices/* | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Devices/provisioningServices/enrollments/* | |
| Microsoft.Devices/provisioningServices/enrollmentGroups/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Device Registry Namespace and X.509 certificate provisioning.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/547f7f0a-69c0-4807-bd9e-0321dfb66a84",
"name": "547f7f0a-69c0-4807-bd9e-0321dfb66a84",
"permissions": [
{
"actions": [
"Microsoft.DeviceRegistry/namespaces/read",
"Microsoft.DeviceRegistry/namespaces/write",
"Microsoft.DeviceRegistry/namespaces/delete",
"Microsoft.DeviceRegistry/namespaces/credentials/*",
"Microsoft.DeviceRegistry/namespaces/credentials/policies/*",
"Microsoft.Devices/iothubs/*",
"Microsoft.Devices/provisioningServices/*"
],
"notActions": [],
"dataActions": [
"Microsoft.Devices/provisioningServices/enrollments/*",
"Microsoft.Devices/provisioningServices/enrollmentGroups/*"
],
"notDataActions": []
}
],
"roleName": "Azure Device Registry Onboarding",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
设备预配服务数据参与者
允许对设备预配服务数据平面操作进行完全访问。
| 操作 | 说明 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Devices/provisioningServices/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Device Provisioning Service data-plane operations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/dfce44e4-17b7-4bd1-a6d1-04996ec95633",
"name": "dfce44e4-17b7-4bd1-a6d1-04996ec95633",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/provisioningServices/*"
],
"notDataActions": []
}
],
"roleName": "Device Provisioning Service Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
设备预配服务数据读取者
允许对设备预配服务数据平面属性进行完全读取访问。
| 操作 | 说明 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Devices/provisioningServices/*/read | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for full read access to Device Provisioning Service data-plane properties.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/10745317-c249-44a1-a5ce-3a4353c0bbd8",
"name": "10745317-c249-44a1-a5ce-3a4353c0bbd8",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/provisioningServices/*/read"
],
"notDataActions": []
}
],
"roleName": "Device Provisioning Service Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
设备更新管理员
授予你对管理操作和内容操作的完全访问权限
| 操作 | 说明 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.DeviceUpdate/accounts/instances/updates/read | 执行与更新相关的读取操作 |
| Microsoft.DeviceUpdate/accounts/instances/updates/write | 执行与更新相关的写入操作 |
| Microsoft.DeviceUpdate/accounts/instances/updates/delete | 执行与更新相关的删除操作 |
| Microsoft.DeviceUpdate/accounts/instances/management/read | 执行与管理相关的读取操作 |
| Microsoft.DeviceUpdate/accounts/instances/management/write | 执行与管理相关的写入操作 |
| Microsoft.DeviceUpdate/accounts/instances/management/delete | 执行与管理相关的删除操作 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Gives you full access to management and content operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/02ca0879-e8e4-47a5-a61e-5c618b76e64a",
"name": "02ca0879-e8e4-47a5-a61e-5c618b76e64a",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/updates/read",
"Microsoft.DeviceUpdate/accounts/instances/updates/write",
"Microsoft.DeviceUpdate/accounts/instances/updates/delete",
"Microsoft.DeviceUpdate/accounts/instances/management/read",
"Microsoft.DeviceUpdate/accounts/instances/management/write",
"Microsoft.DeviceUpdate/accounts/instances/management/delete"
],
"notDataActions": []
}
],
"roleName": "Device Update Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
设备更新内容管理员
授予你对内容操作的完全访问权限
| 操作 | 说明 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.DeviceUpdate/accounts/instances/updates/read | 执行与更新相关的读取操作 |
| Microsoft.DeviceUpdate/accounts/instances/updates/write | 执行与更新相关的写入操作 |
| Microsoft.DeviceUpdate/accounts/instances/updates/delete | 执行与更新相关的删除操作 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Gives you full access to content operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0378884a-3af5-44ab-8323-f5b22f9f3c98",
"name": "0378884a-3af5-44ab-8323-f5b22f9f3c98",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/updates/read",
"Microsoft.DeviceUpdate/accounts/instances/updates/write",
"Microsoft.DeviceUpdate/accounts/instances/updates/delete"
],
"notDataActions": []
}
],
"roleName": "Device Update Content Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
设备更新内容读取者
授予你对内容操作的读取访问权限,但不允许进行更改
| 操作 | 说明 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.DeviceUpdate/accounts/instances/updates/read | 执行与更新相关的读取操作 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Gives you read access to content operations, but does not allow making changes",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d1ee9a80-8b14-47f0-bdc2-f4a351625a7b",
"name": "d1ee9a80-8b14-47f0-bdc2-f4a351625a7b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/updates/read"
],
"notDataActions": []
}
],
"roleName": "Device Update Content Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
设备更新部署管理员
授予你对管理操作的完全访问权限
| 操作 | 说明 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.DeviceUpdate/accounts/instances/management/read | 执行与管理相关的读取操作 |
| Microsoft.DeviceUpdate/accounts/instances/management/write | 执行与管理相关的写入操作 |
| Microsoft.DeviceUpdate/accounts/instances/management/delete | 执行与管理相关的删除操作 |
| Microsoft.DeviceUpdate/accounts/instances/updates/read | 执行与更新相关的读取操作 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Gives you full access to management operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e4237640-0e3d-4a46-8fda-70bc94856432",
"name": "e4237640-0e3d-4a46-8fda-70bc94856432",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/management/read",
"Microsoft.DeviceUpdate/accounts/instances/management/write",
"Microsoft.DeviceUpdate/accounts/instances/management/delete",
"Microsoft.DeviceUpdate/accounts/instances/updates/read"
],
"notDataActions": []
}
],
"roleName": "Device Update Deployments Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
设备更新部署读取者
授予你对管理操作的读取访问权限,但不允许进行更改
| 操作 | 说明 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.DeviceUpdate/accounts/instances/management/read | 执行与管理相关的读取操作 |
| Microsoft.DeviceUpdate/accounts/instances/updates/read | 执行与更新相关的读取操作 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Gives you read access to management operations, but does not allow making changes",
"id": "/providers/Microsoft.Authorization/roleDefinitions/49e2f5d2-7741-4835-8efa-19e1fe35e47f",
"name": "49e2f5d2-7741-4835-8efa-19e1fe35e47f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/management/read",
"Microsoft.DeviceUpdate/accounts/instances/updates/read"
],
"notDataActions": []
}
],
"roleName": "Device Update Deployments Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
设备更新读取者
授予你对管理操作和内容操作的读取访问权限,但不允许进行更改
| 操作 | 说明 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.DeviceUpdate/accounts/instances/updates/read | 执行与更新相关的读取操作 |
| Microsoft.DeviceUpdate/accounts/instances/management/read | 执行与管理相关的读取操作 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Gives you read access to management and content operations, but does not allow making changes",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f",
"name": "e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/updates/read",
"Microsoft.DeviceUpdate/accounts/instances/management/read"
],
"notDataActions": []
}
],
"roleName": "Device Update Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
固件分析管理员
在 Defender for IoT 中上传和分析韧体映像
| 操作 | 说明 |
|---|---|
| Microsoft.IoTFirmwareDefense/* | |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Upload and analyze firmware images in Defender for IoT",
"id": "/providers/Microsoft.Authorization/roleDefinitions/9c1607d1-791d-4c68-885d-c7b7aaff7c8a",
"name": "9c1607d1-791d-4c68-885d-c7b7aaff7c8a",
"permissions": [
{
"actions": [
"Microsoft.IoTFirmwareDefense/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Firmware Analysis Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
IoT 中心数据参与者
具有 IoT 中心数据平面操作的完全访问权限。
| 操作 | 说明 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Devices/IotHubs/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to IoT Hub data plane operations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4fc6c259-987e-4a07-842e-c321cc9d413f",
"name": "4fc6c259-987e-4a07-842e-c321cc9d413f",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/IotHubs/*"
],
"notDataActions": []
}
],
"roleName": "IoT Hub Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
IoT 中心数据读取者
具有 IoT 中心数据平面属性的完全读取访问权限
| 操作 | 说明 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Devices/IotHubs/*/read | |
| Microsoft.Devices/IotHubs/文件上传/通知/action | 接收、完成或放弃文件上传通知 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for full read access to IoT Hub data-plane properties",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b447c946-2db7-41ec-983d-d8bf3b1c77e3",
"name": "b447c946-2db7-41ec-983d-d8bf3b1c77e3",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/IotHubs/*/read",
"Microsoft.Devices/IotHubs/fileUpload/notifications/action"
],
"notDataActions": []
}
],
"roleName": "IoT Hub Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
IoT 中心注册表参与者
具有 IoT 中心设备注册表的完全访问权限。
| 操作 | 说明 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Devices/IotHubs/devices/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to IoT Hub device registry.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4ea46cd5-c1b2-4a8e-910b-273211f9ce47",
"name": "4ea46cd5-c1b2-4a8e-910b-273211f9ce47",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/IotHubs/devices/*"
],
"notDataActions": []
}
],
"roleName": "IoT Hub Registry Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
IoT 中心孪生参与者
具有所有 IoT 中心设备和模块孪生的读写访问权限。
| 操作 | 说明 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Devices/IotHubs/twins/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for read and write access to all IoT Hub device and module twins.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/494bdba2-168f-4f31-a0a1-191d2f7c028c",
"name": "494bdba2-168f-4f31-a0a1-191d2f7c028c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/IotHubs/twins/*"
],
"notDataActions": []
}
],
"roleName": "IoT Hub Twin Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}