本文列出了“常规”类别中 Azure 资源提供程序的权限。 可以在自己的 Azure 自定义角色中使用这些权限,以针对 Azure 中的资源提供精细的访问控制。 权限字符串具有以下格式:{Company}.{ProviderName}/{resourceType}/{action}
Microsoft.Addons
Azure 服务:核心
| 操作 | 说明 |
|---|---|
Microsoft.Addons/register/action |
向 Microsoft.Addons 注册指定的订阅 |
Microsoft.Addons/operations/read |
获取受支持的 RP 操作。 |
Microsoft.Addons/supportProviders/listsupportplaninfo/action |
列出指定的订阅的当前支持计划信息。 |
Microsoft.Addons/supportProviders/supportPlanTypes/read |
获取指定的 Canonical 支持计划状态。 |
Microsoft.Addons/supportProviders/supportPlanTypes/write |
添加指定的 Canonical 支持计划类型。 |
Microsoft.Addons/supportProviders/supportPlanTypes/delete |
删除指定的 Canonical 支持计划 |
Microsoft.Capacity
Azure 服务:核心
| 操作 | 说明 |
|---|---|
Microsoft.Capacity/calculateprice/action |
计算任何预留价格 |
Microsoft.Capacity/checkoffers/action |
检查任何订阅套餐 |
Microsoft.Capacity/checkscopes/action |
检查任何订阅 |
Microsoft.Capacity/validatereservationorder/action |
验证任何预留 |
Microsoft.Capacity/reservationorders/action |
更新任何预订 |
Microsoft.Capacity/register/action |
注册容量资源提供程序,并启用容量资源的创建。 |
Microsoft.Capacity/unregister/action |
取消注册任何租户 |
Microsoft.Capacity/calculateexchange/action |
计算新购买项目的交换金额和价格,并返回策略错误。 |
Microsoft.Capacity/exchange/action |
交换任何预留 |
Microsoft.Capacity/listSkus/action |
在采用筛选器的情况下以及无任何限制的情况下列出 SKU |
Microsoft.Capacity/appliedreservations/read |
读取所有预订 |
Microsoft.Capacity/catalogs/read |
读取预留目录 |
Microsoft.Capacity/commercialreservationorders/read |
获取在任何租户中创建的预留订单 |
Microsoft.Capacity/operations/read |
读取任何操作 |
Microsoft.Capacity/reservationorders/changedirectory/action |
更改任何预留的目录 |
Microsoft.Capacity/reservationorders/availablescopes/action |
查找任何可用范围 |
Microsoft.Capacity/reservationorders/read |
读取所有预订 |
Microsoft.Capacity/reservationorders/write |
创建任何预订 |
Microsoft.Capacity/reservationorders/delete |
删除任何预订 |
Microsoft.Capacity/reservationorders/reservations/action |
更新任何预订 |
Microsoft.Capacity/reservationorders/return/action |
返回任何预留 |
Microsoft.Capacity/reservationorders/swap/action |
交换任何预留 |
Microsoft.Capacity/reservationorders/split/action |
拆分任何预留 |
Microsoft.Capacity/reservationorders/changeBilling/action |
预留计费更改 |
Microsoft.Capacity/reservationorders/merge/action |
合并任何预留 |
Microsoft.Capacity/reservationorders/calculaterefund/action |
计算新购买项目的退款金额和价格,并返回策略错误。 |
Microsoft.Capacity/reservationorders/changebillingoperationresults/read |
轮询任何预留计费更改操作 |
Microsoft.Capacity/reservationorders/mergeoperationresults/read |
轮询任何合并操作 |
Microsoft.Capacity/reservationorders/reservations/availablescopes/action |
查找任何可用范围 |
Microsoft.Capacity/reservationorders/reservations/read |
读取所有预订 |
Microsoft.Capacity/reservationorders/reservations/write |
创建任何预订 |
Microsoft.Capacity/reservationorders/reservations/delete |
删除任何预订 |
Microsoft.Capacity/reservationorders/reservations/archive/action |
存档处于终端状态(如过期、拆分等)的预留 |
Microsoft.Capacity/reservationorders/reservations/unarchive/action |
取消存档以前存档的预留 |
Microsoft.Capacity/reservationorders/reservations/revisions/read |
读取所有预订 |
Microsoft.Capacity/reservationorders/splitoperationresults/read |
轮询任何拆分操作 |
Microsoft.Capacity/resourceProviders/locations/serviceLimits/read |
获取指定资源和位置的当前服务限制或配额 |
Microsoft.Capacity/resourceProviders/locations/serviceLimits/write |
为指定资源和位置创建服务限制或配额 |
Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read |
获取指定资源和位置的任何服务限制请求 |
Microsoft.Capacity/tenants/register/action |
注册任何租户 |
Microsoft.Marketplace
Azure 服务:核心
| 操作 | 说明 |
|---|---|
Microsoft.Marketplace/register/action |
注册订阅中的 Microsoft.Marketplace 资源提供程序。 |
Microsoft.Marketplace/privateStores/action |
更新 PrivateStore。 |
Microsoft.Marketplace/search/action |
返回 Azure 专用存储市场目录产品/服务以及总计数和方面的列表 |
Microsoft.Marketplace/locations/edgeZones/products/read |
返回特定边缘区域和位置的产品列表 |
Microsoft.Marketplace/mysolutions/read |
获取用户解决方案 |
Microsoft.Marketplace/mysolutions/write |
创建或更新用户解决方案 |
Microsoft.Marketplace/mysolutions/delete |
移除用户解决方案 |
Microsoft.Marketplace/offers/read |
返回一个优惠 |
Microsoft.Marketplace/offerTypes/publishers/offers/plans/agreements/read |
返回一个协议。 |
Microsoft.Marketplace/offerTypes/publishers/offers/plans/agreements/write |
接受已签名的协议。 |
Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/read |
返回配置。 |
Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/write |
保存配置。 |
Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/importImage/action |
将映像导入到最终用户的 ACR。 |
Microsoft.Marketplace/privateStores/write |
创建 PrivateStore。 |
Microsoft.Marketplace/privateStores/delete |
删除 PrivateStore。 |
Microsoft.Marketplace/privateStores/offers/action |
更新 PrivateStore 中的套餐。 |
Microsoft.Marketplace/privateStores/read |
读取 PrivateStores。 |
Microsoft.Marketplace/privateStores/requestApprovals/action |
更新请求审批 |
Microsoft.Marketplace/privateStores/fetchAllSubscriptionsInTenant/action |
管理员提取租户中的所有订阅 |
Microsoft.Marketplace/privateStores/listStopSellOffersPlansNotifications/action |
列出停止销售套餐计划通知 |
Microsoft.Marketplace/privateStores/listSubscriptionsContext/action |
列出专用存储上下文中的订阅 |
Microsoft.Marketplace/privateStores/listNewPlansNotifications/action |
列出新计划通知 |
Microsoft.Marketplace/privateStores/queryUserOffers/action |
从有效负载中的套餐 ID 和用户订阅中提取已批准的产品/服务 |
Microsoft.Marketplace/privateStores/queryUserRules/action |
提取用户订阅下用户的已批准规则 |
Microsoft.Marketplace/privateStores/anyExistingOffersInTheStore/action |
如果存在适用于至少一个已启用集合的现有产品/服务,则返回 true |
Microsoft.Marketplace/privateStores/queryInternalOfferIds/action |
列出给定 Azure 应用程序和计划下的所有内部产品/服务 |
Microsoft.Marketplace/privateStores/adminRequestApprovals/read |
读取所有请求审批详细信息,仅限管理员 |
Microsoft.Marketplace/privateStores/adminRequestApprovals/write |
管理员使用对请求做出的决定来更新请求 |
Microsoft.Marketplace/privateStores/collections/approveAllItems/action |
删除所有特定的已批准项并将集合设置为“allItemsApproved” |
Microsoft.Marketplace/privateStores/collections/disableApproveAllItems/action |
对于该集合,将“批准所有项”属性设置为“false” |
Microsoft.Marketplace/privateStores/collections/setRules/action |
在给定集合上设置规则 |
Microsoft.Marketplace/privateStores/collections/queryRules/action |
在给定集合上获取规则 |
Microsoft.Marketplace/privateStores/collections/upsertOfferWithMultiContext/action |
通过不同的上下文更新插入某个产品/服务 |
Microsoft.Marketplace/privateStores/collections/offers/action |
按公共和订阅上下文获取集合套餐 |
Microsoft.Marketplace/privateStores/collections/offers/contextsView/action |
检索多个订阅上下文的产品/服务详细信息和计划,包括已批准的停止销售和隐藏计划 |
Microsoft.Marketplace/privateStores/offers/write |
在 PrivateStore 中创建套餐。 |
Microsoft.Marketplace/privateStores/offers/delete |
从 PrivateStore 中删除套餐。 |
Microsoft.Marketplace/privateStores/offers/read |
读取 PrivateStore 产品/服务。 |
Microsoft.Marketplace/privateStores/queryNotificationsState/read |
读取通知状态详细信息,仅限管理员 |
Microsoft.Marketplace/privateStores/requestApprovals/read |
读取请求审批 |
Microsoft.Marketplace/privateStores/requestApprovals/write |
创建请求审核 |
Microsoft.Marketplace/privateStores/RequestApprovals/offer/acknowledgeNotification/write |
确认通知,仅限管理员 |
Microsoft.Marketplace/privateStores/RequestApprovals/withdrawPlan/write |
从产品/服务的通知中撤回计划 |
Microsoft.Marketplace/products/read |
返回产品 |
Microsoft.MarketplaceOrdering
Azure 服务:核心
| 操作 | 说明 |
|---|---|
Microsoft.MarketplaceOrdering/agreements/read |
返回给定订阅下的所有协议 |
Microsoft.MarketplaceOrdering/agreements/offers/plans/read |
返回给定市场项的协议 |
Microsoft.MarketplaceOrdering/agreements/offers/plans/sign/action |
为给定市场项的协议签名 |
Microsoft.MarketplaceOrdering/agreements/offers/plans/cancel/action |
取消给定市场项的协议 |
Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/read |
获取给定市场虚拟机项的协议 |
Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/write |
签订或取消给定市场虚拟机项的协议 |
Microsoft.MarketplaceOrdering/operations/read |
列出 API 中所有可能的操作 |
Microsoft.Quota
Azure 服务:Azure Quotas
| 操作 | 说明 |
|---|---|
Microsoft.Quota/register/action |
将订阅注册到 Microsoft.Quota 资源提供程序 |
Microsoft.Quota/groupQuotas/read |
获取 GroupQuota |
Microsoft.Quota/groupQuotas/write |
创建 GroupQuota 资源 |
Microsoft.Quota/groupQuotas/delete |
删除 GroupQuota 资源 |
Microsoft.Quota/groupQuotas/groupQuotaLimits/read |
获取指定资源的当前 GroupQuota |
Microsoft.Quota/groupQuotas/groupQuotaLimits/write |
为指定的资源创建 GroupQuota 请求 |
Microsoft.Quota/groupQuotas/groupQuotaRequests/read |
获取特定请求的 GroupQuota 请求状态 |
Microsoft.Quota/groupQuotas/quotaAllocationRequests/read |
获取特定请求的 GroupQuota 到订阅的配额分配请求状态 |
Microsoft.Quota/groupQuotas/quotaAllocations/read |
获取当前 GroupQuota 到订阅的配额分配 |
Microsoft.Quota/groupQuotas/quotaAllocations/write |
为指定资源创建 GroupQuota 到订阅的配额限制请求 |
Microsoft.Quota/groupQuotas/subscriptions/read |
获取 GroupQuota 订阅 |
Microsoft.Quota/groupQuotas/subscriptions/write |
将订阅添加到 GroupQuota 资源 |
Microsoft.Quota/groupQuotas/subscriptions/delete |
从 GroupQuota 资源中删除订阅 |
Microsoft.Quota/operations/read |
获取 Microsoft.Quota 支持的操作 |
Microsoft.Quota/quotaRequests/read |
获取指定资源的任何服务限制请求 |
Microsoft.Quota/quotas/read |
获取指定资源的当前服务限制或配额 |
Microsoft.Quota/quotas/write |
为指定资源创建服务限制或配额请求 |
Microsoft.Quota/usages/read |
获取资源提供程序的使用情况 |
Microsoft 订阅服务
Azure 服务:核心
| 操作 | 说明 |
|---|---|
Microsoft.Subscription/cancel/action |
取消订阅 |
Microsoft.Subscription/rename/action |
重命名订阅 |
Microsoft.Subscription/enable/action |
重新激活订阅 |
Microsoft.Subscription/aliases/write |
创建订阅别名 |
Microsoft.Subscription/aliases/read |
获取订阅别名 |
Microsoft.Subscription/aliases/delete |
删除订阅别名 |
Microsoft.Subscription/changeTenantRequest/write |
更改订阅的租户请求 |
Microsoft.Subscription/Policies/write |
创建租户策略 |
Microsoft.Subscription/Policies/default/read |
获取租户策略 |
Microsoft.Subscription/subscriptions/acceptOwnership/action |
接受订阅所有权 |
Microsoft.Subscription/subscriptions/acceptChangeTenant/action |
接受订阅的更改租户请求 |
Microsoft.Subscription/subscriptions/acceptOwnershipStatus/read |
获取接受订阅所有权的状态 |
Microsoft.Subscription/subscriptions/changeTenantStatus/read |
更改订阅的租户状态 |