Azure 资源的内置角色Built-in roles for Azure resources

基于角色的访问控制 (RBAC) 拥有 Azure 资源的多个内置角色,可将其分配给用户、组、服务主体和托管标识。Role-based access control (RBAC) has several built-in roles for Azure resources that you can assign to users, groups, service principals, and managed identities. 角色分配是控制对 Azure 资源的访问的方式。Role assignments are the way you control access to Azure resources. 如果内置角色不能满足组织的特定需求,则可以为 Azure 资源创建你自己的自定义角色If the built-in roles don't meet the specific needs of your organization, you can create your own custom roles for Azure resources.

本文列出了 Azure 资源的内置角色,这些角色总是在不断发展。This article lists the built-in roles for Azure resources, which are always evolving. 若要获取最新角色,请使用 Get-AzRoleDefinitionaz role definition listTo get the latest roles, use Get-AzRoleDefinition or az role definition list. 如果你正在寻找 Azure Active Directory 的管理员角色,请参阅 Azure Active Directory 中的管理员角色权限If you are looking for administrator roles for Azure Active Directory, see Administrator role permissions in Azure Active Directory.

内置角色说明Built-in role descriptions

下表提供了每个内置角色的简短说明。The following table provides a brief description of each built-in role. 单击角色名称,查看每个角色的 ActionsNotActionsDataActionsNotDataActions 列表。Click the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. 有关这些操作的含义以及它们如何应用于管理和数据平面的信息,请参阅了解 Azure 资源的角色定义For information about what these actions mean and how they apply to the management and data planes, see Understand role definitions for Azure resources.

内置角色Built-in role 说明Description
所有者Owner 允许管理所有功能,包括对资源的访问权限。Lets you manage everything, including access to resources.
参与者Contributor 允许管理所有功能(对资源的访问权限除外)。Lets you manage everything except access to resources.
读者Reader 允许查看所有内容,但不能进行任何更改。Lets you view everything, but not make any changes.
AcrDeleteAcrDelete acr deleteacr delete
AcrImageSignerAcrImageSigner ACR 映像签名程序acr image signer
AcrPullAcrPull acr 拉取acr pull
AcrPushAcrPush acr 推送acr push
AcrQuarantineReaderAcrQuarantineReader ACR 隔离数据读取器acr quarantine data reader
AcrQuarantineWriterAcrQuarantineWriter ACR 隔离数据编写器acr quarantine data writer
API 管理服务参与者API Management Service Contributor 可以管理服务和 APICan manage service and the APIs
API 管理服务操作员角色API Management Service Operator Role 可以管理服务,但不可管理 APICan manage service but not the APIs
API 管理服务读者角色API Management Service Reader Role 对服务和 API 的只读访问权限Read-only access to service and APIs
自动化作业操作员Automation Job Operator 使用自动化 Runbook 创建和管理作业。Create and Manage Jobs using Automation Runbooks.
自动化运算符Automation Operator 自动化操作员能够启动、停止、暂停和恢复作业Automation Operators are able to start, stop, suspend, and resume jobs
自动化 Runbook 操作员Automation Runbook Operator 读取 Runbook 属性 - 以能够创建 runbook 的作业。Read Runbook properties - to be able to create Jobs of the runbook.
Avere 参与者Avere Contributor 可以创建和管理 Avere vFXT 群集。Can create and manage an Avere vFXT cluster.
Avere 操作员Avere Operator 由 Avere vFXT 群集用来管理群集Used by the Avere vFXT cluster to manage the cluster
Azure Kubernetes 服务群集管理员角色Azure Kubernetes Service Cluster Admin Role 列出群集管理员凭据操作。List cluster admin credential action.
Azure Kubernetes 服务群集用户角色Azure Kubernetes Service Cluster User Role 列出群集用户凭据操作。List cluster user credential action.
Azure Stack 注册所有者Azure Stack Registration Owner 允许管理 Azure Stack 注册。Lets you manage Azure Stack registrations.
备份参与者Backup Contributor 允许管理备份服务,但不允许创建保管库以及授予其他人访问权限Lets you manage backup service,but can't create vaults and give access to others
备份操作员Backup Operator 允许管理备份服务,但删除备份、创建保管库以及授予其他人访问权限除外Lets you manage backup services, except removal of backup, vault creation and giving access to others
备份读者Backup Reader 可以查看备份服务,但是不能进行更改Can view backup services, but can't make changes
计费读者Billing Reader 允许对帐单数据进行读取访问Allows read access to billing data
CDN 终结点参与者CDN Endpoint Contributor 可以管理 CDN 终结点,但不能向其他用户授予访问权限。Can manage CDN endpoints, but can’t grant access to other users.
CDN 终结点读者CDN Endpoint Reader 可以查看 CDN 终结点,但不能进行更改。Can view CDN endpoints, but can’t make changes.
CDN 配置文件参与者CDN Profile Contributor 可以管理 CDN 配置文件及其终结点,但不能向其他用户授予访问权限。Can manage CDN profiles and their endpoints, but can’t grant access to other users.
CDN 配置文件读者CDN Profile Reader 可以查看 CDN 配置文件及其终结点,但不能进行更改。Can view CDN profiles and their endpoints, but can’t make changes.
经典网络参与者Classic Network Contributor 允许管理经典网络,但不允许访问这些网络。Lets you manage classic networks, but not access to them.
经典存储帐户参与者Classic Storage Account Contributor 允许管理经典存储帐户,但不允许对其进行访问。Lets you manage classic storage accounts, but not access to them.
经典存储帐户密钥操作员服务角色Classic Storage Account Key Operator Service Role 允许经典存储帐户密钥操作员在经典存储帐户上列出和再生成密钥Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts
经典虚拟机参与者Classic Virtual Machine Contributor 允许管理经典虚拟机,但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they’re connected to.
认知服务参与者Cognitive Services Contributor 允许创建、读取、更新、删除和管理认知服务的密钥。Lets you create, read, update, delete and manage keys of Cognitive Services.
认知服务数据读者(预览)Cognitive Services Data Reader (Preview) 可以读取认知服务数据。Lets you read Cognitive Services data.
认知服务用户Cognitive Services User 允许读取和列出认知服务的密钥。Lets you read and list keys of Cognitive Services.
Cosmos DB 帐户读者角色Cosmos DB Account Reader Role 可以读取 Azure Cosmos DB 帐户数据。Can read Azure Cosmos DB account data. 请参阅 Cosmos DB 帐户参与者,了解如何管理 Azure Cosmos DB 帐户。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts.
CosmosBackupOperatorCosmosBackupOperator 可以为帐户提交 Cosmos DB 数据库或容器的还原请求Can submit restore request for a Cosmos DB database or a container for an account
成本管理参与者Cost Management Contributor 可以查看成本和管理成本配置(例如预算、导出)Can view costs and manage cost configuration (e.g. budgets, exports)
成本管理读者Cost Management Reader 可以查看成本数据和配置(例如预算、导出)Can view cost data and configuration (e.g. budgets, exports)
Data Box 参与者Data Box Contributor 可让你管理 Data Box 服务下的所有内容,但不能向其他人授予访问权限。Lets you manage everything under Data Box Service except giving access to others.
Data Box 读者Data Box Reader 可让你管理 Data Box 服务,但不能创建订单或编辑订单详细信息,以及向其他人授予访问权限。Lets you manage Data Box Service except creating order or editing order details and giving access to others.
DNS 区域参与者DNS Zone Contributor 允许管理 Azure DNS 中的 DNS 区域和记录集,但不允许控制对其访问的人员。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.
DocumentDB 帐户参与者DocumentDB Account Contributor 可管理 Azure Cosmos DB 帐户。Can manage Azure Cosmos DB accounts. Azure Cosmos DB 以前称为 DocumentDB。Azure Cosmos DB is formerly known as DocumentDB.
HDInsight 群集操作员HDInsight Cluster Operator 允许你读取和修改 HDInsight 群集配置。Lets you read and modify HDInsight cluster configurations.
HDInsight 域服务参与者HDInsight Domain Services Contributor 可以读取、创建、修改和删除 HDInsight 企业安全性套餐所需的域服务相关操作Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package
Intelligent Systems 帐户参与者Intelligent Systems Account Contributor 允许管理智能系统帐户,但不允许访问这些帐户。Lets you manage Intelligent Systems accounts, but not access to them.
密钥保管库参与者Key Vault Contributor 允许管理密钥保管库,但不允许对其进行访问。Lets you manage key vaults, but not access to them.
实验室创建者Lab Creator 允许在 Azure 实验室帐户下创建、管理、删除托管实验室。Lets you create, manage, delete your managed labs under your Azure Lab Accounts.
Log Analytics 参与者Log Analytics Contributor Log Analytics 参与者可以读取所有监视数据并编辑监视设置。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 编辑监视设置包括向 VM 添加 VM 扩展、读取存储帐户密钥以便能够从 Azure 存储配置日志收集、创建和配置自动化帐户、添加解决方案以及配置所有 Azure 资源上的 Azure 诊断。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.
Log Analytics 读者Log Analytics Reader Log Analytics 读者可以查看和搜索所有监视数据并查看监视设置,其中包括查看所有 Azure 资源上的 Azure 诊断的配置。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.
逻辑应用参与者Logic App Contributor 允许管理逻辑应用,但不允许对其进行访问。Lets you manage logic app, but not access to them.
逻辑应用操作员Logic App Operator 允许读取、启用和禁用逻辑应用。Lets you read, enable and disable logic app.
托管应用程序操作员角色Managed Application Operator Role 可让你在托管应用程序资源上读取和执行操作Lets you read and perform actions on Managed Application resources
托管应用程序读者Managed Applications Reader 允许读取托管应用中的资源并请求 JIT 访问。Lets you read resources in a managed app and request JIT access.
托管的标识参与者Managed Identity Contributor 创建、读取、更新和删除用户分配的标识Create, Read, Update, and Delete User Assigned Identity
托管的标识操作员Managed Identity Operator 读取和分配用户分配的标识Read and Assign User Assigned Identity
管理组参与者Management Group Contributor 管理组参与者角色Management Group Contributor Role
管理组读取者Management Group Reader 管理组读取者角色Management Group Reader Role
监视参与者Monitoring Contributor 可以读取所有监视数据和编辑监视设置。Can read all monitoring data and edit monitoring settings. 另请参阅 Azure Monitor 的角色、权限和安全入门See also Get started with roles, permissions, and security with Azure Monitor.
监视指标发布者Monitoring Metrics Publisher 允许针对 Azure 资源发布指标Enables publishing metrics against Azure resources
监视读取者Monitoring Reader 可以读取所有监视数据(指标、日志等)。Can read all monitoring data (metrics, logs, etc.). 另请参阅 Azure Monitor 的角色、权限和安全入门See also Get started with roles, permissions, and security with Azure Monitor.
网络参与者Network Contributor 允许管理网络,但不允许访问这些网络。Lets you manage networks, but not access to them.
New elic APM 帐户参与者New Relic APM Account Contributor 允许管理 New Relic 应用程序性能管理帐户和应用程序,但不允许访问它们。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.
读取器和数据访问Reader and Data Access 允许查看所有内容,但不允许删除或创建存储帐户或包含的资源。Lets you view everything but will not let you delete or create a storage account or contained resource. 它还允许使用存储帐户密钥对存储帐户中包含的所有数据进行读/写访问。It will also allow read/write access to all data contained in a storage account via access to storage account keys.
Redis 缓存参与者Redis Cache Contributor 允许管理 Redis 缓存,但不允许访问这些缓存。Lets you manage Redis caches, but not access to them.
资源策略参与者(预览)Resource Policy Contributor (Preview) (预览)通过 EA 回填的 用户,具有创建/修改资源策略、创建支持票证和读取资源/层次结构的权限。(Preview) Backfilled users from EA, with rights to create/modify resource policy, create support ticket and read resources/hierarchy.
计划程序作业集合参与者Scheduler Job Collections Contributor 允许管理计划程序作业集合,但不允许访问这些集合。Lets you manage Scheduler job collections, but not access to them.
安全管理员Security Admin 仅在安全中心内:可以查看安全策略、查看安全状态、编辑安全策略、查看警报和建议、关闭警报和建议In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations
安全管理器(旧版)Security Manager (Legacy) 这是旧角色。This is a legacy role. 请改用安全管理员角色Please use Security Administrator instead
安全读取者Security Reader 仅在安全中心内:可以查看建议和警报、查看安全策略、查看安全状态,但不能进行更改In Security Center only: Can view recommendations and alerts, view security policies, view security states, but cannot make changes
Site Recovery 参与者Site Recovery Contributor 允许管理除保管库创建和角色分配外的 Site Recovery 服务Lets you manage Site Recovery service except vault creation and role assignment
Site Recovery 操作员Site Recovery Operator 允许进行故障转移和故障回复,但不允许执行其他 Site Recovery 管理操作Lets you failover and failback but not perform other Site Recovery management operations
Site Recovery 读取者Site Recovery Reader 允许查看 Site Recovery 状态,但不允许执行其他管理操作Lets you view Site Recovery status but not perform other management operations
空间定位点帐户参与者Spatial Anchors Account Contributor 允许管理帐户中的空间定位点,但不能删除它们Lets you manage spatial anchors in your account, but not delete them
空间定位点帐户所有者Spatial Anchors Account Owner 允许管理帐户中的空间定位点,包括删除它们Lets you manage spatial anchors in your account, including deleting them
空间定位点帐户读取者Spatial Anchors Account Reader 允许在帐户中查找和读取空间定位点的属性Lets you locate and read properties of spatial anchors in your account
SQL DB 参与者SQL DB Contributor 允许管理 SQL 数据库,但不允许访问这些数据库。Lets you manage SQL databases, but not access to them. 此外,不允许管理其安全相关的策略或其父 SQL 服务器。Also, you can't manage their security-related policies or their parent SQL servers.
SQL 托管实例参与者SQL Managed Instance Contributor 允许你管理 SQL 托管实例和所需的网络配置,但无法向其他人授予访问权限。Lets you manage SQL Managed Instances and required network configuration, but can’t give access to others.
SQL 安全管理器SQL Security Manager 允许管理 SQL 服务器和数据库的安全相关策略,但不允许访问它们。Lets you manage the security-related policies of SQL servers and databases, but not access to them.
SQL Server 参与者SQL Server Contributor 允许管理 SQL 服务器和数据库,但不允许访问它们及其安全相关的策略。Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.
存储帐户参与者Storage Account Contributor 允许管理存储帐户,但不允许对其进行访问。Lets you manage storage accounts, but not access to them.
存储帐户密钥操作员服务角色Storage Account Key Operator Service Role 允许存储帐户密钥操作员在存储帐户上列出和重新生成密钥Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts
存储 Blob 数据参与者Storage Blob Data Contributor 授予对 Azure 存储 blob 容器和数据的读取、写入和删除权限Allows for read, write and delete access to Azure Storage blob containers and data
存储 Blob 数据所有者Storage Blob Data Owner 授予对 Azure 存储 blob 容器和数据的完全访问权,包括分配 POSIX 访问控制。Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.
存储 Blob 数据读者Storage Blob Data Reader 授予对 Azure 存储 blob 容器和数据的读取权限Allows for read access to Azure Storage blob containers and data
存储队列数据参与者Storage Queue Data Contributor 授予对 Azure 存储队列和队列消息的读取、写入和删除权限Allows for read, write, and delete access to Azure Storage queues and queue messages
存储队列数据消息处理者Storage Queue Data Message Processor 授予对 Azure 存储队列消息的扫视、接收和删除权限Allows for peek, receive, and delete access to Azure Storage queue messages
存储队列数据消息发送者Storage Queue Data Message Sender 允许发送 Azure 存储队列消息Allows for sending of Azure Storage queue messages
存储队列数据读取者Storage Queue Data Reader 授予对 Azure 存储队列和队列消息的读取权限Allows for read access to Azure Storage queues and queue messages
支持请求参与者Support Request Contributor 允许创建和管理支持请求Lets you create and manage Support requests
流量管理器参与者Traffic Manager Contributor 允许管理流量管理器配置文件,但不允许控制谁可以访问它们。Lets you manage Traffic Manager profiles, but does not let you control who has access to them.
用户访问管理员User Access Administrator 允许管理用户对 Azure 资源的访问权限。Lets you manage user access to Azure resources.
虚拟机管理员登录Virtual Machine Administrator Login 在门户中查看虚拟机并以管理员身份登录View Virtual Machines in the portal and login as administrator
虚拟机参与者Virtual Machine Contributor 允许管理虚拟机,但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
虚拟机用户登录Virtual Machine User Login 在门户中查看虚拟机并以普通用户身份登录。View Virtual Machines in the portal and login as a regular user.
Web 计划参与者Web Plan Contributor 允许管理网站的 Web 计划,但不允许访问这些计划。Lets you manage the web plans for websites, but not access to them.
网站参与者Website Contributor 允许管理网站(而非 Web 计划),但不允许访问这些网站。Lets you manage websites (not web plans), but not access to them.

所有者Owner

说明Description 允许管理所有功能,包括对资源的访问权限。Lets you manage everything, including access to resources.
Id Id 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635
操作Actions
* 创建和管理所有类型的资源Create and manage resources of all types
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

参与者Contributor

说明Description 允许管理所有功能(对资源的访问权限除外)。Lets you manage everything except access to resources.
Id Id b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c
操作Actions
* 创建和管理所有类型的资源Create and manage resources of all types
不操作NotActions
Microsoft.Authorization/*/DeleteMicrosoft.Authorization/*/Delete 删除角色和角色分配Delete roles and role assignments
Microsoft.Authorization/*/WriteMicrosoft.Authorization/*/Write 创建角色和角色分配Create roles and role assignments
Microsoft.Authorization/elevateAccess/ActionMicrosoft.Authorization/elevateAccess/Action 向调用方授予租户范围的“用户访问管理员”访问权限Grants the caller User Access Administrator access at the tenant scope
Microsoft.Blueprint/blueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write 创建或更新任何蓝图项目Create or update any blueprint artifacts
Microsoft.Blueprint/blueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete 删除任何蓝图项目Delete any blueprint artifacts
DataActionsDataActions
none
NotDataActionsNotDataActions
none

读取器Reader

说明Description 允许查看所有内容,但不能进行任何更改。Lets you view everything, but not make any changes.
Id Id acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

AcrDeleteAcrDelete

说明Description acr deleteacr delete
Id Id c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11
操作Actions
Microsoft.ContainerRegistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete 删除容器注册表中的项目。Delete artifact in a container registry.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

AcrImageSignerAcrImageSigner

说明Description ACR 映像签名程序acr image signer
Id Id 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f
操作Actions
Microsoft.ContainerRegistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write 推送/拉取容器注册表的内容信任元数据。Push/Pull content trust metadata for a container registry.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

AcrPullAcrPull

说明Description acr 拉取acr pull
Id Id 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d
操作Actions
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read 从容器注册表中拉取或获取映像。Pull or Get images from a container registry.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

AcrPushAcrPush

说明Description acr 推送acr push
Id Id 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec
操作Actions
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read 从容器注册表中拉取或获取映像。Pull or Get images from a container registry.
Microsoft.ContainerRegistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write 将映像推送或写入容器注册表。Push or Write images to a container registry.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

AcrQuarantineReaderAcrQuarantineReader

说明Description ACR 隔离数据读取器acr quarantine data reader
Id Id cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04
操作Actions
Microsoft.ContainerRegistry/registries/quarantineRead/readMicrosoft.ContainerRegistry/registries/quarantineRead/read 从容器注册表中拉取或获取已隔离的映像Pull or Get quarantined images from container registry
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

AcrQuarantineWriterAcrQuarantineWriter

说明Description ACR 隔离数据编写器acr quarantine data writer
Id Id c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608
操作Actions
Microsoft.ContainerRegistry/registries/quarantineRead/readMicrosoft.ContainerRegistry/registries/quarantineRead/read 从容器注册表中拉取或获取已隔离的映像Pull or Get quarantined images from container registry
Microsoft.ContainerRegistry/registries/quarantineWrite/writeMicrosoft.ContainerRegistry/registries/quarantineWrite/write 写入/修改已隔离映像的隔离状态Write/Modify quarantine state of quarantined images
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

API 管理服务参与者API Management Service Contributor

说明Description 可以管理服务和 APICan manage service and the APIs
Id Id 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c
操作Actions
Microsoft.ApiManagement/service/*Microsoft.ApiManagement/service/* 创建和管理 API 管理服务Create and manage API Management service
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

API 管理服务操作员角色API Management Service Operator Role

说明Description 可以管理服务,但不可管理 APICan manage service but not the APIs
Id Id e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61
操作Actions
Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read 读取 API 管理服务实例Read API Management Service instances
Microsoft.ApiManagement/service/backup/actionMicrosoft.ApiManagement/service/backup/action 将 API 管理服务备份到用户提供的存储帐户中的指定容器Backup API Management Service to the specified container in a user provided storage account
Microsoft.ApiManagement/service/deleteMicrosoft.ApiManagement/service/delete 删除 API 管理服务实例Delete API Management Service instance
Microsoft.ApiManagement/service/managedeployments/actionMicrosoft.ApiManagement/service/managedeployments/action 更改 API 管理服务的 SKU/单位,以及添加/删除其区域部署Change SKU/units, add/remove regional deployments of API Management Service
Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read 读取 API 管理服务实例的元数据Read metadata for an API Management Service instance
Microsoft.ApiManagement/service/restore/actionMicrosoft.ApiManagement/service/restore/action 从用户提供的存储帐户中的指定容器还原 API 管理服务Restore API Management Service from the specified container in a user provided storage account
Microsoft.ApiManagement/service/updatecertificate/actionMicrosoft.ApiManagement/service/updatecertificate/action 上传 API 管理服务的 SSL 证书Upload SSL certificate for an API Management Service
Microsoft.ApiManagement/service/updatehostname/actionMicrosoft.ApiManagement/service/updatehostname/action 设置、更新或删除 API 管理服务的自定义域名Setup, update or remove custom domain names for an API Management Service
Microsoft.ApiManagement/service/writeMicrosoft.ApiManagement/service/write 创建 API 管理服务的新实例Create a new instance of API Management Service
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read 获取与用户关联的密钥Get keys associated with user
DataActionsDataActions
none
NotDataActionsNotDataActions
none

API 管理服务读者角色API Management Service Reader Role

说明Description 对服务和 API 的只读访问权限Read-only access to service and APIs
Id Id 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d
操作Actions
Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read 读取 API 管理服务实例Read API Management Service instances
Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read 读取 API 管理服务实例的元数据Read metadata for an API Management Service instance
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read 获取与用户关联的密钥Get keys associated with user
DataActionsDataActions
none
NotDataActionsNotDataActions
none

自动化作业操作员Automation Job Operator

说明Description 使用自动化 Runbook 创建和管理作业。Create and Manage Jobs using Automation Runbooks.
Id Id 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/readMicrosoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read 读取混合 Runbook 辅助角色资源Reads Hybrid Runbook Worker Resources
Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read 获取 Azure 自动化作业Gets an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action 恢复 Azure 自动化作业Resumes an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action 停止 Azure 自动化作业Stops an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read 获取 Azure 自动化作业流Gets an Azure Automation job stream
Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action 暂停 Azure 自动化作业Suspends an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write 创建 Azure 自动化作业Creates an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/output/readMicrosoft.Automation/automationAccounts/jobs/output/read 获取作业的输出Gets the output of a job
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

自动化运算符Automation Operator

说明Description 自动化操作员能够启动、停止、暂停和恢复作业Automation Operators are able to start, stop, suspend, and resume jobs
Id Id d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/readMicrosoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read 读取混合 Runbook 辅助角色资源Reads Hybrid Runbook Worker Resources
Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read 获取 Azure 自动化作业Gets an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action 恢复 Azure 自动化作业Resumes an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action 停止 Azure 自动化作业Stops an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read 获取 Azure 自动化作业流Gets an Azure Automation job stream
Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action 暂停 Azure 自动化作业Suspends an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write 创建 Azure 自动化作业Creates an Azure Automation job
Microsoft.Automation/automationAccounts/jobSchedules/readMicrosoft.Automation/automationAccounts/jobSchedules/read 获取 Azure 自动化作业计划Gets an Azure Automation job schedule
Microsoft.Automation/automationAccounts/jobSchedules/writeMicrosoft.Automation/automationAccounts/jobSchedules/write 创建 Azure 自动化作业计划Creates an Azure Automation job schedule
Microsoft.Automation/automationAccounts/linkedWorkspace/readMicrosoft.Automation/automationAccounts/linkedWorkspace/read 获取链接到自动化帐户的工作区Gets the workspace linked to the automation account
Microsoft.Automation/automationAccounts/readMicrosoft.Automation/automationAccounts/read 获取 Azure 自动化帐户Gets an Azure Automation account
Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read 获取 Azure 自动化 RunbookGets an Azure Automation runbook
Microsoft.Automation/automationAccounts/schedules/readMicrosoft.Automation/automationAccounts/schedules/read 获取 Azure 自动化计划资产Gets an Azure Automation schedule asset
Microsoft.Automation/automationAccounts/schedules/writeMicrosoft.Automation/automationAccounts/schedules/write 创建或更新 Azure 自动化计划资产Creates or updates an Azure Automation schedule asset
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Automation/automationAccounts/jobs/output/readMicrosoft.Automation/automationAccounts/jobs/output/read 获取作业的输出Gets the output of a job
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

自动化 Runbook 操作员Automation Runbook Operator

说明Description 读取 Runbook 属性 - 以能够创建 runbook 的作业。Read Runbook properties - to be able to create Jobs of the runbook.
Id Id 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read 获取 Azure 自动化 RunbookGets an Azure Automation runbook
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Avere 参与者Avere Contributor

说明Description 可以创建和管理 Avere vFXT 群集。Can create and manage an Avere vFXT cluster.
Id Id 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Compute/*/readMicrosoft.Compute/*/read
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/*
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/*
Microsoft.Compute/disks/*Microsoft.Compute/disks/*
Microsoft.Network/*/readMicrosoft.Network/*/read
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/*
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read 获取虚拟网络子网定义Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable.
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 将存储帐户或 SQL 数据库等资源加入到子网。Joins resource such as storage account or SQL database to a subnet. 不可发出警报。Not alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 加入网络安全组。Joins a network security group. 不可发出警报。Not Alertable.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/*/readMicrosoft.Storage/*/read
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/*
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Resources/subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read 获取资源组的资源。Gets the resources for the resource group.
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete 返回删除 blob 的结果Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 返回 blob 或 blob 列表Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write 返回写入 blob 的结果Returns the result of writing a blob
NotDataActionsNotDataActions
none

Avere 操作员Avere Operator

说明Description 由 Avere vFXT 群集用来管理群集Used by the Avere vFXT cluster to manage the cluster
Id Id c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
操作Actions
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read 获取虚拟机的属性Get the properties of a virtual machine
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 获取网络接口定义。Gets a network interface definition.
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write 创建网络接口,或更新现有的网络接口。Creates a network interface or updates an existing network interface.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read 获取虚拟网络子网定义Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 加入网络安全组。Joins a network security group. 不可发出警报。Not Alertable.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete 返回删除容器的结果Returns the result of deleting a container
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 返回容器列表Returns list of containers
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write 返回放置 blob 容器的结果Returns the result of put blob container
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete 返回删除 blob 的结果Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 返回 blob 或 blob 列表Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write 返回写入 blob 的结果Returns the result of writing a blob
NotDataActionsNotDataActions
none

Azure Kubernetes 服务群集管理员角色Azure Kubernetes Service Cluster Admin Role

说明Description 列出群集管理员凭据操作。List cluster admin credential action.
Id Id 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
操作Actions
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action 列出托管群集的 clusterAdmin 凭据List the clusterAdmin credential of a managed cluster
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Azure Kubernetes 服务群集用户角色Azure Kubernetes Service Cluster User Role

说明Description 列出群集用户凭据操作。List cluster user credential action.
Id Id 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f
操作Actions
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action 列出托管群集的 clusterUser 凭据List the clusterUser credential of a managed cluster
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Azure Stack 注册所有者Azure Stack Registration Owner

说明Description 允许管理 Azure Stack 注册。Lets you manage Azure Stack registrations.
Id Id 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a
操作Actions
Microsoft.AzureStack/registrations/products/listDetails/actionMicrosoft.AzureStack/registrations/products/listDetails/action 检索 Azure Stack 市场产品的扩展详细信息Retrieves extended details for an Azure Stack Marketplace product
Microsoft.AzureStack/registrations/products/readMicrosoft.AzureStack/registrations/products/read 获取 Azure Stack 市场产品的属性Gets the properties of an Azure Stack Marketplace product
Microsoft.AzureStack/registrations/readMicrosoft.AzureStack/registrations/read 获取 Azure Stack 注册的属性Gets the properties of an Azure Stack registration
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

备份参与者Backup Contributor

说明Description 允许管理备份服务,但不允许创建保管库以及授予其他人访问权限Lets you manage backup service,but can't create vaults and give access to others
Id Id 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* 管理备份管理操作的结果Manage results of operation on backup management
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* 在恢复服务保管库的备份结构内创建和管理备份容器Create and manage backup containers inside backup fabrics of Recovery Services vault
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action 刷新容器列表Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* 创建和管理备份作业Create and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 导出作业Export Jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobsExport/operationResults/read
Microsoft.RecoveryServices/Vaults/backupManagementMetaData/*Microsoft.RecoveryServices/Vaults/backupManagementMetaData/* 创建和管理与备份管理相关的元数据Create and manage meta data related to backup management
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* 创建和管理备份管理操作的结果Create and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* 创建和管理备份策略Create and manage backup policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* 创建和管理可以备份的项Create and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* 创建和管理已备份的项Create and manage backed up items
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* 创建和管理保存备份项的容器Create and manage containers holding backup items
Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read 返回恢复服务的受保护项和受保护服务器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/*Microsoft.RecoveryServices/Vaults/certificates/* 创建和管理与恢复服务保管库中的备份相关的证书Create and manage certificates related to backup in Recovery Services vault
Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* 创建和管理与保管库相关的扩展信息Create and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* 创建和管理已注册的标识Create and manage registered identities
Microsoft.RecoveryServices/Vaults/usages/*Microsoft.RecoveryServices/Vaults/usages/* 创建和管理恢复服务保管库的使用情况Create and manage usage of Recovery Services vault
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupconfig/*Microsoft.RecoveryServices/Vaults/backupconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action 验证对受保护项的操作Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write “创建保管库”操作创建“vault”类型的 Azure 资源Create Vault operation creates an Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read 返回恢复服务保管库的备份操作状态。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 返回使用保管库注册的所有备份管理服务器。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read 获取所有可保护的容器Get all protectable containers
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action 检查恢复服务保管库的备份状态Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 验证功能Validate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 解决警报。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read 操作返回资源提供程序的操作列表Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 获取给定操作的操作状态Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 列出所有备份保护意向List all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

备份操作员Backup Operator

说明Description 允许管理备份服务,但删除备份、创建保管库以及授予其他人访问权限除外Lets you manage backup services, except removal of backup, vault creation and giving access to others
Id Id 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read 返回操作状态Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read 获取对保护容器执行的操作的结果。Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action 对受保护的项执行备份。Performs Backup for Protected Item.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read 获取对受保护项执行的操作的结果。Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read 返回对受保护项执行的操作的状态。Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 返回受保护项的对象详细信息Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action 预配受保护项的即时项恢复Provision Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read 获取受保护项的恢复点。Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action 还原受保护项的恢复点。Restore Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action 吊销受保护项的即时项恢复Revoke Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write 创建备份受保护项Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read 返回所有已注册的容器Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action 刷新容器列表Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* 创建和管理备份作业Create and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 导出作业Export Jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobsExport/operationResults/read
Microsoft.RecoveryServices/Vaults/backupManagementMetaData/readMicrosoft.RecoveryServices/Vaults/backupManagementMetaData/read
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* 创建和管理备份管理操作的结果Create and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read 获取策略操作的结果。Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 返回所有保护策略Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* 创建和管理可备份的项Create and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read 返回所有受保护项的列表。Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read 返回属于订阅的所有容器Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read 返回恢复服务的受保护项和受保护服务器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write “更新资源证书”操作更新资源/保管库凭据证书。The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read “获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read “获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write “注册服务容器”操作可用于向恢复服务注册容器。The Register Service Container operation can be used to register a container with Recovery Service.
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action 验证对受保护项的操作Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read 返回恢复服务保管库的备份操作状态。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read 获取策略操作的状态。Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write 创建已注册的容器Creates a registered container
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action 在容器内进行工作负载的查询Do inquiry for workloads within a container
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 返回使用保管库注册的所有备份管理服务器。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write 创建备份保护意向Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read 获取备份保护意向Get a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read 获取所有可保护的容器Get all protectable containers
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read 获取容器中的所有项Get all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action 检查恢复服务保管库的备份状态Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 验证功能Validate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 解决警报。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read 操作返回资源提供程序的操作列表Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 获取给定操作的操作状态Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 列出所有备份保护意向List all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

备份读取器Backup Reader

说明Description 可以查看备份服务,但是不能进行更改Can view backup services, but can't make changes
Id Id a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read 返回操作状态Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read 获取对保护容器执行的操作的结果。Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read 获取对受保护项执行的操作的结果。Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read 返回对受保护项执行的操作的状态。Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 返回受保护项的对象详细信息Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read 获取受保护项的恢复点。Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read 返回所有已注册的容器Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read 返回作业操作的结果。Returns the Result of Job Operation.
Microsoft.RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read 返回所有作业对象Returns all Job Objects
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 导出作业Export Jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobsExport/operationResults/read
Microsoft.RecoveryServices/Vaults/backupManagementMetaData/readMicrosoft.RecoveryServices/Vaults/backupManagementMetaData/read
Microsoft.RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read 返回恢复服务保管库的备份操作结果。Returns Backup Operation Result for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read 获取策略操作的结果。Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 返回所有保护策略Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read 返回所有受保护项的列表。Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read 返回属于订阅的所有容器Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read 返回恢复服务的受保护项和受保护服务器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read “获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read “获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read 返回恢复服务保管库的存储配置。Returns Storage Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read 返回恢复服务保管库的配置。Returns Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read 返回恢复服务保管库的备份操作状态。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read 获取策略操作的状态。Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 返回使用保管库注册的所有备份管理服务器。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read 获取备份保护意向Get a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read 获取容器中的所有项Get all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action 检查恢复服务保管库的备份状态Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 解决警报。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read 操作返回资源提供程序的操作列表Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 获取给定操作的操作状态Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 列出所有备份保护意向List all backup Protection Intents
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

计费读者Billing Reader

说明Description 允许对帐单数据进行读取访问Allows read access to billing data
Id Id fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Billing/*/readMicrosoft.Billing/*/read 读取计费信息Read Billing information
Microsoft.Commerce/*/readMicrosoft.Commerce/*/read
Microsoft.Consumption/*/readMicrosoft.Consumption/*/read
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
Microsoft.CostManagement/*/readMicrosoft.CostManagement/*/read
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

CDN 终结点参与者CDN Endpoint Contributor

说明Description 可以管理 CDN 终结点,但不能向其他用户授予访问权限。Can manage CDN endpoints, but can’t grant access to other users.
Id Id 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*Microsoft.Cdn/profiles/endpoints/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

CDN 终结点读者CDN Endpoint Reader

说明Description 可以查看 CDN 终结点,但不能进行更改。Can view CDN endpoints, but can’t make changes.
Id Id 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*/readMicrosoft.Cdn/profiles/endpoints/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

CDN 配置文件参与者CDN Profile Contributor

说明Description 可以管理 CDN 配置文件及其终结点,但不能向其他用户授予访问权限。Can manage CDN profiles and their endpoints, but can’t grant access to other users.
Id Id ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*Microsoft.Cdn/profiles/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

CDN 配置文件读者CDN Profile Reader

说明Description 可以查看 CDN 配置文件及其终结点,但不能进行更改。Can view CDN profiles and their endpoints, but can’t make changes.
Id Id 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*/readMicrosoft.Cdn/profiles/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

经典网络参与者Classic Network Contributor

说明Description 允许管理经典网络,但不允许访问这些网络。Lets you manage classic networks, but not access to them.
Id Id b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.ClassicNetwork/*Microsoft.ClassicNetwork/* 创建和管理经典网络Create and manage classic networks
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

经典存储帐户参与者Classic Storage Account Contributor

说明Description 允许管理经典存储帐户,但不允许对其进行访问。Lets you manage classic storage accounts, but not access to them.
Id Id 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.ClassicStorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* 创建和管理存储帐户Create and manage storage accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

经典存储帐户密钥操作员服务角色Classic Storage Account Key Operator Service Role

说明Description 允许经典存储帐户密钥操作员在经典存储帐户上列出和再生成密钥Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts
Id Id 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d
操作Actions
Microsoft.ClassicStorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action 列出存储帐户的访问密钥。Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action 再生成存储帐户的现有访问密钥。Regenerates the existing access keys for the storage account.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

经典虚拟机参与者Classic Virtual Machine Contributor

说明Description 允许管理经典虚拟机,但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they’re connected to.
Id Id d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.ClassicCompute/domainNames/*Microsoft.ClassicCompute/domainNames/* 创建和管理经典计算域名Create and manage classic compute domain names
Microsoft.ClassicCompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* 创建和管理虚拟机Create and manage virtual machines
Microsoft.ClassicNetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action
Microsoft.ClassicNetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action 链接保留 IPLink a reserved Ip
Microsoft.ClassicNetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read 获取保留 IPGets the reserved Ips
Microsoft.ClassicNetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action 加入虚拟网络。Joins the virtual network.
Microsoft.ClassicNetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read 获取虚拟网络。Get the virtual network.
Microsoft.ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read 返回存储帐户磁盘。Returns the storage account disk.
Microsoft.ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read 返回存储帐户映像。Returns the storage account image. (已弃用。(Deprecated. 请使用“Microsoft.ClassicStorage/storageAccounts/vmImages”)Use 'Microsoft.ClassicStorage/storageAccounts/vmImages')
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action 列出存储帐户的访问密钥。Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read 返回包含给定帐户的存储帐户。Return the storage account with the given account.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

认知服务参与者Cognitive Services Contributor

说明Description 允许创建、读取、更新、删除和管理认知服务的密钥。Lets you create, read, update, delete and manage keys of Cognitive Services.
Id Id 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/*
Microsoft.Features/features/readMicrosoft.Features/features/read 获取订阅的功能。Gets the features of a subscription.
Microsoft.Features/providers/features/readMicrosoft.Features/providers/features/read 获取给定资源提供程序中某个订阅的功能。Gets the feature of a subscription in a given resource provider.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 创建、更新或读取 Analysis Server 的诊断设置Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read 读取日志定义Read log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read 读取指标定义Read metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 添加指标Read metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 获取或列出部署操作。Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 获取订阅操作结果。Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read 获取订阅的列表。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

认知服务数据读者(预览)Cognitive Services Data Reader (Preview)

说明Description 可以读取认知服务数据。Lets you read Cognitive Services data.
Id Id b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotDataActionsNotDataActions
none

认知服务用户Cognitive Services User

说明Description 允许读取和列出认知服务的密钥。Lets you read and list keys of Cognitive Services.
Id Id a97b65f3-24c7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908
操作Actions
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
Microsoft.CognitiveServices/accounts/listkeys/actionMicrosoft.CognitiveServices/accounts/listkeys/action 列出密钥List Keys
Microsoft.Insights/alertRules/readMicrosoft.Insights/alertRules/read 读取经典指标警报Read a classic metric alert
Microsoft.Insights/diagnosticSettings/readMicrosoft.Insights/diagnosticSettings/read 读取资源诊断设置Read a resource diagnostic setting
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read 读取日志定义Read log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read 读取指标定义Read metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 添加指标Read metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 获取或列出部署操作。Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 获取订阅操作结果。Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read 获取订阅的列表。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/*
NotDataActionsNotDataActions
none

Cosmos DB 帐户读者角色Cosmos DB Account Reader Role

说明Description 可以读取 Azure Cosmos DB 帐户数据。Can read Azure Cosmos DB account data. 请参阅 Cosmos DB 帐户参与者,了解如何管理 Azure Cosmos DB 帐户。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts.
Id Id fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配,可以读取授予每个用户的权限Read roles and role assignments, can read permissions given to each user
Microsoft.DocumentDB/*/readMicrosoft.DocumentDB/*/read 读取任何集合Read any collection
Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action 读取数据库帐户只读密钥。Reads the database account readonly keys.
Microsoft.Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read 读取指标定义Read metric definitions
Microsoft.Insights/Metrics/readMicrosoft.Insights/Metrics/read 添加指标Read metrics
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

CosmosBackupOperatorCosmosBackupOperator

说明Description 可以为帐户提交 Cosmos DB 数据库或容器的还原请求Can submit restore request for a Cosmos DB database or a container for an account
Id Id db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb
操作Actions
Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action 提交配置备份的请求Submit a request to configure backup
Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action 提交还原请求Submit a restore request
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

成本管理参与者Cost Management Contributor

说明Description 可以查看成本和管理成本配置(例如预算、导出)Can view costs and manage cost configuration (e.g. budgets, exports)
Id Id 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430
操作Actions
Microsoft.Consumption/*Microsoft.Consumption/*
Microsoft.CostManagement/*Microsoft.CostManagement/*
Microsoft.Billing/billingPeriods/readMicrosoft.Billing/billingPeriods/read 列出可用的计费周期Lists available billing periods
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read 获取订阅的列表。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

成本管理读者Cost Management Reader

说明Description 可以查看成本数据和配置(例如预算、导出)Can view cost data and configuration (e.g. budgets, exports)
Id Id 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3
操作Actions
Microsoft.Consumption/*/readMicrosoft.Consumption/*/read
Microsoft.CostManagement/*/readMicrosoft.CostManagement/*/read
Microsoft.Billing/billingPeriods/readMicrosoft.Billing/billingPeriods/read 列出可用的计费周期Lists available billing periods
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read 获取订阅的列表。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Data Box 参与者Data Box Contributor

说明Description 可让你管理 Data Box 服务下的所有内容,但不能向其他人授予访问权限。Lets you manage everything under Data Box Service except giving access to others.
Id Id add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Databox/*Microsoft.Databox/*
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Data Box 读者Data Box Reader

说明Description 可让你管理 Data Box 服务,但不能创建订单或编辑订单详细信息,以及向其他人授予访问权限。Lets you manage Data Box Service except creating order or editing order details and giving access to others.
Id Id 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Databox/*/readMicrosoft.Databox/*/read
Microsoft.Databox/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action
Microsoft.Databox/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action 列出与订单相关的未加密凭据。Lists the unencrypted credentials related to the order.
Microsoft.Databox/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action 此方法返回可用 SKU 列表。This method returns the list of available skus.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

DNS 区域参与者DNS Zone Contributor

说明Description 允许管理 Azure DNS 中的 DNS 区域和记录集,但不允许控制对其访问的人员。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.
Id Id befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.Network/dnsZones/*Microsoft.Network/dnsZones/* 创建和管理 DNS 区域和记录Create and manage DNS zones and records
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage Support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

DocumentDB 帐户参与者DocumentDB Account Contributor

说明Description 可管理 Azure Cosmos DB 帐户。Can manage Azure Cosmos DB accounts. Azure Cosmos DB 以前称为 DocumentDB。Azure Cosmos DB is formerly known as DocumentDB.
Id Id 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* 创建并管理 Azure Cosmos DB 帐户Create and manage Azure Cosmos DB accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

HDInsight 群集操作员HDInsight Cluster Operator

说明Description 允许你读取和修改 HDInsight 群集配置。Lets you read and modify HDInsight cluster configurations.
Id Id 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a
操作Actions
Microsoft.HDInsight/*/readMicrosoft.HDInsight/*/read
Microsoft.HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action 获取 HDInsight 群集的网关设置Get gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action 更新 HDInsight 群集的网关设置Update gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/configurations/*Microsoft.HDInsight/clusters/configurations/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 获取或列出部署操作。Gets or lists deployment operations.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

HDInsight 域服务参与者HDInsight Domain Services Contributor

说明Description 可以读取、创建、修改和删除 HDInsight 企业安全性套餐所需的域服务相关操作Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package
Id Id 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c
操作Actions
Microsoft.AAD/*/readMicrosoft.AAD/*/read
Microsoft.AAD/domainServices/*/readMicrosoft.AAD/domainServices/*/read
Microsoft.AAD/domainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/*
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Intelligent Systems 帐户参与者Intelligent Systems Account Contributor

说明Description 允许管理智能系统帐户,但不允许访问这些帐户。Lets you manage Intelligent Systems accounts, but not access to them.
Id Id 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.IntelligentSystems/accounts/*Microsoft.IntelligentSystems/accounts/* 创建和管理智能系统帐户Create and manage intelligent systems accounts
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

密钥保管库参与者Key Vault Contributor

说明Description 允许管理密钥保管库,但不允许对其进行访问。Lets you manage key vaults, but not access to them.
Id Id f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.KeyVault/*Microsoft.KeyVault/*
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.KeyVault/locations/deletedVaults/purge/actionMicrosoft.KeyVault/locations/deletedVaults/purge/action 清除软删除的密钥保管库Purge a soft deleted key vault
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Log Analytics 参与者Log Analytics Contributor

说明Description Log Analytics 参与者可以读取所有监视数据并编辑监视设置。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 编辑监视设置包括向 VM 添加 VM 扩展、读取存储帐户密钥以便能够从 Azure 存储配置日志收集、创建和配置自动化帐户、添加解决方案以及配置所有 Azure 资源上的 Azure 诊断。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.
Id Id 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.Automation/automationAccounts/*Microsoft.Automation/automationAccounts/*
Microsoft.ClassicCompute/virtualMachines/extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/*
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action 列出存储帐户的访问密钥。Lists the access keys for the storage accounts.
Microsoft.Compute/virtualMachines/extensions/*Microsoft.Compute/virtualMachines/extensions/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 创建、更新或读取 Analysis Server 的诊断设置Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.OperationalInsights/*Microsoft.OperationalInsights/*
Microsoft.OperationsManagement/*Microsoft.OperationsManagement/*
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Log Analytics 读者Log Analytics Reader

说明Description Log Analytics 读者可以查看和搜索所有监视数据并查看监视设置,其中包括查看所有 Azure 资源上的 Azure 诊断的配置。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.
Id Id 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action 使用新引擎进行搜索。Search using new engine.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action 执行搜索查询Executes a search query
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read 检索工作区的共享密钥。Retrieves the shared keys for the workspace. 这些密钥用于将 Microsoft Operational Insights 代理连接到工作区。These keys are used to connect Microsoft Operational Insights agents to the workspace.
DataActionsDataActions
none
NotDataActionsNotDataActions
none

逻辑应用参与者Logic App Contributor

说明Description 允许管理逻辑应用,但不允许对其进行访问。Lets you manage logic app, but not access to them.
Id Id 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action 列出存储帐户的访问密钥。Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read 返回包含给定帐户的存储帐户。Return the storage account with the given account.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 创建、更新或读取 Analysis Server 的诊断设置Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logdefinitions/*Microsoft.Insights/logdefinitions/* 此权限对于需要通过门户访问活动日志的用户是必需的。This permission is necessary for users who need access to Activity Logs via the portal. 列出活动日志中的日志类别。List log categories in Activity Log.
Microsoft.Insights/metricDefinitions/*Microsoft.Insights/metricDefinitions/* 读取指标定义(资源的可用指标类型的列表)。Read metric definitions (list of available metric types for a resource).
Microsoft.Logic/*Microsoft.Logic/* 管理逻辑应用资源。Manages Logic Apps resources.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 获取订阅操作结果。Get the subscription operation results.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Web/connectionGateways/*Microsoft.Web/connectionGateways/* 创建和管理连接网关。Create and manages a Connection Gateway.
Microsoft.Web/connections/*Microsoft.Web/connections/* 创建和管理连接。Create and manages a Connection.
Microsoft.Web/customApis/*Microsoft.Web/customApis/* 创建和管理自定义 API。Creates and manages a Custom API.
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read 获取应用服务计划的属性Get the properties on an App Service Plan
Microsoft.Web/sites/functions/listSecrets/actionMicrosoft.Web/sites/functions/listSecrets/action 列出机密 Web 应用函数。List Secrets Web Apps Functions.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

逻辑应用运算符Logic App Operator

说明Description 允许读取、启用和禁用逻辑应用。Lets you read, enable and disable logic app.
Id Id 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*/readMicrosoft.Insights/alertRules/*/read 读取 Insights 警报规则Read Insights alert rules
Microsoft.Insights/diagnosticSettings/*/readMicrosoft.Insights/diagnosticSettings/*/read 获取逻辑应用的诊断设置Gets diagnostic settings for Logic Apps
Microsoft.Insights/metricDefinitions/*/readMicrosoft.Insights/metricDefinitions/*/read 获取逻辑应用的可用指标。Gets the available metrics for Logic Apps.
Microsoft.Logic/*/readMicrosoft.Logic/*/read 读取逻辑应用资源。Reads Logic Apps resources.
Microsoft.Logic/workflows/disable/actionMicrosoft.Logic/workflows/disable/action 禁用工作流。Disables the workflow.
Microsoft.Logic/workflows/enable/actionMicrosoft.Logic/workflows/enable/action 启用工作流。Enables the workflow.
Microsoft.Logic/workflows/validate/actionMicrosoft.Logic/workflows/validate/action 验证工作流。Validates the workflow.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 获取或列出部署操作。Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 获取订阅操作结果。Get the subscription operation results.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Web/connectionGateways/*/readMicrosoft.Web/connectionGateways/*/read 读取连接网关。Read Connection Gateways.
Microsoft.Web/connections/*/readMicrosoft.Web/connections/*/read 读取连接。Read Connections.
Microsoft.Web/customApis/*/readMicrosoft.Web/customApis/*/read 读取自定义 API。Read Custom API.
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read 获取应用服务计划的属性Get the properties on an App Service Plan
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

托管应用程序操作员角色Managed Application Operator Role

说明Description 可让你在托管应用程序资源上读取和执行操作Lets you read and perform actions on Managed Application resources
Id Id c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.Solutions/applications/readMicrosoft.Solutions/applications/read 检索应用程序列表。Retrieves a list of applications.
Microsoft.Solutions/*/actionMicrosoft.Solutions/*/action
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

托管应用程序读者Managed Applications Reader

说明Description 允许读取托管应用中的资源并请求 JIT 访问。Lets you read resources in a managed app and request JIT access.
Id Id b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Solutions/jitRequests/*Microsoft.Solutions/jitRequests/*
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

托管的标识参与者Managed Identity Contributor

说明Description 创建、读取、更新和删除用户分配的标识Create, Read, Update, and Delete User Assigned Identity
Id Id e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
操作Actions
Microsoft.ManagedIdentity/userAssignedIdentities/*/readMicrosoft.ManagedIdentity/userAssignedIdentities/*/read
Microsoft.ManagedIdentity/userAssignedIdentities/*/writeMicrosoft.ManagedIdentity/userAssignedIdentities/*/write
Microsoft.ManagedIdentity/userAssignedIdentities/*/deleteMicrosoft.ManagedIdentity/userAssignedIdentities/*/delete
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

托管的标识操作员Managed Identity Operator

说明Description 读取和分配用户分配的标识Read and Assign User Assigned Identity
Id Id f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830
操作Actions
Microsoft.ManagedIdentity/userAssignedIdentities/*/readMicrosoft.ManagedIdentity/userAssignedIdentities/*/read
Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/actionMicrosoft.ManagedIdentity/userAssignedIdentities/*/assign/action
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

管理组参与者Management Group Contributor

说明Description 管理组参与者角色Management Group Contributor Role
Id Id 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
操作Actions
Microsoft.Management/managementGroups/deleteMicrosoft.Management/managementGroups/delete 删除管理组。Delete management group.
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
Microsoft.Management/managementGroups/subscriptions/deleteMicrosoft.Management/managementGroups/subscriptions/delete 从管理组取消关联订阅。De-associates subscription from the management group.
Microsoft.Management/managementGroups/subscriptions/writeMicrosoft.Management/managementGroups/subscriptions/write 将现有订阅与管理组关联。Associates existing subscription with the management group.
Microsoft.Management/managementGroups/writeMicrosoft.Management/managementGroups/write 创建或更新管理组。Create or update a management group.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

管理组读取者Management Group Reader

说明Description 管理组读取者角色Management Group Reader Role
Id Id ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d
操作Actions
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

监视参与者Monitoring Contributor

说明Description 可以读取所有监视数据和编辑监视设置。Can read all monitoring data and edit monitoring settings. 另请参阅 Azure Monitor 的角色、权限和安全入门See also Get started with roles, permissions, and security with Azure Monitor.
Id Id 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.AlertsManagement/alerts/*Microsoft.AlertsManagement/alerts/*
Microsoft.AlertsManagement/alertsSummary/*Microsoft.AlertsManagement/alertsSummary/*
Microsoft.Insights/actiongroups/*Microsoft.Insights/actiongroups/*
Microsoft.Insights/activityLogAlerts/*Microsoft.Insights/activityLogAlerts/*
Microsoft.Insights/AlertRules/*Microsoft.Insights/AlertRules/* 读取/写入/删除警报规则。Read/write/delete alert rules.
Microsoft.Insights/DiagnosticSettings/*Microsoft.Insights/DiagnosticSettings/* 读取/写入/删除诊断设置。Read/write/delete diagnostic settings.
Microsoft.Insights/eventtypes/*Microsoft.Insights/eventtypes/* 列出订阅中的活动日志事件(管理事件)。List Activity Log events (management events) in a subscription. 此权限适用于对活动日志的编程和门户访问。This permission is applicable to both programmatic and portal access to the Activity Log.
Microsoft.Insights/LogDefinitions/*Microsoft.Insights/LogDefinitions/* 此权限对于需要通过门户访问活动日志的用户是必需的。This permission is necessary for users who need access to Activity Logs via the portal. 列出活动日志中的日志类别。List log categories in Activity Log.
Microsoft.Insights/metricalerts/*Microsoft.Insights/metricalerts/*
Microsoft.Insights/MetricDefinitions/*Microsoft.Insights/MetricDefinitions/* 读取指标定义(资源的可用指标类型的列表)。Read metric definitions (list of available metric types for a resource).
Microsoft.Insights/Metrics/*Microsoft.Insights/Metrics/* 读取资源的指标。Read metrics for a resource.
Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action 注册 Microsoft Insights 提供程序Register the Microsoft Insights provider
Microsoft.Insights/scheduledqueryrules/*Microsoft.Insights/scheduledqueryrules/*
Microsoft.OperationalInsights/workspaces/intelligencepacks/*Microsoft.OperationalInsights/workspaces/intelligencepacks/* 读取/写入/删除日志分析解决方案包。Read/write/delete log analytics solution packs.
Microsoft.OperationalInsights/workspaces/savedSearches/*Microsoft.OperationalInsights/workspaces/savedSearches/* 读取/写入/删除日志分析保存的搜索。Read/write/delete log analytics saved searches.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action 执行搜索查询Executes a search query
Microsoft.OperationalInsights/workspaces/sharedKeys/actionMicrosoft.OperationalInsights/workspaces/sharedKeys/action 检索工作区的共享密钥。Retrieves the shared keys for the workspace. 这些密钥用于将 Microsoft Operational Insights 代理连接到工作区。These keys are used to connect Microsoft Operational Insights agents to the workspace.
Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*Microsoft.OperationalInsights/workspaces/storageinsightconfigs/* 读取/写入/删除日志分析存储见解配置。Read/write/delete log analytics storage insight configurations.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.WorkloadMonitor/monitors/*Microsoft.WorkloadMonitor/monitors/*
Microsoft.WorkloadMonitor/notificationSettings/*Microsoft.WorkloadMonitor/notificationSettings/*
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

监视指标发布者Monitoring Metrics Publisher

说明Description 允许针对 Azure 资源发布指标Enables publishing metrics against Azure resources
Id Id 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb
操作Actions
Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action 注册 Microsoft Insights 提供程序Register the Microsoft Insights provider
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
不操作NotActions
none
DataActionsDataActions
Microsoft.Insights/Metrics/WriteMicrosoft.Insights/Metrics/Write 写入指标Write metrics
NotDataActionsNotDataActions
none

监视读取者Monitoring Reader

说明Description 可以读取所有监视数据(指标、日志等)。Can read all monitoring data (metrics, logs, etc.). 另请参阅 Azure Monitor 的角色、权限和安全入门See also Get started with roles, permissions, and security with Azure Monitor.
Id Id 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action 执行搜索查询Executes a search query
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

网络参与者Network Contributor

说明Description 允许管理网络,但不允许访问这些网络。Lets you manage networks, but not access to them.
Id Id 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.Network/*Microsoft.Network/* 创建并管理网络Create and manage networks
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

New elic APM 帐户参与者New Relic APM Account Contributor

说明Description 允许管理 New Relic 应用程序性能管理帐户和应用程序,但不允许访问它们。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.
Id Id 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
NewRelic.APM/accounts/*NewRelic.APM/accounts/*
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

读取器和数据访问Reader and Data Access

说明Description 允许查看所有内容,但不允许删除或创建存储帐户或包含的资源。Lets you view everything but will not let you delete or create a storage account or contained resource. 它还允许使用存储帐户密钥对存储帐户中包含的所有数据进行读/写访问。It will also allow read/write access to all data contained in a storage account via access to storage account keys.
Id Id c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349
操作Actions
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action 返回指定存储帐户的帐户 SAS 令牌。Returns the Account SAS token for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Redis 缓存参与者Redis Cache Contributor

说明Description 允许管理 Redis 缓存,但不允许访问这些缓存。Lets you manage Redis caches, but not access to them.
Id Id e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.Cache/redis/*Microsoft.Cache/redis/* 创建和管理 Redis 缓存Create and manage Redis caches
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

资源策略参与者(预览)Resource Policy Contributor (Preview)

说明Description (预览)通过 EA 回填的 用户,具有创建/修改资源策略、创建支持票证和读取资源/层次结构的权限。(Preview) Backfilled users from EA, with rights to create/modify resource policy, create support ticket and read resources/hierarchy.
Id Id 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.Authorization/policyassignments/*Microsoft.Authorization/policyassignments/* 创建和管理策略分配Create and manage policy assignments
Microsoft.Authorization/policydefinitions/*Microsoft.Authorization/policydefinitions/* 创建和管理策略定义Create and manage policy definitions
Microsoft.Authorization/policysetdefinitions/*Microsoft.Authorization/policysetdefinitions/* 创建和管理策略集Create and manage policy sets
Microsoft.PolicyInsights/*Microsoft.PolicyInsights/*
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

计划程序作业集合参与者Scheduler Job Collections Contributor

说明Description 允许管理计划程序作业集合,但不允许访问这些集合。Lets you manage Scheduler job collections, but not access to them.
Id Id 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Scheduler/jobcollections/*Microsoft.Scheduler/jobcollections/* 创建和管理作业集合Create and manage job collections
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

安全管理员Security Admin

说明Description 仅在安全中心内:可以查看安全策略、查看安全状态、编辑安全策略、查看警报和建议、关闭警报和建议In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations
Id Id fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Authorization/policyAssignments/*Microsoft.Authorization/policyAssignments/* 创建和管理策略分配Create and manage policy assignments
Microsoft.Authorization/policyDefinitions/*Microsoft.Authorization/policyDefinitions/* 创建和管理策略定义Create and manage policy definitions
Microsoft.Authorization/policySetDefinitions/*Microsoft.Authorization/policySetDefinitions/* 创建和管理策略集Create and manage policy sets
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
Microsoft.operationalInsights/workspaces/*/readMicrosoft.operationalInsights/workspaces/*/read 查看日志分析数据View log analytics data
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Security/*Microsoft.Security/*
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

安全管理器(旧版)Security Manager (Legacy)

说明Description 这是旧角色。This is a legacy role. 请改用安全管理员角色Please use Security Administrator instead
Id Id e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.ClassicCompute/*/readMicrosoft.ClassicCompute/*/read 读取经典虚拟机的配置信息Read configuration information classic virtual machines
Microsoft.ClassicCompute/virtualMachines/*/writeMicrosoft.ClassicCompute/virtualMachines/*/write 写入经典虚拟机的配置Write configuration for classic virtual machines
Microsoft.ClassicNetwork/*/readMicrosoft.ClassicNetwork/*/read 读取有关经典网络的配置信息Read configuration information about classic network
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Security/*Microsoft.Security/* 创建和管理安全组件和策略Create and manage security components and policies
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

安全读取者Security Reader

说明Description 仅在安全中心内:可以查看建议和警报、查看安全策略、查看安全状态,但不能进行更改In Security Center only: Can view recommendations and alerts, view security policies, view security states, but cannot make changes
Id Id 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.operationalInsights/workspaces/*/readMicrosoft.operationalInsights/workspaces/*/read 查看日志分析数据View log analytics data
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Security/*/readMicrosoft.Security/*/read 读取安全组件和策略Read security components and policies
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Site Recovery 参与者Site Recovery Contributor

说明Description 允许管理除保管库创建和角色分配外的 Site Recovery 服务Lets you manage Site Recovery service except vault creation and role assignment
Id Id 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/locations/allocateStamp/actionMicrosoft.RecoveryServices/locations/allocateStamp/action AllocateStamp 是服务使用的内部操作AllocateStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write “更新资源证书”操作更新资源/保管库凭据证书。The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* 创建和管理与保管库相关的扩展信息Create and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read
Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* 创建和管理已注册标识Create and manage registered identities
Microsoft.RecoveryServices/vaults/replicationAlertSettings/*Microsoft.RecoveryServices/vaults/replicationAlertSettings/* 创建或更新复制警报设置Create or Update replication alert settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read 读取任何事件Read any Events
Microsoft.RecoveryServices/vaults/replicationFabrics/*Microsoft.RecoveryServices/vaults/replicationFabrics/* 创建和管理复制结构Create and manage replication fabrics
Microsoft.RecoveryServices/vaults/replicationJobs/*Microsoft.RecoveryServices/vaults/replicationJobs/* 创建和管理复制作业Create and manage replication jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/*Microsoft.RecoveryServices/vaults/replicationPolicies/* 创建和管理复制策略Create and manage replication policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/* 创建和管理恢复计划Create and manage recovery plans
Microsoft.RecoveryServices/Vaults/storageConfig/*Microsoft.RecoveryServices/Vaults/storageConfig/* 创建和管理恢复服务保管库的存储配置Create and manage storage configuration of Recovery Services vault
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read “保管库令牌”操作可用于获取保管库级后端操作的保管库令牌。The Vault Token operation can be used to get Vault Token for vault level backend operations.
Microsoft.RecoveryServices/Vaults/monitoringAlerts/*Microsoft.RecoveryServices/Vaults/monitoringAlerts/* 读取恢复服务保管库的警报Read alerts for the Recovery services vault
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Site Recovery 操作员Site Recovery Operator

说明Description 允许进行故障转移和故障回复,但不允许执行其他 Site Recovery 管理操作Lets you failover and failback but not perform other Site Recovery management operations
Id Id 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/locations/allocateStamp/actionMicrosoft.RecoveryServices/locations/allocateStamp/action AllocateStamp 是服务使用的内部操作AllocateStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read “获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read “获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/vaults/replicationAlertSettings/readMicrosoft.RecoveryServices/vaults/replicationAlertSettings/read 读取任何警报设置Read any Alerts Settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read 读取任何事件Read any Events
Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action 检查结构的一致性Checks Consistency of the Fabric
Microsoft.RecoveryServices/vaults/replicationFabrics/readMicrosoft.RecoveryServices/vaults/replicationFabrics/read 读取任何结构Read any Fabrics
Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action 重新关联网关Reassociate Gateway
Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action 续订 Fabric 的证书Renew Certificate for Fabric
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read 读取任何网络Read any Networks
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read 读取任何网络映射Read any Network Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read 读取任何保护容器Read any Protection Containers
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read 读取任何可保护项Read any Protectable Items
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action 应用还原点Apply Recovery Point
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action 故障转移提交Failover Commit
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action 计划内故障转移Planned Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read 读取任何受保护项Read any Protected Items
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read 读取任何复制恢复点Read any Replication Recovery Points
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action 修复复制Repair replication
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action 重新保护受保护的项ReProtect Protected Item
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action 测试故障转移Test Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action 测试故障转移清理Test Failover Cleanup
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action 故障转移Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action 更新移动服务Update Mobility Service
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read 读取任何保护容器映射Read any Protection Container Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read 读取任何恢复服务提供程序Read any Recovery Services Providers
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action 刷新提供程序Refresh Provider
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read 读取任何存储分类Read any Storage Classifications
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read 读取任何存储分类映射Read any Storage Classification Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read 读取任何 vCenterRead any vCenters
Microsoft.RecoveryServices/vaults/replicationJobs/*Microsoft.RecoveryServices/vaults/replicationJobs/* 创建和管理复制作业Create and manage replication jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/readMicrosoft.RecoveryServices/vaults/replicationPolicies/read 读取任何策略Read any Policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action 故障转移提交恢复计划Failover Commit Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action 计划内故障转移恢复计划Planned Failover Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/readMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/read 读取任何恢复计划Read any Recovery Plans
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action 重新保护恢复计划ReProtect Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action 测试故障转移恢复计划Test Failover Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action 测试故障转移清理恢复计划Test Failover Cleanup Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action 故障转移恢复计划Failover Recovery Plan
Microsoft.RecoveryServices/Vaults/monitoringAlerts/*Microsoft.RecoveryServices/Vaults/monitoringAlerts/* 读取恢复服务保管库的警报Read alerts for the Recovery services vault
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read
Microsoft.RecoveryServices/Vaults/storageConfig/readMicrosoft.RecoveryServices/Vaults/storageConfig/read
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read “保管库令牌”操作可用于获取保管库级后端操作的保管库令牌。The Vault Token operation can be used to get Vault Token for vault level backend operations.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Site Recovery 读取者Site Recovery Reader

说明Description 允许查看 Site Recovery 状态,但不允许执行其他管理操作Lets you view Site Recovery status but not perform other management operations
Id Id dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read “获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read “获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/vaults/replicationAlertSettings/readMicrosoft.RecoveryServices/vaults/replicationAlertSettings/read 读取任何警报设置Read any Alerts Settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read 读取任何事件Read any Events
Microsoft.RecoveryServices/vaults/replicationFabrics/readMicrosoft.RecoveryServices/vaults/replicationFabrics/read 读取任何结构Read any Fabrics
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read 读取任何网络Read any Networks
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read 读取任何网络映射Read any Network Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read 读取任何保护容器Read any Protection Containers
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read 读取任何可保护项Read any Protectable Items
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read 读取任何受保护项Read any Protected Items
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read 读取任何复制恢复点Read any Replication Recovery Points
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read 读取任何保护容器映射Read any Protection Container Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read 读取任何恢复服务提供程序Read any Recovery Services Providers
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read 读取任何存储分类Read any Storage Classifications
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read 读取任何存储分类映射Read any Storage Classification Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read 读取任何 vCenterRead any vCenters
Microsoft.RecoveryServices/vaults/replicationJobs/readMicrosoft.RecoveryServices/vaults/replicationJobs/read 读取任何作业Read any Jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/readMicrosoft.RecoveryServices/vaults/replicationPolicies/read 读取任何策略Read any Policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/readMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/read 读取任何恢复计划Read any Recovery Plans
Microsoft.RecoveryServices/Vaults/storageConfig/readMicrosoft.RecoveryServices/Vaults/storageConfig/read
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read “保管库令牌”操作可用于获取保管库级后端操作的保管库令牌。The Vault Token operation can be used to get Vault Token for vault level backend operations.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

空间定位点帐户参与者Spatial Anchors Account Contributor

说明Description 允许管理帐户中的空间定位点,但不能删除它们Lets you manage spatial anchors in your account, but not delete them
Id Id 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action 创建空间定位点Create spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read 发现附近的空间定位点Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read 获取空间定位点的属性Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read 找到空间定位点Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read 提交诊断数据以帮助提高 Azure 空间定位点服务的质量Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write 更新空间定位点属性Update spatial anchors properties
NotDataActionsNotDataActions
none

空间定位点帐户所有者Spatial Anchors Account Owner

说明Description 允许管理帐户中的空间定位点,包括删除它们Lets you manage spatial anchors in your account, including deleting them
Id Id 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action 创建空间定位点Create spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/deleteMicrosoft.MixedReality/SpatialAnchorsAccounts/delete 删除空间定位点Delete spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read 发现附近的空间定位点Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read 获取空间定位点的属性Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read 找到空间定位点Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read 提交诊断数据以帮助提高 Azure 空间定位点服务的质量Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write 更新空间定位点属性Update spatial anchors properties
NotDataActionsNotDataActions
none

空间定位点帐户读者Spatial Anchors Account Reader

说明Description 允许在帐户中查找和读取空间定位点的属性Lets you locate and read properties of spatial anchors in your account
Id Id 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read 发现附近的空间定位点Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read 获取空间定位点的属性Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read 找到空间定位点Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read 提交诊断数据以帮助提高 Azure 空间定位点服务的质量Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
NotDataActionsNotDataActions
none

SQL DB 参与者SQL DB Contributor

说明Description 允许管理 SQL 数据库,但不允许访问这些数据库。Lets you manage SQL databases, but not access to them. 此外,不允许管理其安全相关的策略或其父 SQL 服务器。Also, you can't manage their security-related policies or their parent SQL servers.
Id Id 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/databases/*Microsoft.Sql/servers/databases/* 创建和管理 SQL 数据库Create and manage SQL databases
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read 返回服务器列表,或获取指定服务器的属性。Return the list of servers or gets the properties for the specified server.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 添加指标Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 读取指标定义Read metric definitions
不操作NotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* 编辑审核策略Edit audit policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* 编辑审核设置Edit audit settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 检索数据库 Blob 审核记录Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* 编辑连接策略Edit connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* 编辑数据屏蔽策略Edit data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* 编辑安全警报策略Edit security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* 编辑安全度量值Edit security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
none
NotDataActionsNotDataActions
none

SQL 托管实例参与者SQL Managed Instance Contributor

说明Description 允许你管理 SQL 托管实例和所需的网络配置,但无法向其他人授予访问权限。Lets you manage SQL Managed Instances and required network configuration, but can’t give access to others.
Id Id 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
操作Actions
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Network/networkSecurityGroups/*Microsoft.Network/networkSecurityGroups/*
Microsoft.Network/routeTables/*Microsoft.Network/routeTables/*
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/managedInstances/*Microsoft.Sql/managedInstances/*
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Network/virtualNetworks/subnets/*Microsoft.Network/virtualNetworks/subnets/*
Microsoft.Network/virtualNetworks/*Microsoft.Network/virtualNetworks/*
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 添加指标Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 读取指标定义Read metric definitions
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

SQL 安全管理器SQL Security Manager

说明Description 允许管理 SQL 服务器和数据库的安全相关策略,但不允许访问它们。Lets you manage the security-related policies of SQL servers and databases, but not access to them.
Id Id 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取 Microsoft 授权Read Microsoft authorization
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 将存储帐户或 SQL 数据库等资源加入到子网。Joins resource such as storage account or SQL database to a subnet. 不可发出警报。Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* 创建和管理 SQL 服务器审核策略Create and manage SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* 创建和管理 SQL 服务器审核设置Create and manage SQL server auditing setting
Microsoft.Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read 检索在给定服务器上配置的扩展服务器 blob 审核策略的详细信息Retrieve details of the extended server blob auditing policy configured on a given server
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* 创建和管理 SQL 服务器数据库审核策略Create and manage SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* 创建和管理 SQL 服务器数据库审核设置Create and manage SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 读取审核记录Read audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* 创建和管理 SQL 服务器数据库连接策略Create and manage SQL server database connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* 创建和管理 SQL 服务器数据库数据屏蔽策略Create and manage SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read 检索在给定的数据库上配置的扩展 blob 审核策略的详细信息Retrieve details of the extended blob auditing policy configured on a given database
Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/read 返回数据库的列表,或获取指定数据库的属性。Return the list of databases or gets the properties for the specified database.
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read 获取数据库架构。Get a database schema.
Microsoft.Sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read 获取数据库列。Get a database column.
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read 获取数据库表。Get a database table.
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* 创建和管理 SQL 服务器数据库安全警报策略Create and manage SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* 创建和管理 SQL 服务器数据库安全度量值Create and manage SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/firewallRules/*Microsoft.Sql/servers/firewallRules/*
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read 返回服务器列表,或获取指定服务器的属性。Return the list of servers or gets the properties for the specified server.
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* 创建和管理 SQL 服务器安全警报策略Create and manage SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

SQL Server 参与者SQL Server Contributor

说明Description 允许管理 SQL 服务器和数据库,但不允许访问它们及其安全相关的策略。Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.
Id Id 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/*Microsoft.Sql/servers/* 创建和管理 SQL 服务器Create and manage SQL servers
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 添加指标Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 读取指标定义Read metric definitions
不操作NotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* 编辑 SQL 服务器审核策略Edit SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* 编辑 SQL 服务器审核设置Edit SQL server auditing settings
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* 编辑 SQL 服务器数据库审核策略Edit SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* 编辑 SQL 服务器数据库审核设置Edit SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 读取审核记录Read audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* 编辑 SQL 服务器数据库连接策略Edit SQL server database connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* 编辑 SQL 服务器数据库数据屏蔽策略Edit SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* 编辑 SQL 服务器数据库安全警报策略Edit SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* 编辑 SQL 服务器数据库安全度量值Edit SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/*
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* 编辑 SQL 服务器安全警报策略Edit SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
none
NotDataActionsNotDataActions
none

存储帐户参与者Storage Account Contributor

说明Description 允许管理存储帐户。Permits management of storage accounts. 不提供对存储帐户中的数据的访问。Does not provide access to data in the storage account.
Id Id 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取所有授权Read all authorization
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 管理诊断设置Manage diagnostic settings
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 将存储帐户或 SQL 数据库等资源加入到子网。Joins resource such as storage account or SQL database to a subnet. 不可发出警报。Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* 创建和管理存储帐户Create and manage storage accounts
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

存储帐户密钥操作员服务角色Storage Account Key Operator Service Role

说明Description 允许列出和重新生成存储帐户访问密钥。Permits listing and regenerating storage account access keys.
Id Id 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12
操作Actions
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action 返回指定存储帐户的访问密钥。Return the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action 重新生成指定存储帐户的访问密钥。Regenerate the access keys for the specified storage account.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

存储 Blob 数据参与者Storage Blob Data Contributor

说明Description 读取、写入和删除 Azure 存储容器与 Blob。Read, write, and delete Azure Storage containers and blobs. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
Id Id ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe
操作Actions
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete 删除容器。Delete a container.
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 返回容器或容器列表。Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write 修改容器的元数据或属性。Modify a container's metadata or properties.
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete 删除 Blob。Delete a blob.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 返回 Blob 或 Blob 列表。Return a blob or a list of blobs.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write 写入到 Blob。Write to a blob.
NotDataActionsNotDataActions
none

存储 Blob 数据所有者Storage Blob Data Owner

说明Description 提供对 Azure 存储 blob 容器和数据的完全访问权限,包括分配 POSIX 访问控制。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
Id Id b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b
操作Actions
Microsoft.Storage/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* 对容器的完全权限。Full permissions on containers.
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* 对 Blob 的完全权限。Full permissions on blobs.
NotDataActionsNotDataActions
none

存储 Blob 数据读取者Storage Blob Data Reader

说明Description 读取和列出 Azure 存储容器与 Blob。Read and list Azure Storage containers and blobs. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
Id Id 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1
操作Actions
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 返回容器或容器列表。Return a container or a list of containers.
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 返回 Blob 或 Blob 列表。Return a blob or a list of blobs.
NotDataActionsNotDataActions
none

存储队列数据参与者Storage Queue Data Contributor

说明Description 读取、写入和删除 Azure 存储队列与队列消息。Read, write, and delete Azure Storage queues and queue messages. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
Id Id 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88
操作Actions
Microsoft.Storage/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete 删除队列。Delete a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read 返回队列或队列列表。Return a queue or a list of queues.
Microsoft.Storage/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write 修改队列元数据或属性。Modify queue metadata or properties.
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete 从队列中删除一个或多个消息。Delete one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 扫视或检索队列中的一个或多个消息。Peek or retrieve one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write 向队列添加消息。Add a message to a queue.
NotDataActionsNotDataActions
none

存储队列数据消息处理者Storage Queue Data Message Processor

说明Description 在 Azure 存储队列中扫视、检索和删除消息。Peek, retrieve, and delete a messages from an Azure Storage queue. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
Id Id 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 扫视消息。Peek a message.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action 检索和删除消息。Retrieve and delete a message.
NotDataActionsNotDataActions
none

存储队列数据消息发送者Storage Queue Data Message Sender

说明Description 向 Azure 存储队列添加消息。Add messages to an Azure Storage queue. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
Id Id c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action 向队列添加消息。Add a message to a queue.
NotDataActionsNotDataActions
none

存储队列数据读取者Storage Queue Data Reader

说明Description 读取和列出 Azure 存储队列与队列消息。Read and list Azure Storage queues and queue messages. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
Id Id 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925
操作Actions
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read 返回队列或队列列表。Returns a queue or a list of queues.
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 扫视或检索队列中的一个或多个消息。Peek or retrieve one or more messages from a queue.
NotDataActionsNotDataActions
none

支持请求参与者Support Request Contributor

说明Description 允许创建和管理支持请求Lets you create and manage Support requests
Id Id cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

流量管理器参与者Traffic Manager Contributor

说明Description 允许管理流量管理器配置文件,但不允许控制谁可以访问它们。Lets you manage Traffic Manager profiles, but does not let you control who has access to them.
Id Id a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/*
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

用户访问管理员User Access Administrator

说明Description 允许管理用户对 Azure 资源的访问权限。Lets you manage user access to Azure resources.
Id Id 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all Types, except secrets.
Microsoft.Authorization/*Microsoft.Authorization/* 管理授权Manage authorization
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

虚拟机管理员登录Virtual Machine Administrator Login

说明Description 在门户中查看虚拟机并以管理员身份登录View Virtual Machines in the portal and login as administrator
Id Id 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4
操作Actions
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 获取公共 IP 地址定义。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 获取负载均衡器定义Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 获取网络接口定义。Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
不操作NotActions
none
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action 以普通用户身份登录虚拟机Log in to a virtual machine as a regular user
Microsoft.Compute/virtualMachines/loginAsAdmin/actionMicrosoft.Compute/virtualMachines/loginAsAdmin/action 以 Windows 管理员身份或 Linux 根用户权限登录虚拟机Log in to a virtual machine with Windows administrator or Linux root user privileges
NotDataActionsNotDataActions
none

虚拟机参与者Virtual Machine Contributor

说明Description 允许管理虚拟机,但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
Id Id 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* 创建和管理计算可用性集Create and manage compute availability sets
Microsoft.Compute/locations/*Microsoft.Compute/locations/* 创建和管理计算位置Create and manage compute locations
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* 创建和管理虚拟机Create and manage virtual machines
Microsoft.Compute/virtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* 创建和管理虚拟机规模集Create and manage virtual machine scale sets
Microsoft.DevTestLab/schedules/*Microsoft.DevTestLab/schedules/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action 加入应用程序网关后端地址池。Joins an application gateway backend address pool. 不可发出警报。Not Alertable.
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action 加入负载均衡器后端地址池。Joins a load balancer backend address pool. 不可发出警报。Not Alertable.
Microsoft.Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action 加入负载均衡器入站 NAT 池。Joins a load balancer inbound NAT pool. 不可发出警报。Not alertable.
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action 加入负载均衡器入站 NAT 规则。Joins a load balancer inbound nat rule. 不可发出警报。Not Alertable.
Microsoft.Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action 允许使用负载均衡器的探测。Allows using probes of a load balancer. 例如,使用此权限,VM 规模集的 healthProbe 属性可以引用探测。For example, with this permission healthProbe property of VM scale set can reference the probe. 不可发出警报。Not alertable.
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 获取负载均衡器定义Gets a load balancer definition
Microsoft.Network/locations/*Microsoft.Network/locations/* 创建和管理网络位置Create and manage network locations
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* 创建和管理网络接口Create and manage network interfaces
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 加入网络安全组。Joins a network security group. 不可发出警报。Not Alertable.
Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read 获取网络安全组定义Gets a network security group definition
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action 加入公共 IP 地址。Joins a public ip address. 不可发出警报。Not Alertable.
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 获取公共 IP 地址定义。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable.
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write 创建备份保护意向Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 返回受保护项的对象详细信息Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write 创建备份受保护项Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 返回所有保护策略Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write 创建保护策略Creates Protection Policy
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write “创建保管库”操作创建“vault”类型的 Azure 资源Create Vault operation creates an Azure resource of type 'vault'
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.SqlVirtualMachine/*Microsoft.SqlVirtualMachine/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

虚拟机用户登录Virtual Machine User Login

说明Description 在门户中查看虚拟机并以普通用户身份登录。View Virtual Machines in the portal and login as a regular user.
Id Id fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52
操作Actions
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 获取公共 IP 地址定义。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 获取负载均衡器定义Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 获取网络接口定义。Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
不操作NotActions
none
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action 以普通用户身份登录虚拟机Log in to a virtual machine as a regular user
NotDataActionsNotDataActions
none

Web 计划参与者Web Plan Contributor

说明Description 允许管理网站的 Web 计划,但不允许访问这些计划。Lets you manage the web plans for websites, but not access to them.
Id Id 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Web/serverFarms/*Microsoft.Web/serverFarms/* 创建和管理服务器场Create and manage server farms
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

网站参与者Website Contributor

说明Description 允许管理网站(而非 Web 计划),但不允许访问这些网站。Lets you manage websites (not web plans), but not access to them.
Id Id de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/components/*Microsoft.Insights/components/* 创建和管理 Insights 组件Create and manage Insights components
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Web/certificates/*Microsoft.Web/certificates/* 创建和管理网站证书Create and manage website certificates
Microsoft.Web/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read 获取分配给主机名的站点名称。Get names of sites assigned to hostname.
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read 获取应用服务计划的属性Get the properties on an App Service Plan
Microsoft.Web/sites/*Microsoft.Web/sites/* 创建和管理网站(站点创建还需要对关联的应用服务计划有写入权限)Create and manage websites (site creation also requires write permissions to the associated App Service Plan)
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

后续步骤Next steps