Azure 常规权限

本文列出了“常规”类别中 Azure 资源提供程序的权限。 可以在自己的 Azure 自定义角色中使用这些权限,以针对 Azure 中的资源提供精细的访问控制。 权限字符串具有以下格式:{Company}.{ProviderName}/{resourceType}/{action}

Microsoft.Addons

Azure 服务:核心

操作 说明
Microsoft.Addons/register/action 向 Microsoft.Addons 注册指定的订阅
Microsoft.Addons/operations/read 获取受支持的 RP 操作。
Microsoft.Addons/supportProviders/listsupportplaninfo/action 列出指定的订阅的当前支持计划信息。
Microsoft.Addons/supportProviders/supportPlanTypes/read 获取指定的 Canonical 支持计划状态。
Microsoft.Addons/supportProviders/supportPlanTypes/write 添加指定的 Canonical 支持计划类型。
Microsoft.Addons/supportProviders/supportPlanTypes/delete 删除指定的 Canonical 支持计划

Microsoft.Capacity

Azure 服务:核心

操作 说明
Microsoft.Capacity/calculateprice/action 计算任何预留价格
Microsoft.Capacity/checkoffers/action 检查任何订阅套餐
Microsoft.Capacity/checkscopes/action 检查任何订阅
Microsoft.Capacity/validatereservationorder/action 验证任何预留
Microsoft.Capacity/reservationorders/action 更新任何预订
Microsoft.Capacity/register/action 注册容量资源提供程序,并启用容量资源的创建。
Microsoft.Capacity/unregister/action 取消注册任何租户
Microsoft.Capacity/calculateexchange/action 计算新购买项目的交换金额和价格,并返回策略错误。
Microsoft.Capacity/exchange/action 交换任何预留
Microsoft.Capacity/listSkus/action 在采用筛选器的情况下以及无任何限制的情况下列出 SKU
Microsoft.Capacity/appliedreservations/read 读取所有预订
Microsoft.Capacity/catalogs/read 读取预留目录
Microsoft.Capacity/commercialreservationorders/read 获取在任何租户中创建的预留订单
Microsoft.Capacity/operations/read 读取任何操作
Microsoft.Capacity/reservationorders/changedirectory/action 更改任何预留的目录
Microsoft.Capacity/reservationorders/availablescopes/action 查找任何可用范围
Microsoft.Capacity/reservationorders/read 读取所有预订
Microsoft.Capacity/reservationorders/write 创建任何预订
Microsoft.Capacity/reservationorders/delete 删除任何预订
Microsoft.Capacity/reservationorders/reservations/action 更新任何预订
Microsoft.Capacity/reservationorders/return/action 返回任何预留
Microsoft.Capacity/reservationorders/swap/action 交换任何预留
Microsoft.Capacity/reservationorders/split/action 拆分任何预留
Microsoft.Capacity/reservationorders/changeBilling/action 预留计费更改
Microsoft.Capacity/reservationorders/merge/action 合并任何预留
Microsoft.Capacity/reservationorders/calculaterefund/action 计算新购买项目的退款金额和价格,并返回策略错误。
Microsoft.Capacity/reservationorders/changebillingoperationresults/read 轮询任何预留计费更改操作
Microsoft.Capacity/reservationorders/mergeoperationresults/read 轮询任何合并操作
Microsoft.Capacity/reservationorders/reservations/availablescopes/action 查找任何可用范围
Microsoft.Capacity/reservationorders/reservations/read 读取所有预订
Microsoft.Capacity/reservationorders/reservations/write 创建任何预订
Microsoft.Capacity/reservationorders/reservations/delete 删除任何预订
Microsoft.Capacity/reservationorders/reservations/archive/action 存档处于终端状态(如过期、拆分等)的预留
Microsoft.Capacity/reservationorders/reservations/unarchive/action 取消存档以前存档的预留
Microsoft.Capacity/reservationorders/reservations/revisions/read 读取所有预订
Microsoft.Capacity/reservationorders/splitoperationresults/read 轮询任何拆分操作
Microsoft.Capacity/resourceProviders/locations/serviceLimits/read 获取指定资源和位置的当前服务限制或配额
Microsoft.Capacity/resourceProviders/locations/serviceLimits/write 为指定资源和位置创建服务限制或配额
Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read 获取指定资源和位置的任何服务限制请求
Microsoft.Capacity/tenants/register/action 注册任何租户

Microsoft.Marketplace

Azure 服务:核心

操作 说明
Microsoft.Marketplace/register/action 注册订阅中的 Microsoft.Marketplace 资源提供程序。
Microsoft.Marketplace/privateStores/action 更新 PrivateStore。
Microsoft.Marketplace/search/action 返回 Azure 专用存储市场目录产品/服务以及总计数和方面的列表
Microsoft.Marketplace/mysolutions/read 获取用户解决方案
Microsoft.Marketplace/mysolutions/write 创建或更新用户解决方案
Microsoft.Marketplace/mysolutions/delete 移除用户解决方案
Microsoft.Marketplace/offerTypes/publishers/offers/plans/agreements/read 返回一个协议。
Microsoft.Marketplace/offerTypes/publishers/offers/plans/agreements/write 接受已签名的协议。
Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/read 返回配置。
Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/write 保存配置。
Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/importImage/action 将映像导入到最终用户的 ACR。
Microsoft.Marketplace/privateStores/write 创建 PrivateStore。
Microsoft.Marketplace/privateStores/delete 删除 PrivateStore。
Microsoft.Marketplace/privateStores/offers/action 更新 PrivateStore 中的套餐。
Microsoft.Marketplace/privateStores/read 读取 PrivateStores。
Microsoft.Marketplace/privateStores/requestApprovals/action 更新请求审批
Microsoft.Marketplace/privateStores/fetchAllSubscriptionsInTenant/action 管理员提取租户中的所有订阅
Microsoft.Marketplace/privateStores/listStopSellOffersPlansNotifications/action 列出停止销售套餐计划通知
Microsoft.Marketplace/privateStores/listSubscriptionsContext/action 列出专用存储上下文中的订阅
Microsoft.Marketplace/privateStores/listNewPlansNotifications/action 列出新计划通知
Microsoft.Marketplace/privateStores/queryUserOffers/action 从有效负载中的套餐 ID 和用户订阅中提取已批准的产品/服务
Microsoft.Marketplace/privateStores/queryUserRules/action 提取用户订阅下用户的已批准规则
Microsoft.Marketplace/privateStores/anyExistingOffersInTheStore/action 如果存在适用于至少一个已启用集合的现有产品/服务,则返回 true
Microsoft.Marketplace/privateStores/queryInternalOfferIds/action 列出给定 Azure 应用程序和计划下的所有内部产品/服务
Microsoft.Marketplace/privateStores/adminRequestApprovals/read 读取所有请求审批详细信息,仅限管理员
Microsoft.Marketplace/privateStores/adminRequestApprovals/write 管理员使用对请求做出的决定来更新请求
Microsoft.Marketplace/privateStores/collections/approveAllItems/action 删除所有特定的已批准项并将集合设置为“allItemsApproved”
Microsoft.Marketplace/privateStores/collections/disableApproveAllItems/action 对于该集合,将“批准所有项”属性设置为“false”
Microsoft.Marketplace/privateStores/collections/setRules/action 在给定集合上设置规则
Microsoft.Marketplace/privateStores/collections/queryRules/action 在给定集合上获取规则
Microsoft.Marketplace/privateStores/collections/upsertOfferWithMultiContext/action 通过不同的上下文更新插入某个产品/服务
Microsoft.Marketplace/privateStores/collections/offers/action 按公共和订阅上下文获取集合套餐
Microsoft.Marketplace/privateStores/offers/write 在 PrivateStore 中创建套餐。
Microsoft.Marketplace/privateStores/offers/delete 从 PrivateStore 中删除套餐。
Microsoft.Marketplace/privateStores/offers/read 读取 PrivateStore 产品/服务。
Microsoft.Marketplace/privateStores/queryNotificationsState/read 读取通知状态详细信息,仅限管理员
Microsoft.Marketplace/privateStores/requestApprovals/read 读取请求审批
Microsoft.Marketplace/privateStores/requestApprovals/write 创建请求审核
Microsoft.Marketplace/privateStores/RequestApprovals/offer/acknowledgeNotification/write 确认通知,仅限管理员
Microsoft.Marketplace/privateStores/RequestApprovals/withdrawPlan/write 从产品/服务的通知中撤回计划

Microsoft.MarketplaceOrdering

Azure 服务:核心

操作 说明
Microsoft.MarketplaceOrdering/agreements/read 返回给定订阅下的所有协议
Microsoft.MarketplaceOrdering/agreements/offers/plans/read 返回给定市场项的协议
Microsoft.MarketplaceOrdering/agreements/offers/plans/sign/action 为给定市场项的协议签名
Microsoft.MarketplaceOrdering/agreements/offers/plans/cancel/action 取消给定市场项的协议
Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/read 获取给定市场虚拟机项的协议
Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/write 签订或取消给定市场虚拟机项的协议
Microsoft.MarketplaceOrdering/operations/read 列出 API 中所有可能的操作

Microsoft.Quota

Azure 服务:Azure Quotas

操作 说明
Microsoft.Quota/register/action 将订阅注册到 Microsoft.Quota 资源提供程序
Microsoft.Quota/groupQuotas/read 获取 GroupQuota
Microsoft.Quota/groupQuotas/write 创建 GroupQuota 资源
Microsoft.Quota/groupQuotas/groupQuotaLimits/read 获取指定资源的当前 GroupQuota
Microsoft.Quota/groupQuotas/groupQuotaLimits/write 为指定的资源创建 GroupQuota 请求
Microsoft.Quota/groupQuotas/groupQuotaRequests/read 获取特定请求的 GroupQuota 请求状态
Microsoft.Quota/groupQuotas/quotaAllocationRequests/read 获取特定请求的 GroupQuota 到订阅的配额分配请求状态
Microsoft.Quota/groupQuotas/quotaAllocations/read 获取当前 GroupQuota 到订阅的配额分配
Microsoft.Quota/groupQuotas/quotaAllocations/write 为指定资源创建 GroupQuota 到订阅的配额限制请求
Microsoft.Quota/groupQuotas/subscriptions/read 获取 GroupQuota 订阅
Microsoft.Quota/groupQuotas/subscriptions/write 将订阅添加到 GroupQuota 资源
Microsoft.Quota/operations/read 获取 Microsoft.Quota 支持的操作
Microsoft.Quota/quotaRequests/read 获取指定资源的任何服务限制请求
Microsoft.Quota/quotas/read 获取指定资源的当前服务限制或配额
Microsoft.Quota/quotas/write 为指定资源创建服务限制或配额请求
Microsoft.Quota/usages/read 获取资源提供程序的使用情况

Microsoft.Subscription

Azure 服务:核心

操作 说明
Microsoft.Subscription/cancel/action 取消订阅
Microsoft.Subscription/rename/action 重命名订阅
Microsoft.Subscription/enable/action 重新激活订阅
Microsoft.Subscription/aliases/write 创建订阅别名
Microsoft.Subscription/aliases/read 获取订阅别名
Microsoft.Subscription/aliases/delete 删除订阅别名
Microsoft.Subscription/changeTenantRequest/write 更改订阅的租户请求
Microsoft.Subscription/Policies/write 创建租户策略
Microsoft.Subscription/Policies/default/read 获取租户策略
Microsoft.Subscription/subscriptions/acceptOwnership/action 接受订阅所有权
Microsoft.Subscription/subscriptions/acceptChangeTenant/action 接受订阅的更改租户请求
Microsoft.Subscription/subscriptions/acceptOwnershipStatus/read 获取接受订阅所有权的状态
Microsoft.Subscription/subscriptions/changeTenantStatus/read 更改订阅的租户状态

后续步骤