Compartir a través de

Azure 安全权限

本文列出了安全类别中 Azure 资源提供程序的权限。 可以在自己的 Azure 自定义角色中使用这些权限,以针对 Azure 中的资源提供精细的访问控制。 权限字符串具有以下格式:{Company}.{ProviderName}/{resourceType}/{action}

Microsoft.AppComplianceAutomation

Azure 服务:适用于 Microsoft 365 的应用合规性自动化工具

操作 说明
Microsoft.AppComplianceAutomation/onboard/action 将给定订阅加入到 Microsoft.AppComplianceAutomation 提供程序。
Microsoft.AppComplianceAutomation/triggerEvaluation/action 触发对给定订阅的快速评估。
Microsoft.AppComplianceAutomation/listInUseStorageAccounts/action 列出相关报表正在使用的存储帐户
Microsoft.AppComplianceAutomation/checkNameAvailability/action 操作 checkNameAvailability
Microsoft.AppComplianceAutomation/getCollectionCount/action 获取报表计数。
Microsoft.AppComplianceAutomation/getOverviewStatus/action 获取资源概述状态。
Microsoft.AppComplianceAutomation/register/action 注册 Microsoft.AppComplianceAutomation 的订阅
Microsoft.AppComplianceAutomation/unregister/action 注册 Microsoft.AppComplianceAutomation 的订阅
Microsoft.AppComplianceAutomation/locations/operationStatuses/read 读取 OperationStatuses
Microsoft.AppComplianceAutomation/locations/operationStatuses/write 写入 operationStatuses
Microsoft.AppComplianceAutomation/operations/read 读取操作
Microsoft.AppComplianceAutomation/operations/read 获取租户的 AppComplianceAutomation 报表列表。
Microsoft.AppComplianceAutomation/operations/read 获取 AppComplianceAutomation 报表及其属性。
Microsoft.AppComplianceAutomation/reports/write 创建新的 AppComplianceAutomation 报表或更新正在退出的 AppComplianceAutomation 报表。
Microsoft.AppComplianceAutomation/reports/delete 删除 AppComplianceAutomation 报表。
Microsoft.AppComplianceAutomation/reports/write 更新正在退出的 AppComplianceAutomation 报表。
Microsoft.AppComplianceAutomation/reports/checkNameAvailability/action 检查报表的嵌套资源名称可用性,例如:Webhook、证据、快照。
Microsoft.AppComplianceAutomation/reports/fix/action 修复 AppComplianceAutomation 报表错误。 例如:应用符合性自动化工具服务未注册、已删除自动化。
Microsoft.AppComplianceAutomation/reports/getScopingQuestions/action 修复 AppComplianceAutomation 报表错误。 例如:应用符合性自动化工具服务未注册、已删除自动化。
Microsoft.AppComplianceAutomation/reports/syncCertRecord/action 从应用合规性同步证明记录。
Microsoft.AppComplianceAutomation/reports/verify/action 验证 AppComplianceAutomation 报表运行状况。
Microsoft.AppComplianceAutomation/reports/evidences/read 返回指定报表的证据分页列表。
Microsoft.AppComplianceAutomation/reports/evidences/read 获取证据元数据
Microsoft.AppComplianceAutomation/reports/evidences/write 创建或更新指定报表的证据
Microsoft.AppComplianceAutomation/reports/evidences/delete 从指定报表中删除现有证据
Microsoft.AppComplianceAutomation/reports/evidences/download/action 下载证据文件。
Microsoft.AppComplianceAutomation/reports/scopingConfigurations/read 返回指定报表的单一实例范围配置的列表格式。
Microsoft.AppComplianceAutomation/reports/scopingConfigurations/read 获取特定报表的 AppComplianceAutomation 范围配置。
Microsoft.AppComplianceAutomation/reports/scopingConfigurations/write 获取特定报表的 AppComplianceAutomation 范围配置。
Microsoft.AppComplianceAutomation/reports/scopingConfigurations/delete 清理特定报表的 AppComplianceAutomation 范围配置。
Microsoft.AppComplianceAutomation/reports/snapshots/read 获取 AppComplianceAutomation 快照列表。
Microsoft.AppComplianceAutomation/reports/snapshots/read 获取 AppComplianceAutomation 快照及其属性。
Microsoft.AppComplianceAutomation/reports/snapshots/download/action 从快照下载合规性需求,例如,合规性报表、资源列表。
Microsoft.AppComplianceAutomation/reports/webhooks/read 获取 AppComplianceAutomation Webhook 列表。
Microsoft.AppComplianceAutomation/reports/webhooks/read 获取 AppComplianceAutomation Webhook 及其属性。
Microsoft.AppComplianceAutomation/reports/webhooks/write 创建新的 AppComplianceAutomation webhook 或更新正在退出的 AppComplianceAutomation Webhook。
Microsoft.AppComplianceAutomation/reports/webhooks/delete 删除 AppComplianceAutomation Webhook。
Microsoft.AppComplianceAutomation/reports/webhooks/write 更新正在退出的 AppComplianceAutomation Webhook。

Microsoft.DataProtection

Azure 服务:数据保护

操作 说明
Microsoft.DataProtection/register/action 注册给定资源提供程序的订阅
Microsoft.DataProtection/unregister/action 注销给定资源提供程序的订阅
Microsoft.DataProtection/backupVaults/write “创建 BackupVault”操作创建“备份保管库”类型的 Azure 资源
Microsoft.DataProtection/backupVaults/write “更新备份保管库”操作更新类型为“备份保管库”的 Azure 资源
Microsoft.DataProtection/backupVaults/read “获取备份保管库”操作获取表示“备份保管库”类型 Azure 资源的对象
Microsoft.DataProtection/backupVaults/read 获取订阅中备份保管库的列表
Microsoft.DataProtection/backupVaults/read 获取资源组中备份保管库的列表
Microsoft.DataProtection/backupVaults/delete “删除保管库”操作删除类型为“备份保管库”的指定 Azure 资源
Microsoft.DataProtection/backupVaults/validateForBackup/action 验证备份实例的备份
Microsoft.DataProtection/backupVaults/backupInstances/write 创建备份实例
Microsoft.DataProtection/backupVaults/backupInstances/validateForModifyBackup/action 验证备份实例的修改
Microsoft.DataProtection/backupVaults/backupInstances/delete 删除备份实例
Microsoft.DataProtection/backupVaults/backupInstances/read 返回备份实例的详细信息
Microsoft.DataProtection/backupVaults/backupInstances/read 返回所有备份实例
Microsoft.DataProtection/backupVaults/backupInstances/backup/action 对备份实例执行备份
Microsoft.DataProtection/backupVaults/backupInstances/sync/action “同步”操作会重试备份实例上的上一次失败操作,使其处于有效状态。
Microsoft.DataProtection/backupVaults/backupInstances/restore/action 触发对备份实例的还原操作
Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action 验证是否已对备份实例执行还原
Microsoft.DataProtection/backupVaults/backupInstances/stopProtection/action “停止保护”操作会停止备份实例的备份和保留计划。 现有数据将永久保留。
Microsoft.DataProtection/backupVaults/backupInstances/suspendBackups/action “暂停备份”操作仅停止备份实例的备份。 保留活动将会继续,因此,数据将根据策略保留。
Microsoft.DataProtection/backupVaults/backupInstances/resumeProtection/action 继续保护 ProtectionStopped BI。
Microsoft.DataProtection/backupVaults/backupInstances/resumeBackups/action 继续备份 BackupsSuspended BI。
Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action 查找可还原的时间范围
Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read 返回备份保管库的备份操作结果。
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read 返回恢复点的详细信息
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read 返回所有恢复点
Microsoft.DataProtection/backupVaults/backupJobs/read 获取作业列表
Microsoft.DataProtection/backupVaults/backupJobs/enableProgress/action 获取作业详细信息
Microsoft.DataProtection/backupVaults/backupPolicies/write 创建备份策略
Microsoft.DataProtection/backupVaults/backupPolicies/delete 删除备份策略
Microsoft.DataProtection/backupVaults/backupPolicies/read 返回备份策略的详细信息
Microsoft.DataProtection/backupVaults/backupPolicies/read 返回所有备份策略
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read 获取资源的 ResourceGuard 代理列表
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read “获取 ResourceGuard 代理”操作获取表示类型为“ResourceGuard 代理”的 Azure 资源的对象
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write “创建 ResourceGuard 代理”操作创建类型为“ResourceGuard 代理”的 Azure 资源
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete “删除 ResourceGuard 代理”操作删除类型为“ResourceGuard 代理”的指定 Azure 资源
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action “解锁删除 ResourceGuard 代理”操作解锁下一删除关键操作
Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action 执行对软删除的备份实例的取消删除操作。 备份实例从 SoftDeleted 状态转为 ProtectionStopped 状态。
Microsoft.DataProtection/backupVaults/deletedBackupInstances/read 按名称获取备份保管库中软删除的备份实例
Microsoft.DataProtection/backupVaults/deletedBackupInstances/read 列出备份保管库中软删除的备份实例。
Microsoft.DataProtection/backupVaults/operationResults/read 获取备份保管库的修补操作的操作结果
Microsoft.DataProtection/backupVaults/operationStatus/read 返回备份保管库的备份操作状态。
Microsoft.DataProtection/locations/checkNameAvailability/action 检查所请求的 BackupVault 名称是否可用
Microsoft.DataProtection/locations/getBackupStatus/action 检查恢复服务保管库的备份状态
Microsoft.DataProtection/locations/checkFeatureSupport/action 验证功能是否受支持
Microsoft.DataProtection/locations/operationResults/read 返回备份保管库的备份操作结果。
Microsoft.DataProtection/locations/operationStatus/read 返回备份保管库的备份操作状态。
Microsoft.DataProtection/operations/read 操作返回资源提供程序的操作列表
Microsoft.DataProtection/subscriptions/providers/resourceGuards/read 获取订阅中的 ResourceGuard 的列表
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action 从次要区域返回已启用跨区域还原的备份保管库的恢复点。
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action 在给定的备份实例上触发跨区域还原操作。
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action 对跨区域还原操作执行验证。
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action 列出次要区域中备份实例的跨区域还原作业。
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action 从次要区域获取跨区域还原作业详细信息。
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/operationStatus/read 返回备份保管库的备份操作状态。
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write “创建 ResourceGuard”操作创建“ResourceGuard”类型的 Azure 资源
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read “获取 ResourceGuard”操作获取表示“ResourceGuard”类型的 Azure 资源的对象
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/delete “删除 ResourceGuard”操作删除“ResourceGuard”类型的指定 Azure 资源
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read 获取资源组中的 ResourceGuard 的列表
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write “更新 ResourceGuard”操作更新“ResourceGuard”类型的 Azure 资源
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read 获取 ResourceGuard 操作请求信息
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read 获取 ResourceGuard 默认操作请求信息

Microsoft.KeyVault

保护密钥和其他机密并保持对它们的控制。

Azure 服务:密钥保管库

操作 说明
Microsoft.KeyVault/register/action 注册订阅
Microsoft.KeyVault/unregister/action 取消注册订阅
Microsoft.KeyVault/checkNameAvailability/read 检查密钥保管库名称是否有效且未被使用
Microsoft.KeyVault/deletedManagedHsms/read 查看已删除的托管 HSM 的属性
Microsoft.KeyVault/deletedVaults/read 查看软删除的密钥保管库的属性
Microsoft.KeyVault/hsmPools/read 查看 HSM 池的属性
Microsoft.KeyVault/hsmPools/write 创建新 HSM 池或更新现有 HSM 池的属性
Microsoft.KeyVault/hsmPools/delete 删除 HSM 池
Microsoft.KeyVault/hsmPools/joinVault/action 将密钥保管库加入 HSM 池
Microsoft.KeyVault/locations/deleteVirtualNetworkOrSubnets/action 通知 Microsoft.KeyVault 正在删除虚拟网络或子网
Microsoft.KeyVault/locations/notifyNetworkSecurityPerimeterUpdatesAvailable/action 检查网络安全外围的配置是否需要更新。
Microsoft.KeyVault/locations/deletedManagedHsms/read 查看已删除的托管 HSM 的属性
Microsoft.KeyVault/locations/deletedManagedHsms/purge/action 清除已软删除的托管 HSM
Microsoft.KeyVault/locations/deletedManagedHsms/delete 清除已软删除的托管 HSM
Microsoft.KeyVault/locations/deletedVaults/read 查看软删除的密钥保管库的属性
Microsoft.KeyVault/locations/deletedVaults/purge/action 清除软删除的密钥保管库
Microsoft.KeyVault/locations/managedHsmOperationResults/read 检查长时间运行的操作的结果
Microsoft.KeyVault/locations/operationResults/read 检查长时间运行的操作的结果
Microsoft.KeyVault/managedHSMs/read 查看托管 HSM 的属性
Microsoft.KeyVault/managedHSMs/write 新建托管 HSM 或更新现有托管 HSM 的属性
Microsoft.KeyVault/managedHSMs/delete 删除托管 HSM
Microsoft.KeyVault/managedHSMs/PrivateEndpointConnectionsApproval/action 批准或拒绝到 Microsoft.Network 提供程序的专用终结点资源的连接
Microsoft.KeyVault/managedHSMs/keys/read 列出指定托管 HSM 中的密钥,或读取指定密钥的当前版本。
Microsoft.KeyVault/managedHSMs/keys/write 创建新密钥的第一个版本(如果不存在)。 如果已存在,则返回现有密钥,而不进行任何修改。 此 API 不创建后续版本,也不更新现有的密钥。
Microsoft.KeyVault/managedHSMs/keys/versions/read 列出指定密钥的版本,或读取密钥的指定版本。
Microsoft.KeyVault/managedHSMs/privateEndpointConnectionProxies/read 查看到 Microsoft.Network 提供程序的专用终结点资源的连接代理状态
Microsoft.KeyVault/managedHSMs/privateEndpointConnectionProxies/write 更改到 Microsoft.Network 提供程序的专用终结点资源的连接代理状态
Microsoft.KeyVault/managedHSMs/privateEndpointConnectionProxies/delete 删除到 Microsoft.Network 提供程序的专用终结点资源的连接代理
Microsoft.KeyVault/managedHSMs/privateEndpointConnectionProxies/validate/action 验证到 Microsoft.Network 提供程序的专用终结点资源的连接代理
Microsoft.KeyVault/managedHSMs/privateEndpointConnections/read 查看到 Microsoft.Network 提供程序的专用终结点资源的连接状态
Microsoft.KeyVault/managedHSMs/privateEndpointConnections/write 更改到 Microsoft.Network 提供程序的专用终结点资源的连接状态
Microsoft.KeyVault/managedHSMs/privateEndpointConnections/delete 删除到 Microsoft.Network 提供程序的专用终结点资源的连接
Microsoft.KeyVault/managedHSMs/privateLinkResources/read 获取托管 HSM 的指定实例的可用专用链接资源。
Microsoft.KeyVault/managedHSMs/providers/Microsoft.Insights/diagnosticSettings/Read 获取资源的诊断设置
Microsoft.KeyVault/managedHSMs/providers/Microsoft.Insights/diagnosticSettings/Write 创建或更新资源的诊断设置
Microsoft.KeyVault/managedHSMs/providers/Microsoft.Insights/logDefinitions/read 获取托管 HSM 的可用日志
Microsoft.KeyVault/managedHSMs/providers/Microsoft.Insights/metricDefinitions/read 获取密钥保管库的可用指标
Microsoft.KeyVault/operations/read 列出可对 Microsoft.KeyVault 资源提供程序执行的操作
Microsoft.KeyVault/vaults/read 查看密钥保管库的属性
Microsoft.KeyVault/vaults/write 创建新的密钥保管库,或更新现有密钥保管库的属性。 某些属性可能需要更多的权限。
Microsoft.KeyVault/vaults/delete 删除密钥保管库
Microsoft.KeyVault/vaults/deploy/action 部署 Azure 资源时启用对密钥保管库中机密的访问
Microsoft.KeyVault/vaults/PrivateEndpointConnectionsApproval/action 批准或拒绝到 Microsoft.Network 提供程序的专用终结点资源的连接
Microsoft.KeyVault/vaults/joinPerimeter/action 联接网络安全外围的操作,由 NRP 的链接访问检查使用。
Microsoft.KeyVault/vaults/accessPolicies/write 通过合并或替换来更新现有访问策略,或向密钥保管库添加新的访问策略。
Microsoft.KeyVault/vaults/eventGridFilters/read 通知 Microsoft.KeyVault 正在查看 Key Vault 的 EventGrid 订阅
Microsoft.KeyVault/vaults/eventGridFilters/write 通知 Microsoft.KeyVault 正在创建 Key Vault 的新 EventGrid 订阅
Microsoft.KeyVault/vaults/eventGridFilters/delete 通知 Microsoft.KeyVault 正在删除 Key Vault 的 EventGrid 订阅
Microsoft.KeyVault/vaults/keys/read 列出指定保管库中的密钥,或读取指定密钥的当前版本。
Microsoft.KeyVault/vaults/keys/write 创建新密钥的第一个版本(如果不存在)。 如果已存在,则返回现有密钥,而不进行任何修改。 此 API 不创建后续版本,也不更新现有的密钥。
Microsoft.KeyVault/vaults/keys/versions/read 列出指定密钥的版本,或读取密钥的指定版本。
Microsoft.KeyVault/vaults/networkSecurityPerimeterAssociationProxies/delete 删除代理与 Microsoft.Network 提供程序的网络安全外围资源的关联。
Microsoft.KeyVault/vaults/networkSecurityPerimeterAssociationProxies/read 删除代理与 Microsoft.Network 提供程序的网络安全外围资源的关联。
Microsoft.KeyVault/vaults/networkSecurityPerimeterAssociationProxies/write 更改与 Microsoft.Network 提供程序的网络安全外围资源关联的状态
Microsoft.KeyVault/vaults/networkSecurityPerimeterConfigurations/read 读取保管库中存储的网络安全外围配置。
Microsoft.KeyVault/vaults/networkSecurityPerimeterConfigurations/reconcile/action 协调保管库存储中的网络安全外围配置与 NRP 的(Microsoft.Network 资源提供程序)副本。
Microsoft.KeyVault/vaults/privateEndpointConnectionProxies/read 查看到 Microsoft.Network 提供程序的专用终结点资源的连接代理状态
Microsoft.KeyVault/vaults/privateEndpointConnectionProxies/write 更改到 Microsoft.Network 提供程序的专用终结点资源的连接代理状态
Microsoft.KeyVault/vaults/privateEndpointConnectionProxies/delete 删除到 Microsoft.Network 提供程序的专用终结点资源的连接代理
Microsoft.KeyVault/vaults/privateEndpointConnectionProxies/validate/action 验证到 Microsoft.Network 提供程序的专用终结点资源的连接代理
Microsoft.KeyVault/vaults/privateEndpointConnections/read 查看到 Microsoft.Network 提供程序的专用终结点资源的连接状态
Microsoft.KeyVault/vaults/privateEndpointConnections/write 更改到 Microsoft.Network 提供程序的专用终结点资源的连接状态
Microsoft.KeyVault/vaults/privateEndpointConnections/delete 删除到 Microsoft.Network 提供程序的专用终结点资源的连接
Microsoft.KeyVault/vaults/privateLinkResources/read 获取密钥保管库的指定实例的可用专用链接资源
Microsoft.KeyVault/vaults/providers/Microsoft.Insights/diagnosticSettings/Read 获取资源的诊断设置
Microsoft.KeyVault/vaults/providers/Microsoft.Insights/diagnosticSettings/Write 创建或更新资源的诊断设置
Microsoft.KeyVault/vaults/providers/Microsoft.Insights/logDefinitions/read 获取密钥保管库的可用日志
Microsoft.KeyVault/vaults/providers/Microsoft.Insights/metricDefinitions/read 获取密钥保管库的可用指标
Microsoft.KeyVault/vaults/secrets/read 查看机密的属性,但不查看其值。
Microsoft.KeyVault/vaults/secrets/write 创建新机密或更新现有机密的值。
DataAction 说明
Microsoft.KeyVault/vaults/certificatecas/delete 删除证书颁发者
Microsoft.KeyVault/vaults/certificatecas/read 读取证书颁发者
Microsoft.KeyVault/vaults/certificatecas/write 写入证书颁发者
Microsoft.KeyVault/vaults/certificatecontacts/write 管理证书联系人
Microsoft.KeyVault/vaults/certificates/delete 删除证书。 所有版本都会被删除。
Microsoft.KeyVault/vaults/certificates/read 列出指定的 Key Vault 中的证书,或获取有关证书的信息。
Microsoft.KeyVault/vaults/certificates/backup/action 创建证书的备份文件。 该文件可用于还原同一订阅的 Key Vault 中的证书。 可能存在限制。
Microsoft.KeyVault/vaults/certificates/purge/action 清除证书,使其不可恢复。
Microsoft.KeyVault/vaults/certificates/update/action 更新与给定证书关联的指定属性。
Microsoft.KeyVault/vaults/certificates/create/action 创建新证书。 如果证书不存在,则创建第一个版本, 否则会创建一个新版本。
Microsoft.KeyVault/vaults/certificates/import/action 导入包含私钥的现有有效证书。
要导入的证书可以采用 PFX 或 PEM 格式。
如果 Key Vault 中不存在该证书,则会使用指定的内容创建第一个版本。
否则,将使用指定的内容创建一个新版本。
Microsoft.KeyVault/vaults/certificates/recover/action 恢复已删除的证书。 该操作与 Delete 操作相反。 该操作在启用了软删除的保管库中适用,必须在保留间隔内发出。
Microsoft.KeyVault/vaults/certificates/restore/action 从 Key Vault 所生成的备份文件还原证书及其所有版本。
Microsoft.KeyVault/vaults/keyrotationpolicies/read 检索给定密钥的轮换策略。
Microsoft.KeyVault/vaults/keyrotationpolicies/write 更新给定密钥的轮换策略。
Microsoft.KeyVault/vaults/keys/read 列出指定保管库中的密钥,或读取密钥的属性和公共材料。
对于非对称密钥,此操作会公开公钥,并提供执行公钥算法(例如加密和验证签名)的功能。
永远不会公开私钥和对称密钥。
Microsoft.KeyVault/vaults/keys/update/action 更新与给定密钥关联的指定属性。
Microsoft.KeyVault/vaults/keys/create/action 创建新密钥。 如果密钥不存在,则创建第一个版本。 否则,将使用指定的值创建一个新版本。
Microsoft.KeyVault/vaults/keys/import/action 导入在外部创建的密钥。 如果该密钥不存在,则使用导入的材料创建第一个版本。 否则,将使用导入的材料创建一个新版本。
Microsoft.KeyVault/vaults/keys/recover/action 恢复已删除的密钥。 该操作与 Delete 操作相反。 该操作在启用了软删除的保管库中适用,必须在保留间隔内发出。
Microsoft.KeyVault/vaults/keys/restore/action 从 Key Vault 所生成的备份文件还原密钥及其所有版本。
Microsoft.KeyVault/vaults/keys/delete 删除密钥。 所有版本都会被删除。
Microsoft.KeyVault/vaults/keys/backup/action 创建密钥的备份文件。 该文件可用于还原同一订阅的 Key Vault 中的密钥。 可能存在限制。
Microsoft.KeyVault/vaults/keys/purge/action 清除密钥,使其不可恢复。
Microsoft.KeyVault/vaults/keys/encrypt/action 使用密钥加密纯文本。 请注意,如果密钥为非对称密钥,此操作可以由拥有读取访问权限的主体执行。
Microsoft.KeyVault/vaults/keys/decrypt/action 使用密钥解密已加密文本。
Microsoft.KeyVault/vaults/keys/wrap/action 使用 Key Vault 密钥包装对称密钥。 请注意,如果 Key Vault 密钥为非对称密钥,此操作可以由拥有读取访问权限的主体执行。
Microsoft.KeyVault/vaults/keys/unwrap/action 使用 Key Vault 密钥解包对称密钥。
Microsoft.KeyVault/vaults/keys/sign/action 使用密钥为消息摘要(哈希)签名。
Microsoft.KeyVault/vaults/keys/verify/action 使用密钥验证消息摘要(哈希)的签名。 请注意,如果密钥为非对称密钥,此操作可以由拥有读取访问权限的主体执行。
Microsoft.KeyVault/vaults/keys/release/action 使用证明令牌中 KEK 的公共部分来释放密钥。
Microsoft.KeyVault/vaults/keys/rotate/action 创建现有密钥的新版本(使用相同的参数)。
Microsoft.KeyVault/vaults/secrets/delete 删除机密。 所有版本都会被删除。
Microsoft.KeyVault/vaults/secrets/backup/action 创建机密的备份文件。 该文件可用于还原同一订阅的 Key Vault 中的机密。 可能存在限制。
Microsoft.KeyVault/vaults/secrets/purge/action 清除机密,使其不可恢复。
Microsoft.KeyVault/vaults/secrets/update/action 更新与给定机密关联的指定属性。
Microsoft.KeyVault/vaults/secrets/recover/action 恢复已删除的机密。 该操作与 Delete 操作相反。 该操作在启用了软删除的保管库中适用,必须在保留间隔内发出。
Microsoft.KeyVault/vaults/secrets/restore/action 从 Key Vault 所生成的备份文件还原机密及其所有版本。
Microsoft.KeyVault/vaults/secrets/readMetadata/action 列出或查看机密的属性,但不列出或查看机密的值。
Microsoft.KeyVault/vaults/secrets/getSecret/action 获取机密的值。
Microsoft.KeyVault/vaults/secrets/setSecret/action 设置机密的值。 如果机密不存在,则创建第一个版本。 否则,将使用指定的值创建一个新版本。
Microsoft.KeyVault/vaults/storageaccounts/read 读取托管存储帐户的定义。
Microsoft.KeyVault/vaults/storageaccounts/set/action 创建或更新托管存储帐户的定义。
Microsoft.KeyVault/vaults/storageaccounts/delete 删除托管存储帐户的定义。
Microsoft.KeyVault/vaults/storageaccounts/backup/action 创建托管存储帐户及其 SAS(共享访问签名)的定义的备份文件。
Microsoft.KeyVault/vaults/storageaccounts/purge/action 清除托管存储帐户或 SAS(共享访问签名)的软删除定义。
Microsoft.KeyVault/vaults/storageaccounts/regeneratekey/action 重新生成托管存储帐户的访问密钥。
Microsoft.KeyVault/vaults/storageaccounts/recover/action 恢复托管存储帐户或 SAS(共享访问签名)的软删除定义。
Microsoft.KeyVault/vaults/storageaccounts/restore/action 从 Key Vault 所生成的备份文件还原托管存储帐户及其 SAS(共享访问签名)的定义。
Microsoft.KeyVault/vaults/storageaccounts/sas/set/action 创建或更新托管存储帐户的 SAS(共享访问签名)定义。
Microsoft.KeyVault/vaults/storageaccounts/sas/delete 删除托管存储帐户的 SAS(共享访问签名)定义。
Microsoft.KeyVault/vaults/storageaccounts/sas/read 读取托管存储帐户的 SAS(共享访问签名)定义。

Microsoft.Security

保护企业免受混合云工作负荷中的高级威胁。

Azure 服务:安全中心

操作 说明
Microsoft.Security/register/action 注册 Azure 安全中心的订阅
Microsoft.Security/unregister/action 从 Azure 安全中心取消注册订阅
Microsoft.Security/aggregations/action 获取聚合
Microsoft.Security/adaptiveNetworkHardenings/read 获取受 Azure 保护的资源的自适应网络强化建议
Microsoft.Security/adaptiveNetworkHardenings/enforce/action 通过在给定网络安全组上创建匹配的安全规则,强制实施给定的流量强化规则
Microsoft.Security/advancedThreatProtectionSettings/read 获取资源的高级威胁防护设置
Microsoft.Security/advancedThreatProtectionSettings/write 更新资源的高级威胁防护设置
Microsoft.Security/aggregations/read 获取聚合
Microsoft.Security/alerts/read 获取所有可用的安全警报
Microsoft.Security/alertsSuppressionRules/read 获取所有可用的安全警报抑制规则
Microsoft.Security/alertsSuppressionRules/write 创建新的安全警报抑制规则或更新现有规则
Microsoft.Security/alertsSuppressionRules/delete 删除安全警报抑制规则
Microsoft.Security/apiCollections/read 获取 API 集合
Microsoft.Security/apiCollections/write 创建 API 集合
Microsoft.Security/apiCollections/delete 删除 API 集合
Microsoft.Security/applicationWhitelistings/read 获取应用程序允许列表
Microsoft.Security/applicationWhitelistings/write 创建新的或更新现有的应用程序允许列表
Microsoft.Security/assessmentMetadata/read 获取订阅中的可用安全评估元数据
Microsoft.Security/assessmentMetadata/write 创建或更新安全评估元数据
Microsoft.Security/assessments/read 获取订阅的安全评估
Microsoft.Security/assessments/write 创建或更新订阅的安全评估
Microsoft.Security/assessments/governanceAssignments/read 获取用于安全评估的治理分配
Microsoft.Security/assessments/governanceAssignments/write 创建或更新用于安全评估的治理分配
Microsoft.Security/assessments/subAssessments/read 获取订阅的安全子评估
Microsoft.Security/assessments/subAssessments/write 在订阅上创建或更新安全子评估
Microsoft.Security/assignments/read 获取安全分配
Microsoft.Security/assignments/write 创建或更新安全分配
Microsoft.Security/assignments/delete 删除安全分配
Microsoft.Security/automations/read 获取范围的自动化
Microsoft.Security/automations/write 创建或更新范围的自动化
Microsoft.Security/automations/delete 删除范围的自动化
Microsoft.Security/automations/validate/action 验证范围的自动化模型
Microsoft.Security/autoProvisioningSettings/read 获取订阅的安全自动预配设置
Microsoft.Security/autoProvisioningSettings/write 创建或更新订阅的安全自动预配设置
Microsoft.Security/complianceResults/read 获取资源的符合性结果
Microsoft.Security/customRecommendations/read 获取自定义建议
Microsoft.Security/customRecommendations/write 创建或更新自定义建议
Microsoft.Security/customRecommendations/delete 删除自定义建议
Microsoft.Security/datascanners/read 获取范围的 datascanners
Microsoft.Security/datascanners/write 为范围创建或更新 datascanners
Microsoft.Security/datascanners/delete 删除范围的 datascanners
Microsoft.Security/defenderforstoragesettings/read 获取范围的 defenderforstoragesettings
Microsoft.Security/defenderforstoragesettings/write 创建或更新范围的 defenderforstoragesettings
Microsoft.Security/defenderforstoragesettings/delete 删除范围的 defenderforstoragesettings
Microsoft.Security/deviceSecurityGroups/write 创建或更新 IoT 设备安全组
Microsoft.Security/deviceSecurityGroups/delete 删除 IoT 设备安全组
Microsoft.Security/deviceSecurityGroups/read 获取 IoT 设备安全组
Microsoft.Security/externalSecuritySolutions/read 获取外部安全解决方案
Microsoft.Security/governanceRules/read 获取用于管理安全态势的治理规则
Microsoft.Security/governanceRules/write 创建或更新用于管理安全态势的治理规则
Microsoft.Security/informationProtectionPolicies/read 获取资源的信息保护策略
Microsoft.Security/informationProtectionPolicies/write 更新资源的信息保护策略
Microsoft.Security/integration/read 获取范围上的集成
Microsoft.Security/integration/write 创建或更新范围上的集成
Microsoft.Security/integration/delete 委派或更新范围上的集成
Microsoft.Security/iotDefenderSettings/read 获取 IoT Defender 设置
Microsoft.Security/iotDefenderSettings/write 创建或更新 IoT Defender 设置
Microsoft.Security/iotDefenderSettings/delete 删除 IoT Defender 设置
Microsoft.Security/iotDefenderSettings/PackageDownloads/action 获取可下载的 IoT Defender 包信息
Microsoft.Security/iotDefenderSettings/DownloadManagerActivation/action 下载包含订阅配额数据的管理器激活文件
Microsoft.Security/iotSecuritySolutions/write 创建或更新 IoT 安全解决方案
Microsoft.Security/iotSecuritySolutions/delete 删除 IoT 安全解决方案
Microsoft.Security/iotSecuritySolutions/read 获取 IoT 安全解决方案
Microsoft.Security/iotSecuritySolutions/analyticsModels/read 获取 IoT 安全分析模型
Microsoft.Security/iotSecuritySolutions/analyticsModels/read 获取 IoT 警报类型
Microsoft.Security/iotSecuritySolutions/analyticsModels/read 获取 IoT 警报
Microsoft.Security/iotSecuritySolutions/analyticsModels/read 获取 IoT 建议类型
Microsoft.Security/iotSecuritySolutions/analyticsModels/read 获取 IoT 建议
Microsoft.Security/iotSecuritySolutions/analyticsModels/read 获取设备
Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedAlerts/read 获取 IoT 聚合警报
Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedAlerts/dismiss/action 关闭 IoT 聚合警报
Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations/read 获取 IoT 聚合建议
Microsoft.Security/iotSensors/read 获取 IoT 传感器
Microsoft.Security/iotSensors/write 创建或更新 IoT 传感器
Microsoft.Security/iotSensors/delete 删除 IoT 传感器
Microsoft.Security/iotSensors/DownloadActivation/action 下载 IoT 传感器的激活文件
Microsoft.Security/iotSensors/TriggerTiPackageUpdate/action 触发威胁情报包更新
Microsoft.Security/iotSensors/DownloadResetPassword/action 下载 IoT 传感器的重置密码文件
Microsoft.Security/iotSite/read 获取 IoT 站点
Microsoft.Security/iotSite/write 创建或更新 IoT 站点
Microsoft.Security/iotSite/delete 删除 IoT 站点
Microsoft.Security/jitNetworkAccessPolicies/read 获取实时网络访问策略
Microsoft.Security/locations/read 获取安全数据位置
Microsoft.Security/locations/alerts/read 获取所有可用的安全警报
Microsoft.Security/locations/alerts/dismiss/action 消除安全警报
Microsoft.Security/locations/alerts/activate/action 激活安全警报
Microsoft.Security/locations/alerts/resolve/action 解决安全警报
Microsoft.Security/locations/alerts/simulate/action 模拟安全警报
Microsoft.Security/locations/externalSecuritySolutions/read 获取外部安全解决方案
Microsoft.Security/locations/jitNetworkAccessPolicies/read 获取实时网络访问策略
Microsoft.Security/locations/jitNetworkAccessPolicies/write 创建新的或更新现有的实时网络访问策略
Microsoft.Security/locations/jitNetworkAccessPolicies/delete 删除适时网络访问策略
Microsoft.Security/locations/jitNetworkAccessPolicies/initiate/action 启动适时网络访问策略请求
Microsoft.Security/locations/securitySolutions/read 获取安全解决方案
Microsoft.Security/locations/securitySolutions/write 创建新的或更新现有的安全解决方案
Microsoft.Security/locations/securitySolutions/delete 删除安全解决方案
Microsoft.Security/locations/tasks/read 获取所有可用的安全建议
Microsoft.Security/locations/tasks/start/action 启用安全建议
Microsoft.Security/locations/tasks/resolve/action 解决安全建议
Microsoft.Security/locations/tasks/activate/action 激活安全建议
Microsoft.Security/locations/tasks/dismiss/action 关闭安全建议
Microsoft.Security/mdeOnboardings/read 获取 Microsoft Defender for Endpoint 加入脚本
Microsoft.Security/policies/read 获取安全策略
Microsoft.Security/policies/write 更新安全策略
Microsoft.Security/pricings/read 获取某一范围的定价设置
Microsoft.Security/pricings/write 更新某一范围的定价设置
Microsoft.Security/pricings/delete 删除某一范围的定价设置
Microsoft.Security/pricings/securityoperators/read 获取范围的安全操作员
Microsoft.Security/pricings/securityoperators/write 更新范围的安全操作员
Microsoft.Security/pricings/securityoperators/delete 删除范围的安全操作员
Microsoft.Security/secureScoreControlDefinitions/read 获取安全评分控制定义
Microsoft.Security/secureScoreControls/read 获取订阅的计算所得安全评分控制
Microsoft.Security/secureScores/read 获取订阅的计算所得安全评分
Microsoft.Security/secureScores/secureScoreControls/read 获取安全评分计算的计算所得安全评分控制
Microsoft.Security/securityConnectors/read 获取安全连接器
Microsoft.Security/securityConnectors/write 更新安全连接器
Microsoft.Security/securityConnectors/delete 删除安全连接器
Microsoft.Security/securityConnectors/devops/listAvailableAzureDevOpsOrgs/action 返回连接器使用的用户令牌可访问的所有 Azure DevOps 组织的列表。
Microsoft.Security/securityConnectors/devops/write 创建或更新 DevOps 配置。
Microsoft.Security/securityConnectors/devops/delete 删除 DevOps 连接器。
Microsoft.Security/securityConnectors/devops/read 获取 DevOps 配置。
Microsoft.Security/securityConnectors/devops/read 列出 DevOps 配置。
Microsoft.Security/securityConnectors/devops/write 更新 DevOps 配置。
Microsoft.Security/securityConnectors/devops/listAvailableGitHubOwners/action 返回连接器使用的用户令牌可访问的所有 GitHub 所有者的列表。
Microsoft.Security/securityConnectors/devops/listAvailableGitLabGroups/action 返回连接器使用的用户令牌可访问的所有 GitLab 组的列表。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/write 创建或更新受监视的 Azure DevOps 组织的详细信息。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/delete 删除受监视的 Azure DevOps 组织。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/read 返回受监视的 Azure DevOps 组织资源。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/read 返回已加入连接器的 Azure DevOps 组织的列表。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/write 更新受监视的 Azure DevOps 组织的详细信息。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/listAvailableProjects/action 返回连接器使用的用户令牌可访问的所有 Azure DevOps 项目的列表。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/write 创建或更新受监视的 Azure DevOps 项目资源。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/delete 删除受监视的 Azure DevOps 项目资源。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/read 返回受监视的 Azure DevOps 项目资源。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/read 返回已加入连接器的 Azure DevOps 项目的列表。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/write 更新受监视的 Azure DevOps 项目资源。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/listAvailableRepos/action 返回连接器使用的用户令牌可访问的所有 Azure DevOps 存储库的列表。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/repos/write 创建或更新受监视的 Azure DevOps 存储库资源。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/repos/delete 删除受监视的 Azure DevOps 存储库资源。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/repos/read 返回受监视的 Azure DevOps 存储库资源。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/repos/read 返回已加入连接器的 Azure DevOps 存储库的列表。
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/repos/write 更新受监视的 Azure DevOps 存储库资源。
Microsoft.Security/securityConnectors/devops/gitHubOwners/write 创建或更新受监视的 GitHub 所有者。
Microsoft.Security/securityConnectors/devops/gitHubOwners/delete 删除受监视的 GitHub 所有者。
Microsoft.Security/securityConnectors/devops/gitHubOwners/read 返回受监视的 GitHub 所有者。
Microsoft.Security/securityConnectors/devops/gitHubOwners/read 返回已加入连接器的 GitHub 所有者的列表。
Microsoft.Security/securityConnectors/devops/gitHubOwners/write 更新受监视的 GitHub 所有者。
Microsoft.Security/securityConnectors/devops/gitHubOwners/listAvailableRepos/action 返回连接器使用的用户令牌和应用安装可访问的所有 GitHub 存储库的列表。
Microsoft.Security/securityConnectors/devops/gitHubOwners/repos/write 创建或更新受监视的 GitHub 存储库。
Microsoft.Security/securityConnectors/devops/gitHubOwners/repos/delete 删除受监视的 GitHub 存储库。
Microsoft.Security/securityConnectors/devops/gitHubOwners/repos/read 返回受监视的 GitHub 存储库。
Microsoft.Security/securityConnectors/devops/gitHubOwners/repos/read 返回已加入连接器的 GitHub 存储库的列表。
Microsoft.Security/securityConnectors/devops/gitHubOwners/repos/write 更新受监视的 GitHub 存储库。
Microsoft.Security/securityConnectors/devops/gitLabGroups/write 创建或更新受监视的 GitLab 组的详细信息。
Microsoft.Security/securityConnectors/devops/gitLabGroups/delete 删除受监视的 GitHub 组。
Microsoft.Security/securityConnectors/devops/gitLabGroups/read 为给定的完全限定名称返回受监视的 GitLab 组资源。
Microsoft.Security/securityConnectors/devops/gitLabGroups/read 返回已加入连接器的 GitLab 组的列表。
Microsoft.Security/securityConnectors/devops/gitLabGroups/write 更新受监视的 GitLab 组的详细信息。
Microsoft.Security/securityConnectors/devops/gitLabGroups/listAvailableProjects/action 获取由给定组直接拥有并可由连接器使用的用户令牌访问的所有 GitLab 项目的列表。
Microsoft.Security/securityConnectors/devops/gitLabGroups/listSubgroups/action 获取已加入连接器的给定 GitLab 组的嵌套子组。
Microsoft.Security/securityConnectors/devops/gitLabGroups/listAvailableSubgroups/action 获取给定 GitLab 组的所有嵌套子组,这些子组可由连接器使用的用户令牌访问。
Microsoft.Security/securityConnectors/devops/gitLabGroups/projects/write 创建或更新受监视的 GitLab 项目的详细信息。
Microsoft.Security/securityConnectors/devops/gitLabGroups/projects/delete 删除受监视的 GitHub 项目。
Microsoft.Security/securityConnectors/devops/gitLabGroups/projects/read 为给定的完全限定的组名称和项目名称返回受监视的 GitLab 项目资源。
Microsoft.Security/securityConnectors/devops/gitLabGroups/projects/read 获取由给定组直接拥有并加入连接器的 GitLab 项目的列表。
Microsoft.Security/securityConnectors/devops/gitLabGroups/projects/write 更新受监视的 GitLab 项目的详细信息。
Microsoft.Security/securityConnectors/devops/operationResults/read 获取 devops 长期运行操作结果。
Microsoft.Security/securityContacts/read 获取安全联系信息
Microsoft.Security/securityContacts/write 更新安全联系信息
Microsoft.Security/securityContacts/delete 删除安全联系信息
Microsoft.Security/securitySolutions/read 获取安全解决方案
Microsoft.Security/securitySolutions/write 创建新的或更新现有的安全解决方案
Microsoft.Security/securitySolutions/delete 删除安全解决方案
Microsoft.Security/securitySolutionsReferenceData/read 获取安全解决方案引用数据
Microsoft.Security/securityStandards/read 获取安全标准
Microsoft.Security/securityStandards/write 创建或更新安全标准
Microsoft.Security/securityStandards/delete 删除安全标准
Microsoft.Security/securityStatuses/read 获取 Azure 资源的安全运行状况
Microsoft.Security/securityStatusesSummaries/read 获取某一范围的安全状态摘要
Microsoft.Security/sensitivitySettings/read 获取租户级敏感度设置
Microsoft.Security/sensitivitySettings/write 更新租户级敏感度设置
Microsoft.Security/serverVulnerabilityAssessments/read 获取给定资源的服务器漏洞评估加入状态
Microsoft.Security/serverVulnerabilityAssessments/write 在资源上创建或更新服务器漏洞评估解决方案
Microsoft.Security/serverVulnerabilityAssessments/delete 从资源中删除服务器漏洞评估解决方案
Microsoft.Security/serverVulnerabilityAssessmentsSettings/read 获取给定订阅的服务器漏洞评估设置加入状态
Microsoft.Security/serverVulnerabilityAssessmentsSettings/write 创建或更新给定订阅的服务器漏洞评估设置
Microsoft.Security/serverVulnerabilityAssessmentsSettings/delete 移除给定订阅的服务器漏洞评估设置
Microsoft.Security/settings/read 获取范围的设置
Microsoft.Security/settings/write 更新范围的设置
Microsoft.Security/sqlVulnerabilityAssessments/baselineRules/action 将规则结果的列表添加到基线。
Microsoft.Security/sqlVulnerabilityAssessments/baselineRules/read 返回数据库的基线(已添加到基线的所有规则)或获取指定规则 ID 的规则基线结果。
Microsoft.Security/sqlVulnerabilityAssessments/baselineRules/write 更改规则基线结果。
Microsoft.Security/sqlVulnerabilityAssessments/baselineRules/delete 从基线中删除规则结果。
Microsoft.Security/sqlVulnerabilityAssessments/scans/read 返回漏洞评估扫描记录的列表,或获取指定扫描 ID 的扫描记录。
Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults/read 返回漏洞评估规则结果的列表,或获取指定规则 ID 的规则结果。
Microsoft.Security/standardAssignments/read 获取标准分配
Microsoft.Security/standardAssignments/write 创建或更新标准分配
Microsoft.Security/standardAssignments/delete 删除标准分配
Microsoft.Security/standards/read 获取安全标准
Microsoft.Security/standards/write 创建或更新安全标准
Microsoft.Security/standards/delete 删除安全标准
Microsoft.Security/tasks/read 获取所有可用的安全建议
Microsoft.Security/webApplicationFirewalls/read 获取 Web 应用程序防火墙
Microsoft.Security/webApplicationFirewalls/write 创建新的或更新现有的 Web 应用程序防火墙
Microsoft.Security/webApplicationFirewalls/delete 删除 Web 应用程序防火墙
Microsoft.Security/workspaceSettings/read 获取工作区设置
Microsoft.Security/workspaceSettings/write 更新工作区设置
Microsoft.Security/workspaceSettings/delete 删除工作区设置
Microsoft.Security/workspaceSettings/connect/action 更改工作区设置重新连接设置

Microsoft.SecurityGraph

Azure 服务:Microsoft Monitoring Insights

操作 说明
Microsoft.SecurityGraph/diagnosticsettings/write 写入诊断设置
Microsoft.SecurityGraph/diagnosticsettings/read 读取诊断设置
Microsoft.SecurityGraph/diagnosticsettings/delete 删除诊断设置
Microsoft.SecurityGraph/diagnosticsettingscategories/read 读取诊断设置类别

Microsoft.SecurityInsights

Azure 服务:Microsoft Sentinel

操作 说明
Microsoft.SecurityInsights/register/action 将订阅注册到 Azure Sentinel
Microsoft.SecurityInsights/unregister/action 从 Azure Sentinel 取消注册订阅
Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action 检查用户授权和许可证
Microsoft.SecurityInsights/contentTranslators/action 检查翻译内容
Microsoft.SecurityInsights/Aggregations/read 获取聚合信息
Microsoft.SecurityInsights/alertRules/read 获取警报规则
Microsoft.SecurityInsights/alertRules/write 更新警报规则
Microsoft.SecurityInsights/alertRules/delete 删除警报规则
Microsoft.SecurityInsights/alertRules/triggerRuleRun/action 触发按需规则运行执行
Microsoft.SecurityInsights/alertRules/actions/read 获取警报规则的响应操作
Microsoft.SecurityInsights/alertRules/actions/write 更新警报规则的响应操作
Microsoft.SecurityInsights/alertRules/actions/delete 删除警报规则的响应操作
Microsoft.SecurityInsights/automationRules/read 获取自动化规则
Microsoft.SecurityInsights/automationRules/write 更新自动化规则
Microsoft.SecurityInsights/automationRules/delete 删除自动化规则
Microsoft.SecurityInsights/BillingStatistics/read 读取 BillingStatistics
Microsoft.SecurityInsights/Bookmarks/read 获取书签
Microsoft.SecurityInsights/Bookmarks/write 更新书签
Microsoft.SecurityInsights/Bookmarks/delete 删除书签
Microsoft.SecurityInsights/Bookmarks/expand/action 按特定的扩展获取实体的相关实体
Microsoft.SecurityInsights/bookmarks/relations/read 获取书签关系
Microsoft.SecurityInsights/bookmarks/relations/write 更新书签关系
Microsoft.SecurityInsights/bookmarks/relations/delete 删除书签关系
Microsoft.SecurityInsights/businessApplicationAgents/read 获取商业应用程序代理
Microsoft.SecurityInsights/businessApplicationAgents/write 创建或更新商业应用程序代理
Microsoft.SecurityInsights/businessApplicationAgents/delete 删除商业应用程序代理
Microsoft.SecurityInsights/businessApplicationAgents/systems/read 获取商业应用程序代理的系统
Microsoft.SecurityInsights/businessApplicationAgents/systems/write 创建或更新商业应用程序代理的系统
Microsoft.SecurityInsights/businessApplicationAgents/systems/delete 删除商业应用程序代理的系统
Microsoft.SecurityInsights/businessApplicationAgents/systems/listActions/action 列出系统的操作
Microsoft.SecurityInsights/businessApplicationAgents/systems/reportActionStatus/action 报告操作的状态
Microsoft.SecurityInsights/businessApplicationAgents/systems/undoAction/action 撤消操作
Microsoft.SecurityInsights/cases/read 获取案例
Microsoft.SecurityInsights/cases/write 更新案例
Microsoft.SecurityInsights/cases/delete 删除案例
Microsoft.SecurityInsights/cases/comments/read 获取案例注释
Microsoft.SecurityInsights/cases/comments/write 创建案例注释
Microsoft.SecurityInsights/cases/investigations/read 获取案例调查
Microsoft.SecurityInsights/cases/investigations/write 更新案例的元数据
Microsoft.SecurityInsights/ConfidentialWatchlists/read 获取机密监视列表
Microsoft.SecurityInsights/ConfidentialWatchlists/write 创建机密监视列表
Microsoft.SecurityInsights/ConfidentialWatchlists/delete 删除机密监视列表
Microsoft.SecurityInsights/ContentPackages/read 读取可用的内容包。
Microsoft.SecurityInsights/ContentPackages/write 安装或卸载内容包。
Microsoft.SecurityInsights/ContentTemplates/read 读取已安装的内容模板。
Microsoft.SecurityInsights/ContentTemplates/delete 删除已安装的内容模板。
Microsoft.SecurityInsights/dataConnectors/read 获取数据连接器
Microsoft.SecurityInsights/dataConnectors/write 更新数据连接器
Microsoft.SecurityInsights/dataConnectors/delete 删除数据连接器
Microsoft.SecurityInsights/enrichment/domain/whois/read 获取域的 whois 扩充
Microsoft.SecurityInsights/enrichment/ip/geodata/read 获取 IP 的 geodata 扩充
Microsoft.SecurityInsights/entities/read 获取 Sentinel 实体关系图
Microsoft.SecurityInsights/entities/gettimeline/action 获取特定范围的实体时间线
Microsoft.SecurityInsights/entities/getInsights/action 获取特定范围的实体见解
Microsoft.SecurityInsights/entities/runPlaybook/action 在实体上运行剧本
Microsoft.SecurityInsights/entities/relations/read 获取实体与相关资源之间的关系
Microsoft.SecurityInsights/entities/relations/write 更新实体与相关资源之间的关系
Microsoft.SecurityInsights/entities/relations/delete 删除实体与相关资源之间的关系
Microsoft.SecurityInsights/entityQueries/read 获取实体的调查扩展
Microsoft.SecurityInsights/ExportConnections/read 读取 ExportConnections
Microsoft.SecurityInsights/ExportConnections/write 写入 ExportConnections
Microsoft.SecurityInsights/ExportConnections/delete 删除 ExportConnections
Microsoft.SecurityInsights/ExportConnections/ExportJobs/read 读取 ExportJobs
Microsoft.SecurityInsights/ExportConnections/ExportJobs/write 写入 ExportJobs
Microsoft.SecurityInsights/ExportConnections/ExportJobs/delete 删除 ExportJobs
Microsoft.SecurityInsights/fileimports/read 读取文件导入对象
Microsoft.SecurityInsights/fileimports/write 创建或更新文件导入
Microsoft.SecurityInsights/fileimports/delete 删除文件导入
Microsoft.SecurityInsights/hunts/read 获取搜寻
Microsoft.SecurityInsights/hunts/write 创建搜寻
Microsoft.SecurityInsights/hunts/delete 删除搜寻
Microsoft.SecurityInsights/hunts/comments/read 获取搜寻注释
Microsoft.SecurityInsights/hunts/comments/write 创建搜寻注释
Microsoft.SecurityInsights/hunts/comments/delete 删除搜寻注释
Microsoft.SecurityInsights/hunts/relations/read 获取搜寻关系
Microsoft.SecurityInsights/hunts/relations/write 创建搜寻关系
Microsoft.SecurityInsights/hunts/relations/delete 删除搜寻关系
Microsoft.SecurityInsights/incidents/read 获取事件
Microsoft.SecurityInsights/incidents/write 更新事件
Microsoft.SecurityInsights/incidents/delete 删除事件
Microsoft.SecurityInsights/incidents/createTeam/action 创建一个 Microsoft 团队,通过在参与者之间共享信息和见解来调查事件
Microsoft.SecurityInsights/incidents/runPlaybook/action 运行事件 playbook
Microsoft.SecurityInsights/incidents/comments/read 获取事件注释
Microsoft.SecurityInsights/incidents/comments/write 创建有关事件的注释
Microsoft.SecurityInsights/incidents/comments/delete 删除有关事件的注释
Microsoft.SecurityInsights/incidents/relations/read 获取事件与相关资源之间的关系
Microsoft.SecurityInsights/incidents/relations/write 更新事件与相关资源之间的关系
Microsoft.SecurityInsights/incidents/relations/delete 删除事件与相关资源之间的关系
Microsoft.SecurityInsights/incidents/tasks/read 获取事件的任务
Microsoft.SecurityInsights/incidents/tasks/write 更新事件的任务
Microsoft.SecurityInsights/incidents/tasks/delete 删除事件的任务
Microsoft.SecurityInsights/Metadata/read 读取 Sentinel 内容的元数据。
Microsoft.SecurityInsights/Metadata/write 写入 Sentinel 内容的元数据。
Microsoft.SecurityInsights/Metadata/delete 删除 Sentinel 内容的元数据。
Microsoft.SecurityInsights/officeConsents/read 获取 Microsoft Office 的同意
Microsoft.SecurityInsights/officeConsents/delete 删除 Microsoft Office 的同意
Microsoft.SecurityInsights/onboardingStates/read 获取加入状态
Microsoft.SecurityInsights/onboardingStates/write 更新加入状态
Microsoft.SecurityInsights/onboardingStates/delete 删除加入状态
Microsoft.SecurityInsights/operations/read Get 操作
Microsoft.SecurityInsights/securityMLAnalyticsSettings/read 获取分析设置
Microsoft.SecurityInsights/securityMLAnalyticsSettings/write 更新分析设置
Microsoft.SecurityInsights/securityMLAnalyticsSettings/delete 删除分析设置
Microsoft.SecurityInsights/settings/read 获取设置
Microsoft.SecurityInsights/settings/write 更新设置
Microsoft.SecurityInsights/settings/delete 删除设置
Microsoft.SecurityInsights/SourceControls/read 读取 SourceControls
Microsoft.SecurityInsights/SourceControls/write 写入 SourceControls
Microsoft.SecurityInsights/SourceControls/delete 删除 SourceControls
Microsoft.SecurityInsights/threatintelligence/read 获取威胁情报
Microsoft.SecurityInsights/threatintelligence/write 更新威胁情报
Microsoft.SecurityInsights/threatintelligence/delete 删除威胁情报
Microsoft.SecurityInsights/threatintelligence/query/action 查询威胁情报
Microsoft.SecurityInsights/threatintelligence/metrics/action 收集威胁情报指标
Microsoft.SecurityInsights/threatintelligence/bulkDelete/action 批量删除威胁情报
Microsoft.SecurityInsights/threatintelligence/bulkTag/action 批量标记威胁情报
Microsoft.SecurityInsights/threatintelligence/createIndicator/action 创建威胁情报指示器
Microsoft.SecurityInsights/threatintelligence/queryIndicators/action 查询威胁情报指示器
Microsoft.SecurityInsights/threatintelligence/bulkactions/read 读取 TI 批量操作对象
Microsoft.SecurityInsights/threatintelligence/bulkactions/write 创建或更新 TI 批量操作
Microsoft.SecurityInsights/threatintelligence/bulkactions/delete 删除 TI 批量操作
Microsoft.SecurityInsights/threatintelligence/bulkactions/query/action 查询威胁情报 STIX 对象
Microsoft.SecurityInsights/threatintelligence/bulkactions/count/action 查询威胁情报 STIX 对象计数
Microsoft.SecurityInsights/threatintelligence/indicators/write 更新威胁情报指示器
Microsoft.SecurityInsights/threatintelligence/indicators/delete 删除威胁情报指示器
Microsoft.SecurityInsights/threatintelligence/indicators/query/action 查询威胁情报指示器
Microsoft.SecurityInsights/threatintelligence/indicators/metrics/action 获取威胁情报指示器指标
Microsoft.SecurityInsights/threatintelligence/indicators/bulkDelete/action 批量删除威胁情报指示器
Microsoft.SecurityInsights/threatintelligence/indicators/bulkTag/action 批量标记威胁情报指示器
Microsoft.SecurityInsights/threatintelligence/indicators/read 获取威胁情报指示器
Microsoft.SecurityInsights/threatintelligence/indicators/appendTags/action 将标记追加到威胁情报指示器
Microsoft.SecurityInsights/threatintelligence/indicators/replaceTags/action 替换威胁情报指示器的标记
Microsoft.SecurityInsights/threatintelligence/ingestionrulelist/read 读取 TI 引入规则对象集
Microsoft.SecurityInsights/threatintelligence/ingestionrulelist/write 创建或更新 TI 引入规则集
Microsoft.SecurityInsights/threatintelligence/metrics/read 收集威胁情报指标
Microsoft.SecurityInsights/threatintelligence/threatactors/read 读取 TI 威胁行动者对象
Microsoft.SecurityInsights/threatintelligence/threatactors/write 创建或更新 TI 威胁行动者
Microsoft.SecurityInsights/threatintelligence/threatactors/delete 删除 TI 威胁行动者
Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/read 获取触发的分析规则运行
Microsoft.SecurityInsights/Watchlists/read 获取播放列表
Microsoft.SecurityInsights/Watchlists/write 创建播放列表
Microsoft.SecurityInsights/Watchlists/delete 删除播放列表
Microsoft.SecurityInsights/WorkspaceManagerAssignments/read 获取 WorkspaceManager 分配
Microsoft.SecurityInsights/WorkspaceManagerAssignments/write 创建 WorkspaceManager 分配
Microsoft.SecurityInsights/WorkspaceManagerAssignments/delete 删除 WorkspaceManager 分配
Microsoft.SecurityInsights/workspaceManagerAssignments/jobs/read 获取 WorkspaceManagerAssignments 作业
Microsoft.SecurityInsights/workspaceManagerAssignments/jobs/write 创建 WorkspaceManagerAssignments 作业
Microsoft.SecurityInsights/workspaceManagerAssignments/jobs/delete 删除 WorkspaceManagerAssignments 作业
Microsoft.SecurityInsights/WorkspaceManagerConfigurations/read 获取 WorkspaceManager 配置
Microsoft.SecurityInsights/WorkspaceManagerConfigurations/write 创建 WorkspaceManager 配置
Microsoft.SecurityInsights/WorkspaceManagerConfigurations/delete 删除 WorkspaceManager 配置
Microsoft.SecurityInsights/WorkspaceManagerGroups/read 获取 WorkspaceManager 组
Microsoft.SecurityInsights/WorkspaceManagerGroups/write 创建 WorkspaceManager 组
Microsoft.SecurityInsights/WorkspaceManagerGroups/delete 删除 WorkspaceManager 组
Microsoft.SecurityInsights/WorkspaceManagerMembers/read 获取 WorkspaceManager 成员
Microsoft.SecurityInsights/WorkspaceManagerMembers/write 创建 WorkspaceManager 成员
Microsoft.SecurityInsights/WorkspaceManagerMembers/delete 删除 WorkspaceManager 成员

后续步骤