Azure DevOps 权限

  • 项目

本文列出了 DevOps 类别中 Azure 资源提供程序的权限。 可以在自己的 Azure 自定义角色中使用这些权限,以针对 Azure 中的资源提供精细的访问控制。 权限字符串具有以下格式:{Company}.{ProviderName}/{resourceType}/{action}

Microsoft.Chaos

操作 说明
Microsoft.Chaos/register/action 注册混沌测试资源提供程序的订阅,并启用混沌测试资源的创建。
Microsoft.Chaos/unregister/action 取消注册混沌测试资源提供程序的订阅,并启用混沌测试资源的创建。
Microsoft.Chaos/experiments/write 在资源组中创建或更新混沌试验资源。
Microsoft.Chaos/experiments/delete 删除资源组中的混沌试验资源。
Microsoft.Chaos/experiments/read 获取资源组中的所有混沌试验。
Microsoft.Chaos/experiments/start/action 启动混沌试验以注入故障。
Microsoft.Chaos/experiments/cancel/action 取消正在运行的混沌试验以停止故障注入。
Microsoft.Chaos/experiments/executions/read 获取给定混沌试验的所有混沌试验执行。
Microsoft.Chaos/experiments/executions/getExecutionDetails/action 获取给定混沌试验的所有混沌试验执行的详细信息。
Microsoft.Chaos/locations/operationResults/read 获取操作结果。
Microsoft.Chaos/locations/operationStatuses/read 获取操作状态。
Microsoft.Chaos/locations/targetTypes/read 获取所有 TargetType。
Microsoft.Chaos/locations/targetTypes/capabilityTypes/read 获取所有 CapabilityType。
Microsoft.Chaos/operations/read 读取 Chaos Studio 的可用操作。
Microsoft.Chaos/skus/read 读取 Chaos Studio 的可用 SKU。
Microsoft.Chaos/targets/write 创建或更新用于扩展受跟踪资源的目标资源。
Microsoft.Chaos/targets/delete 删除用于扩展受跟踪资源的目标资源。
Microsoft.Chaos/targets/read 获取用于扩展受跟踪资源的所有目标。
Microsoft.Chaos/targets/capabilities/write 创建或更新用于扩展目标资源的功能资源。
Microsoft.Chaos/targets/capabilities/delete 删除用于扩展目标资源的功能资源。
Microsoft.Chaos/targets/capabilities/read 获取用于扩展目标资源的所有功能。

Microsoft.LabServices

为课堂、试用版、开发和测试以及其他应用场景设置实验室。

操作 说明
Microsoft.LabServices/register/action 向实验室服务提供商注册订阅并启用实验室创建。
Microsoft.LabServices/unregister/action 向实验室服务提供商取消注册订阅。
Microsoft.LabServices/labAccounts/delete 删除实验室帐户。
Microsoft.LabServices/labAccounts/read 读取实验室帐户。
Microsoft.LabServices/labAccounts/write 添加或修改实验室帐户。
Microsoft.LabServices/labAccounts/CreateLab/action 在实验室帐户中创建实验室。
Microsoft.LabServices/labAccounts/GetRegionalAvailability/action 获取实验室帐户下配置的每个大小类别的区域可用性信息
Microsoft.LabServices/labAccounts/GetPricingAndAvailability/action 获取实验室帐户的大小、地理位置和操作系统组合的定价与可用性。
Microsoft.LabServices/labAccounts/GetRestrictionsAndUsage/action 获取此订阅的核心限制和用量
Microsoft.LabServices/labAccounts/galleryImages/delete 删除库映像。
Microsoft.LabServices/labAccounts/galleryImages/read 读取库映像。
Microsoft.LabServices/labAccounts/galleryImages/write 添加或修改库映像。
Microsoft.LabServices/labAccounts/labs/delete 删除实验室。
Microsoft.LabServices/labAccounts/labs/read 读取实验室。
Microsoft.LabServices/labAccounts/labs/write 添加或修改实验室。
Microsoft.LabServices/labAccounts/labs/AddUsers/action 将用户添加到实验室
Microsoft.LabServices/labAccounts/labs/SendEmail/action 发送包含实验室注册链接的电子邮件
Microsoft.LabServices/labAccounts/labs/GetLabPricingAndAvailability/action 获取此实验室的每个实验室单位的定价,以及指示此实验室是否可纵向扩展的可用性。
Microsoft.LabServices/labAccounts/labs/SyncUserList/action 将来自 AAD 组的更改同步到用户列表
Microsoft.LabServices/labAccounts/labs/environmentSettings/delete 删除环境设置。
Microsoft.LabServices/labAccounts/labs/environmentSettings/read 读取环境设置。
Microsoft.LabServices/labAccounts/labs/environmentSettings/write 添加或修改环境设置。
Microsoft.LabServices/labAccounts/labs/environmentSettings/Publish/action 基于实验室/环境设置的当前状态设置/取消设置环境设置的所需资源。
Microsoft.LabServices/labAccounts/labs/environmentSettings/Start/action 通过启动模板内的所有资源来启动模板。
Microsoft.LabServices/labAccounts/labs/environmentSettings/Stop/action 通过停止模板内的所有资源来停止模板。
Microsoft.LabServices/labAccounts/labs/environmentSettings/SaveImage/action 将当前模板映像保存到实验室帐户中的共享库
Microsoft.LabServices/labAccounts/labs/environmentSettings/ResetPassword/action 重置模板虚拟机上的密码。
Microsoft.LabServices/labAccounts/labs/environmentSettings/environments/delete 删除环境。
Microsoft.LabServices/labAccounts/labs/environmentSettings/environments/read 读取环境。
Microsoft.LabServices/labAccounts/labs/environmentSettings/environments/Start/action 通过启动环境内的所有资源来启动环境。
Microsoft.LabServices/labAccounts/labs/environmentSettings/environments/Stop/action 通过停止环境内的所有资源来停止环境。
Microsoft.LabServices/labAccounts/labs/environmentSettings/environments/ResetPassword/action 在环境中重置用户密码
Microsoft.LabServices/labAccounts/labs/environmentSettings/schedules/delete 删除计划。
Microsoft.LabServices/labAccounts/labs/environmentSettings/schedules/read 读取计划。
Microsoft.LabServices/labAccounts/labs/environmentSettings/schedules/write 添加或修改计划。
Microsoft.LabServices/labAccounts/labs/users/delete 删除用户。
Microsoft.LabServices/labAccounts/labs/users/read 读取用户。
Microsoft.LabServices/labAccounts/labs/users/write 添加或修改用户。
Microsoft.LabServices/labAccounts/sharedGalleries/delete 删除 sharedgalleries。
Microsoft.LabServices/labAccounts/sharedGalleries/read 读取 sharedgalleries。
Microsoft.LabServices/labAccounts/sharedGalleries/write 添加或修改 sharedgalleries。
Microsoft.LabServices/labAccounts/sharedImages/delete 删除 sharedimages。
Microsoft.LabServices/labAccounts/sharedImages/read 读取 sharedimages。
Microsoft.LabServices/labAccounts/sharedImages/write 添加或修改 sharedimages。
Microsoft.LabServices/labPlans/read 获取实验室计划的属性。
Microsoft.LabServices/labPlans/write 新建实验室计划或更新现有计划。
Microsoft.LabServices/labPlans/delete 删除实验室计划。
Microsoft.LabServices/labPlans/saveImage/action 从附加到实验室计划的库中的虚拟机创建映像。
Microsoft.LabServices/labPlans/images/read 获取映像的属性。
Microsoft.LabServices/labPlans/images/write 启用或禁用市场或库映像。
Microsoft.LabServices/labs/read 获取实验室的属性。
Microsoft.LabServices/labs/write 新建实验室或更新现有的实验室。
Microsoft.LabServices/labs/delete 删除实验室及其所有用户、计划和虚拟机。
Microsoft.LabServices/labs/publish/action 通过将模板虚拟机的映像传播到实验室中的所有虚拟机来发布实验室。
Microsoft.LabServices/labs/syncGroup/action 更新分配到实验室的 Active Directory 组中用户的列表。
Microsoft.LabServices/labs/schedules/read 获取计划的属性。
Microsoft.LabServices/labs/schedules/write 新建计划或更新现有的计划。
Microsoft.LabServices/labs/schedules/delete 删除计划。
Microsoft.LabServices/labs/users/read 获取用户的属性。
Microsoft.LabServices/labs/users/write 新建用户或更新现有的用户。
Microsoft.LabServices/labs/users/delete 删除用户。
Microsoft.LabServices/labs/users/invite/action 向用户发送电子邮件以邀请其加入实验室。
Microsoft.LabServices/labs/virtualMachines/read 获取虚拟机的属性。
Microsoft.LabServices/labs/virtualMachines/start/action 启动虚拟机。
Microsoft.LabServices/labs/virtualMachines/stop/action 停止和释放虚拟机。
Microsoft.LabServices/labs/virtualMachines/reimage/action 将虚拟机重新映像到上次发布的映像。
Microsoft.LabServices/labs/virtualMachines/redeploy/action 将虚拟机重新部署到其他计算节点。
Microsoft.LabServices/labs/virtualMachines/resetPassword/action 重置虚拟机上本地用户的密码。
Microsoft.LabServices/locations/operationResults/read 获取异步操作的属性和状态。
Microsoft.LabServices/locations/operations/read 读取操作。
Microsoft.LabServices/locations/usages/read 获取位置中的使用情况
Microsoft.LabServices/skus/read 获取实验室服务 SKU 的属性。
Microsoft.LabServices/users/Register/action 将用户注册到托管的实验室
Microsoft.LabServices/users/ListAllEnvironments/action 列出用户的所有环境
Microsoft.LabServices/users/StartEnvironment/action 通过启动环境内的所有资源来启动环境。
Microsoft.LabServices/users/StopEnvironment/action 通过停止环境内的所有资源来停止环境。
Microsoft.LabServices/users/ResetPassword/action 在环境中重置用户密码
Microsoft.LabServices/users/UserSettings/action 更新并返回个人用户设置。
DataAction 说明
Microsoft.LabServices/labPlans/createLab/action 从实验室计划创建新实验室。

Microsoft.SecurityDevOps

Azure 服务:Microsoft Defender for Cloud

操作 说明
Microsoft.SecurityDevOps/register/action 注册 Microsoft.SecurityDevOps 的订阅
Microsoft.SecurityDevOps/unregister/action 取消注册 Microsoft.SecurityDevOps 的订阅
Microsoft.SecurityDevOps/azureDevOpsConnectors/read 读取 azureDevOpsConnectors
Microsoft.SecurityDevOps/azureDevOpsConnectors/read 读取 azureDevOpsConnectors
Microsoft.SecurityDevOps/azureDevOpsConnectors/write 写入 azureDevOpsConnectors
Microsoft.SecurityDevOps/azureDevOpsConnectors/delete 删除 azureDevOpsConnectors
Microsoft.SecurityDevOps/azureDevOpsConnectors/write 写入 azureDevOpsConnectors
Microsoft.SecurityDevOps/azureDevOpsConnectors/configure/action 操作配置
Microsoft.SecurityDevOps/azureDevOpsConnectors/read 读取 azureDevOpsConnectors
Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/read 读取组织
Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/write 写入组织
Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/write 写入组织
Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/read 读取组织
Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/read 读取项目
Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/write 写入项目
Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/write 写入项目
Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/read 读取项目
Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos/read 读取存储库
Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos/write 写入存储库
Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos/write 写入存储库
Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos/read 读取存储库
Microsoft.SecurityDevOps/azureDevOpsConnectors/repos/read 读取存储库
Microsoft.SecurityDevOps/azureDevOpsConnectors/stats/read 读取统计信息
Microsoft.SecurityDevOps/gitHubConnectors/read 读取 gitHubConnectors
Microsoft.SecurityDevOps/gitHubConnectors/read 读取 gitHubConnectors
Microsoft.SecurityDevOps/gitHubConnectors/write 写入 gitHubConnectors
Microsoft.SecurityDevOps/gitHubConnectors/delete 删除 gitHubConnectors
Microsoft.SecurityDevOps/gitHubConnectors/write 写入 gitHubConnectors
Microsoft.SecurityDevOps/gitHubConnectors/configure/action 操作配置
Microsoft.SecurityDevOps/gitHubConnectors/read 读取 gitHubConnectors
Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/read 读取 gitHubInstallations
Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/read 读取 gitHubInstallations
Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/gitHubRepositories/read 读取 gitHubRepositories
Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/gitHubRepositories/read 读取 gitHubRepositories
Microsoft.SecurityDevOps/gitHubConnectors/owners/read 读取所有者
Microsoft.SecurityDevOps/gitHubConnectors/owners/read 读取所有者
Microsoft.SecurityDevOps/gitHubConnectors/owners/write 写入所有者
Microsoft.SecurityDevOps/gitHubConnectors/owners/write 写入所有者
Microsoft.SecurityDevOps/gitHubConnectors/owners/repos/read 读取存储库
Microsoft.SecurityDevOps/gitHubConnectors/owners/repos/read 读取存储库
Microsoft.SecurityDevOps/gitHubConnectors/owners/repos/write 写入存储库
Microsoft.SecurityDevOps/gitHubConnectors/owners/repos/write 写入存储库
Microsoft.SecurityDevOps/gitHubConnectors/repos/read 读取存储库
Microsoft.SecurityDevOps/gitHubConnectors/stats/read 读取统计信息
Microsoft.SecurityDevOps/gitLabConnectors/read 读取 gitLabConnectors
Microsoft.SecurityDevOps/gitLabConnectors/read 读取 gitLabConnectors
Microsoft.SecurityDevOps/gitLabConnectors/write 写入 gitLabConnectors
Microsoft.SecurityDevOps/gitLabConnectors/delete 删除 gitLabConnectors
Microsoft.SecurityDevOps/gitLabConnectors/write 写入 gitLabConnectors
Microsoft.SecurityDevOps/gitLabConnectors/configure/action 操作配置
Microsoft.SecurityDevOps/gitLabConnectors/read 读取 gitLabConnectors
Microsoft.SecurityDevOps/gitLabConnectors/groups/read 读取组
Microsoft.SecurityDevOps/gitLabConnectors/groups/read 读取组
Microsoft.SecurityDevOps/gitLabConnectors/groups/write 写入组
Microsoft.SecurityDevOps/gitLabConnectors/groups/delete 删除组
Microsoft.SecurityDevOps/gitLabConnectors/groups/write 写入组
Microsoft.SecurityDevOps/gitLabConnectors/groups/listSubgroups/action 操作 listSubgroups
Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/read 读取项目
Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/read 读取项目
Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/write 写入项目
Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/delete 删除项目
Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/write 写入项目
Microsoft.SecurityDevOps/gitLabConnectors/projects/read 读取项目
Microsoft.SecurityDevOps/gitLabConnectors/stats/read 读取统计信息
Microsoft.SecurityDevOps/Locations/OperationStatuses/read 读取 OperationStatuses
Microsoft.SecurityDevOps/Locations/OperationStatuses/write 写入 OperationStatuses
Microsoft.SecurityDevOps/Operations/read 读取操作

Microsoft.VisualStudio

功能强大且灵活的环境,用于在云中开发应用程序。

Azure 服务:Azure DevOps

操作 说明
Microsoft.VisualStudio/Register/Action 使用 Microsoft.VisualStudio 提供程序注册 Azure 订阅
Microsoft.VisualStudio/Account/Write 设置帐户
Microsoft.VisualStudio/Account/Delete 删除帐户
Microsoft.VisualStudio/Account/Read 读取帐户
Microsoft.VisualStudio/Account/Extension/Read 读取帐户/扩展
Microsoft.VisualStudio/Account/Project/Read 读取帐户/项目
Microsoft.VisualStudio/Account/Project/Write 设置帐户/项目
Microsoft.VisualStudio/Extension/Write 设置扩展
Microsoft.VisualStudio/Extension/Delete 删除扩展
Microsoft.VisualStudio/Extension/Read 读取扩展
Microsoft.VisualStudio/Project/Write 设置项目
Microsoft.VisualStudio/Project/Delete 删除项目
Microsoft.VisualStudio/Project/Read 读取项目

后续步骤