Azure 资源的内置角色Built-in roles for Azure resources

09/24/2019

基于角色的访问控制 (RBAC) 拥有 Azure 资源的多个内置角色，可将其分配给用户、组、服务主体和托管标识。Role-based access control (RBAC) has several built-in roles for Azure resources that you can assign to users, groups, service principals, and managed identities. 角色分配是控制对 Azure 资源的访问的方式。Role assignments are the way you control access to Azure resources. 如果内置角色不能满足组织的特定需求，则可以为 Azure 资源创建你自己的自定义角色。If the built-in roles don't meet the specific needs of your organization, you can create your own custom roles for Azure resources.

本文列出了 Azure 资源的内置角色，这些角色总是在不断发展。This article lists the built-in roles for Azure resources, which are always evolving. 若要获取最新角色，请使用 Get-AzRoleDefinition 或 az role definition list。To get the latest roles, use Get-AzRoleDefinition or az role definition list. 如果你正在寻找 Azure Active Directory 的管理员角色，请参阅 Azure Active Directory 中的管理员角色权限。If you are looking for administrator roles for Azure Active Directory, see Administrator role permissions in Azure Active Directory.

内置角色说明Built-in role descriptions

下表提供了每个内置角色的简短说明。The following table provides a brief description of each built-in role. 单击角色名称，查看每个角色的 Actions、NotActions、DataActions 和 NotDataActions 列表。Click the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. 有关这些操作的含义以及它们如何应用于管理和数据平面的信息，请参阅了解 Azure 资源的角色定义。For information about what these actions mean and how they apply to the management and data planes, see Understand role definitions for Azure resources.

内置角色Built-in role	说明Description
所有者Owner	允许管理所有功能，包括对资源的访问权限。Lets you manage everything, including access to resources.
参与者Contributor	允许管理所有功能（授予对资源的访问权限除外）。Lets you manage everything except granting access to resources.
读者Reader	允许查看所有内容，但不能进行任何更改。Lets you view everything, but not make any changes.
AcrDeleteAcrDelete	acr deleteacr delete
AcrImageSignerAcrImageSigner	ACR 映像签名程序acr image signer
AcrPullAcrPull	acr 拉取acr pull
AcrPushAcrPush	acr 推送acr push
AcrQuarantineReaderAcrQuarantineReader	ACR 隔离数据读取器acr quarantine data reader
AcrQuarantineWriterAcrQuarantineWriter	ACR 隔离数据编写器acr quarantine data writer
API 管理服务参与者API Management Service Contributor	可以管理服务和 APICan manage service and the APIs
API 管理服务操作员角色API Management Service Operator Role	可以管理服务，但不可管理 APICan manage service but not the APIs
API 管理服务读者角色API Management Service Reader Role	对服务和 API 的只读访问权限Read-only access to service and APIs
自动化作业操作员Automation Job Operator	使用自动化 Runbook 创建和管理作业。Create and Manage Jobs using Automation Runbooks.
自动化运算符Automation Operator	自动化操作员能够启动、停止、暂停和恢复作业Automation Operators are able to start, stop, suspend, and resume jobs
自动化 Runbook 操作员Automation Runbook Operator	读取 Runbook 属性 - 以能够创建 runbook 的作业。Read Runbook properties - to be able to create Jobs of the runbook.
Avere 参与者Avere Contributor	可以创建和管理 Avere vFXT 群集。Can create and manage an Avere vFXT cluster.
Avere 操作员Avere Operator	由 Avere vFXT 群集用来管理群集Used by the Avere vFXT cluster to manage the cluster
Azure 事件中心数据所有者Azure Event Hubs Data Owner	允许完全访问 Azure 事件中心资源。Allows for full access to Azure Event Hubs resources.
Azure 事件中心数据接收者Azure Event Hubs Data Receiver	允许接收对 Azure 事件中心资源的访问权限。Allows receive access to Azure Event Hubs resources.
Azure 事件中心数据发送者Azure Event Hubs Data Sender	允许以发送方式访问 Azure 事件中心资源。Allows send access to Azure Event Hubs resources.
Azure Kubernetes 服务群集管理员角色Azure Kubernetes Service Cluster Admin Role	列出群集管理员凭据操作。List cluster admin credential action.
Azure Kubernetes 服务群集用户角色Azure Kubernetes Service Cluster User Role	列出群集用户凭据操作。List cluster user credential action.
Azure Maps 数据读取器（预览）Azure Maps Data Reader (Preview)	授予从 Azure Maps 帐户中读取相关数据的权限。Grants access to read map related data from an Azure maps account.
Azure 服务总线数据所有者Azure Service Bus Data Owner	允许完全访问 Azure 服务总线资源。Allows for full access to Azure Service Bus resources.
Azure 服务总线数据接收者Azure Service Bus Data Receiver	允许对 Azure 服务总线资源进行接收访问。Allows for receive access to Azure Service Bus resources.
Azure 服务总线数据发送者Azure Service Bus Data Sender	允许对 Azure 服务总线资源进行发送访问。Allows for send access to Azure Service Bus resources.
Azure Stack 注册所有者Azure Stack Registration Owner	允许管理 Azure Stack 注册。Lets you manage Azure Stack registrations.
备份参与者Backup Contributor	允许管理备份服务，但不允许创建保管库以及授予其他人访问权限Lets you manage backup service, but can't create vaults and give access to others
备份操作员Backup Operator	允许管理备份服务，但删除备份、创建保管库以及授予其他人访问权限除外Lets you manage backup services, except removal of backup, vault creation and giving access to others
备份读者Backup Reader	可以查看备份服务，但是不能进行更改Can view backup services, but can't make changes
计费读者Billing Reader	允许对帐单数据进行读取访问Allows read access to billing data
CDN 终结点参与者CDN Endpoint Contributor	可以管理 CDN 终结点，但不能向其他用户授予访问权限。Can manage CDN endpoints, but can’t grant access to other users.
CDN 终结点读者CDN Endpoint Reader	可以查看 CDN 终结点，但不能进行更改。Can view CDN endpoints, but can’t make changes.
CDN 配置文件参与者CDN Profile Contributor	可以管理 CDN 配置文件及其终结点，但不能向其他用户授予访问权限。Can manage CDN profiles and their endpoints, but can’t grant access to other users.
CDN 配置文件读者CDN Profile Reader	可以查看 CDN 配置文件及其终结点，但不能进行更改。Can view CDN profiles and their endpoints, but can’t make changes.
经典网络参与者Classic Network Contributor	允许管理经典网络，但不允许访问这些网络。Lets you manage classic networks, but not access to them.
经典存储帐户参与者Classic Storage Account Contributor	允许管理经典存储帐户，但不允许对其进行访问。Lets you manage classic storage accounts, but not access to them.
经典存储帐户密钥操作员服务角色Classic Storage Account Key Operator Service Role	允许经典存储帐户密钥操作员在经典存储帐户上列出和再生成密钥Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts
经典虚拟机参与者Classic Virtual Machine Contributor	允许管理经典虚拟机，但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they’re connected to.
认知服务参与者Cognitive Services Contributor	允许创建、读取、更新、删除和管理认知服务的密钥。Lets you create, read, update, delete and manage keys of Cognitive Services.
认知服务数据读者（预览）Cognitive Services Data Reader (Preview)	可以读取认知服务数据。Lets you read Cognitive Services data.
认知服务用户Cognitive Services User	允许读取和列出认知服务的密钥。Lets you read and list keys of Cognitive Services.
Cosmos DB 帐户读者角色Cosmos DB Account Reader Role	可以读取 Azure Cosmos DB 帐户数据。Can read Azure Cosmos DB account data. 请参阅 Cosmos DB 帐户参与者，了解如何管理 Azure Cosmos DB 帐户。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts.
Cosmos DB 操作员Cosmos DB Operator	可以管理 Azure Cosmos DB 帐户，但不能访问其中的数据。Lets you manage Azure Cosmos DB accounts, but not access data in them. 阻止访问帐户密钥和连接字符串。Prevents access to account keys and connection strings.
CosmosBackupOperatorCosmosBackupOperator	可以为帐户提交 Cosmos DB 数据库或容器的还原请求Can submit restore request for a Cosmos DB database or a container for an account
成本管理参与者Cost Management Contributor	可以查看成本和管理成本配置（例如预算、导出）Can view costs and manage cost configuration (e.g. budgets, exports)
成本管理读者Cost Management Reader	可以查看成本数据和配置（例如预算、导出）Can view cost data and configuration (e.g. budgets, exports)
Data Box 参与者Data Box Contributor	可让你管理 Data Box 服务下的所有内容，但不能向其他人授予访问权限。Lets you manage everything under Data Box Service except giving access to others.
Data Box 读者Data Box Reader	可让你管理 Data Box 服务，但不能创建订单或编辑订单详细信息，以及向其他人授予访问权限。Lets you manage Data Box Service except creating order or editing order details and giving access to others.
数据工厂参与者Data Factory Contributor	创建和管理数据工厂，以及其中的子资源。Create and manage data factories, as well as child resources within them.
DevTest 实验室用户DevTest Labs User	允许连接、启动、重启和关闭 Azure 开发测试实验室中的虚拟机。Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.
DNS 区域参与者DNS Zone Contributor	允许管理 Azure DNS 中的 DNS 区域和记录集，但不允许控制对其访问的人员。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.
DocumentDB 帐户参与者DocumentDB Account Contributor	可管理 Azure Cosmos DB 帐户。Can manage Azure Cosmos DB accounts. Azure Cosmos DB 以前称为 DocumentDB。Azure Cosmos DB is formerly known as DocumentDB.
HDInsight 群集操作员HDInsight Cluster Operator	允许你读取和修改 HDInsight 群集配置。Lets you read and modify HDInsight cluster configurations.
HDInsight 域服务参与者HDInsight Domain Services Contributor	可以读取、创建、修改和删除 HDInsight 企业安全性套餐所需的域服务相关操作Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package
Intelligent Systems 帐户参与者Intelligent Systems Account Contributor	允许管理智能系统帐户，但不允许访问这些帐户。Lets you manage Intelligent Systems accounts, but not access to them.
密钥保管库参与者Key Vault Contributor	允许管理密钥保管库，但不允许对其进行访问。Lets you manage key vaults, but not access to them.
实验室创建者Lab Creator	允许在 Azure 实验室帐户下创建、管理、删除托管实验室。Lets you create, manage, delete your managed labs under your Azure Lab Accounts.
Log Analytics 参与者Log Analytics Contributor	Log Analytics 参与者可以读取所有监视数据并编辑监视设置。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 编辑监视设置包括向 VM 添加 VM 扩展、读取存储帐户密钥以便能够从 Azure 存储配置日志收集、创建和配置自动化帐户、添加解决方案以及配置所有 Azure 资源上的 Azure 诊断。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.
Log Analytics 读者Log Analytics Reader	Log Analytics 读者可以查看和搜索所有监视数据并查看监视设置，其中包括查看所有 Azure 资源上的 Azure 诊断的配置。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.
逻辑应用参与者Logic App Contributor	允许管理逻辑应用，但不允许更改其访问权限。Lets you manage logic apps, but not change access to them.
逻辑应用操作员Logic App Operator	允许读取、启用和禁用逻辑应用，但不允许编辑或更新它们。Lets you read, enable, and disable logic apps, but not edit or update them.
托管应用程序操作员角色Managed Application Operator Role	可让你在托管应用程序资源上读取和执行操作Lets you read and perform actions on Managed Application resources
托管应用程序读者Managed Applications Reader	允许读取托管应用中的资源并请求 JIT 访问。Lets you read resources in a managed app and request JIT access.
托管的标识参与者Managed Identity Contributor	创建、读取、更新和删除用户分配的标识Create, Read, Update, and Delete User Assigned Identity
托管的标识操作员Managed Identity Operator	读取和分配用户分配的标识Read and Assign User Assigned Identity
管理组参与者Management Group Contributor	管理组参与者角色Management Group Contributor Role
管理组读取者Management Group Reader	管理组读取者角色Management Group Reader Role
监视参与者Monitoring Contributor	可以读取所有监视数据和编辑监视设置。Can read all monitoring data and edit monitoring settings. 另请参阅 Azure Monitor 的角色、权限和安全入门。See also Get started with roles, permissions, and security with Azure Monitor.
监视指标发布者Monitoring Metrics Publisher	允许针对 Azure 资源发布指标Enables publishing metrics against Azure resources
监视读取者Monitoring Reader	可以读取所有监视数据（指标、日志等）。Can read all monitoring data (metrics, logs, etc.). 另请参阅 Azure Monitor 的角色、权限和安全入门。See also Get started with roles, permissions, and security with Azure Monitor.
网络参与者Network Contributor	允许管理网络，但不允许访问这些网络。Lets you manage networks, but not access to them.
New elic APM 帐户参与者New Relic APM Account Contributor	允许管理 New Relic 应用程序性能管理帐户和应用程序，但不允许访问它们。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.
读取器和数据访问Reader and Data Access	允许查看所有内容，但不允许删除或创建存储帐户或包含的资源。Lets you view everything but will not let you delete or create a storage account or contained resource. 它还允许使用存储帐户密钥对存储帐户中包含的所有数据进行读/写访问。It will also allow read/write access to all data contained in a storage account via access to storage account keys.
Redis 缓存参与者Redis Cache Contributor	允许管理 Redis 缓存，但不允许访问这些缓存。Lets you manage Redis caches, but not access to them.
资源策略参与者（预览）Resource Policy Contributor (Preview)	（预览）通过 EA 回填的用户，具有创建/修改资源策略、创建支持票证和读取资源/层次结构的权限。(Preview) Backfilled users from EA, with rights to create/modify resource policy, create support ticket and read resources/hierarchy.
计划程序作业集合参与者Scheduler Job Collections Contributor	允许管理计划程序作业集合，但不允许访问这些集合。Lets you manage Scheduler job collections, but not access to them.
搜索服务参与者Search Service Contributor	允许管理搜索服务，但不允许访问这些服务。Lets you manage Search services, but not access to them.
安全管理员Security Admin	仅在安全中心内：可以查看安全策略、查看安全状态、编辑安全策略、查看警报和建议、关闭警报和建议In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations
安全管理器（旧版）Security Manager (Legacy)	这是旧角色。This is a legacy role. 请改用安全管理员角色Please use Security Administrator instead
安全读取者Security Reader	仅在安全中心内：可以查看建议和警报、查看安全策略、查看安全状态，但不能进行更改In Security Center only: Can view recommendations and alerts, view security policies, view security states, but cannot make changes
Site Recovery 参与者Site Recovery Contributor	允许管理除保管库创建和角色分配外的 Site Recovery 服务Lets you manage Site Recovery service except vault creation and role assignment
Site Recovery 操作员Site Recovery Operator	允许进行故障转移和故障回复，但不允许执行其他 Site Recovery 管理操作Lets you failover and failback but not perform other Site Recovery management operations
Site Recovery 读取者Site Recovery Reader	允许查看 Site Recovery 状态，但不允许执行其他管理操作Lets you view Site Recovery status but not perform other management operations
空间定位点帐户参与者Spatial Anchors Account Contributor	允许管理帐户中的空间定位点，但不能删除它们Lets you manage spatial anchors in your account, but not delete them
空间定位点帐户所有者Spatial Anchors Account Owner	允许管理帐户中的空间定位点，包括删除它们Lets you manage spatial anchors in your account, including deleting them
空间定位点帐户读取者Spatial Anchors Account Reader	允许在帐户中查找和读取空间定位点的属性Lets you locate and read properties of spatial anchors in your account
SQL DB 参与者SQL DB Contributor	允许管理 SQL 数据库，但不允许访问这些数据库。Lets you manage SQL databases, but not access to them. 此外，不允许管理其安全相关的策略或其父 SQL 服务器。Also, you can't manage their security-related policies or their parent SQL servers.
SQL 托管实例参与者SQL Managed Instance Contributor	允许你管理 SQL 托管实例和所需的网络配置，但无法向其他人授予访问权限。Lets you manage SQL Managed Instances and required network configuration, but can’t give access to others.
SQL 安全管理器SQL Security Manager	允许管理 SQL 服务器和数据库的安全相关策略，但不允许访问它们。Lets you manage the security-related policies of SQL servers and databases, but not access to them.
SQL Server 参与者SQL Server Contributor	允许管理 SQL 服务器和数据库，但不允许访问它们及其安全相关的策略。Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.
存储帐户参与者Storage Account Contributor	允许管理存储帐户。Permits management of storage accounts. 提供对帐户密钥的访问权限，而帐户密钥可以用来通过共享密钥授权对数据进行访问。Provides access to the account key, which can be used to access data via Shared Key authorization.
存储帐户密钥操作员服务角色Storage Account Key Operator Service Role	允许列出和重新生成存储帐户访问密钥。Permits listing and regenerating storage account access keys.
存储 Blob 数据参与者Storage Blob Data Contributor	读取、写入和删除 Azure 存储容器与 Blob。Read, write, and delete Azure Storage containers and blobs. 若要了解需要对给定的数据执行哪些操作，请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
存储 Blob 数据所有者Storage Blob Data Owner	提供对 Azure 存储 blob 容器和数据的完全访问权限，包括分配 POSIX 访问控制。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 若要了解需要对给定的数据执行哪些操作，请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
存储 Blob 数据读者Storage Blob Data Reader	读取和列出 Azure 存储容器与 Blob。Read and list Azure Storage containers and blobs. 若要了解需要对给定的数据执行哪些操作，请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
存储 Blob 代理Storage Blob Delegator	获取用户委托密钥，该密钥随后可用来为通过 Azure AD 凭据签名的容器或 Blob 创建共享访问签名。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 有关详细信息，请参阅创建用户委托 SAS。For more information, see Create a user delegation SAS.
存储文件数据 SMB 共享参与者Storage File Data SMB Share Contributor	允许通过 SMB 在 Azure 存储文件共享中进行读取、写入和删除访问Allows for read, write, and delete access in Azure Storage file shares over SMB
存储文件数据 SMB 共享的权限提升参与者Storage File Data SMB Share Elevated Contributor	允许通过 SMB 在 Azure 存储文件共享中进行读取、写入、删除和修改 NTFS 权限的访问Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB
存储文件数据 SMB 共享读取者Storage File Data SMB Share Reader	允许通过 SMB 对 Azure 文件共享进行读取访问Allows for read access to Azure File Share over SMB
存储队列数据参与者Storage Queue Data Contributor	读取、写入和删除 Azure 存储队列与队列消息。Read, write, and delete Azure Storage queues and queue messages. 若要了解需要对给定的数据执行哪些操作，请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
存储队列数据消息处理者Storage Queue Data Message Processor	在 Azure 存储队列中扫视、检索和删除消息。Peek, retrieve, and delete a message from an Azure Storage queue. 若要了解需要对给定的数据执行哪些操作，请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
存储队列数据消息发送者Storage Queue Data Message Sender	向 Azure 存储队列添加消息。Add messages to an Azure Storage queue. 若要了解需要对给定的数据执行哪些操作，请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
存储队列数据读取者Storage Queue Data Reader	读取和列出 Azure 存储队列与队列消息。Read and list Azure Storage queues and queue messages. 若要了解需要对给定的数据执行哪些操作，请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
支持请求参与者Support Request Contributor	允许创建和管理支持请求Lets you create and manage Support requests
流量管理器参与者Traffic Manager Contributor	允许管理流量管理器配置文件，但不允许控制谁可以访问它们。Lets you manage Traffic Manager profiles, but does not let you control who has access to them.
用户访问管理员User Access Administrator	允许管理用户对 Azure 资源的访问权限。Lets you manage user access to Azure resources.
虚拟机管理员登录Virtual Machine Administrator Login	在门户中查看虚拟机并以管理员身份登录View Virtual Machines in the portal and login as administrator
虚拟机参与者Virtual Machine Contributor	允许管理虚拟机，但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
虚拟机用户登录Virtual Machine User Login	在门户中查看虚拟机并以普通用户身份登录。View Virtual Machines in the portal and login as a regular user.
Web 计划参与者Web Plan Contributor	允许管理网站的 Web 计划，但不允许访问这些计划。Lets you manage the web plans for websites, but not access to them.
网站参与者Website Contributor	允许管理网站（而非 Web 计划），但不允许访问这些网站。Lets you manage websites (not web plans), but not access to them.

所有者Owner


说明Description	允许管理所有功能，包括对资源的访问权限。Lets you manage everything, including access to resources.
Id Id	8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635
操作Actions
*	创建和管理所有类型的资源Create and manage resources of all types
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

参与者Contributor


说明Description	允许管理所有功能（对资源的访问权限除外）。Lets you manage everything except access to resources.
Id Id	b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c
操作Actions
*	创建和管理所有类型的资源Create and manage resources of all types
不操作NotActions
Microsoft.Authorization//DeleteMicrosoft.Authorization//Delete	删除角色和角色分配Delete roles and role assignments
Microsoft.Authorization//WriteMicrosoft.Authorization//Write	创建角色和角色分配Create roles and role assignments
Microsoft.Authorization/elevateAccess/ActionMicrosoft.Authorization/elevateAccess/Action	向调用方授予租户范围的“用户访问管理员”访问权限Grants the caller User Access Administrator access at the tenant scope
Microsoft.Blueprint/blueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write	创建或更新任何蓝图项目Create or update any blueprint artifacts
Microsoft.Blueprint/blueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete	删除任何蓝图项目Delete any blueprint artifacts
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

读取器Reader


说明Description	允许查看所有内容，但不能进行任何更改。Lets you view everything, but not make any changes.
Id Id	acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7
操作Actions
/read/read	读取除密码外的所有类型的资源。Read resources of all types, except secrets.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

AcrDeleteAcrDelete


说明Description	acr deleteacr delete
Id Id	c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11
操作Actions
Microsoft.ContainerRegistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete	删除容器注册表中的项目。Delete artifact in a container registry.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

AcrImageSignerAcrImageSigner


说明Description	ACR 映像签名程序acr image signer
Id Id	6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f
操作Actions
Microsoft.ContainerRegistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write	推送/拉取容器注册表的内容信任元数据。Push/Pull content trust metadata for a container registry.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

AcrPullAcrPull


说明Description	acr 拉取acr pull
Id Id	7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d
操作Actions
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read	从容器注册表中拉取或获取映像。Pull or Get images from a container registry.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

AcrPushAcrPush


说明Description	acr 推送acr push
Id Id	8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec
操作Actions
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read	从容器注册表中拉取或获取映像。Pull or Get images from a container registry.
Microsoft.ContainerRegistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write	将映像推送或写入容器注册表。Push or Write images to a container registry.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

AcrQuarantineReaderAcrQuarantineReader


说明Description	ACR 隔离数据读取器acr quarantine data reader
Id Id	cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04
操作Actions
Microsoft.ContainerRegistry/registries/quarantineRead/readMicrosoft.ContainerRegistry/registries/quarantineRead/read	从容器注册表中拉取或获取已隔离的映像Pull or Get quarantined images from container registry
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

AcrQuarantineWriterAcrQuarantineWriter


说明Description	ACR 隔离数据编写器acr quarantine data writer
Id Id	c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608
操作Actions
Microsoft.ContainerRegistry/registries/quarantineRead/readMicrosoft.ContainerRegistry/registries/quarantineRead/read	从容器注册表中拉取或获取已隔离的映像Pull or Get quarantined images from container registry
Microsoft.ContainerRegistry/registries/quarantineWrite/writeMicrosoft.ContainerRegistry/registries/quarantineWrite/write	写入/修改已隔离映像的隔离状态Write/Modify quarantine state of quarantined images
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

API 管理服务参与者API Management Service Contributor


说明Description	可以管理服务和 APICan manage service and the APIs
Id Id	312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c
操作Actions
Microsoft.ApiManagement/service/Microsoft.ApiManagement/service/	创建和管理 API 管理服务Create and manage API Management service
Microsoft.Authorization//readMicrosoft.Authorization//read	读取授权Read authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

API 管理服务操作员角色API Management Service Operator Role


说明Description	可以管理服务，但不可管理 APICan manage service but not the APIs
Id Id	e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61
操作Actions
Microsoft.ApiManagement/service//readMicrosoft.ApiManagement/service//read	读取 API 管理服务实例Read API Management Service instances
Microsoft.ApiManagement/service/backup/actionMicrosoft.ApiManagement/service/backup/action	将 API 管理服务备份到用户提供的存储帐户中的指定容器Backup API Management Service to the specified container in a user provided storage account
Microsoft.ApiManagement/service/deleteMicrosoft.ApiManagement/service/delete	删除 API 管理服务实例Delete API Management Service instance
Microsoft.ApiManagement/service/managedeployments/actionMicrosoft.ApiManagement/service/managedeployments/action	更改 API 管理服务的 SKU/单位，以及添加/删除其区域部署Change SKU/units, add/remove regional deployments of API Management Service
Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read	读取 API 管理服务实例的元数据Read metadata for an API Management Service instance
Microsoft.ApiManagement/service/restore/actionMicrosoft.ApiManagement/service/restore/action	从用户提供的存储帐户中的指定容器还原 API 管理服务Restore API Management Service from the specified container in a user provided storage account
Microsoft.ApiManagement/service/updatecertificate/actionMicrosoft.ApiManagement/service/updatecertificate/action	上传 API 管理服务的 SSL 证书Upload SSL certificate for an API Management Service
Microsoft.ApiManagement/service/updatehostname/actionMicrosoft.ApiManagement/service/updatehostname/action	设置、更新或删除 API 管理服务的自定义域名Setup, update or remove custom domain names for an API Management Service
Microsoft.ApiManagement/service/writeMicrosoft.ApiManagement/service/write	创建 API 管理服务的新实例Create a new instance of API Management Service
Microsoft.Authorization//readMicrosoft.Authorization//read	读取授权Read authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read	获取与用户关联的密钥Get keys associated with user
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

API 管理服务读者角色API Management Service Reader Role


说明Description	对服务和 API 的只读访问权限Read-only access to service and APIs
Id Id	71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d
操作Actions
Microsoft.ApiManagement/service//readMicrosoft.ApiManagement/service//read	读取 API 管理服务实例Read API Management Service instances
Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read	读取 API 管理服务实例的元数据Read metadata for an API Management Service instance
Microsoft.Authorization//readMicrosoft.Authorization//read	读取授权Read authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read	获取与用户关联的密钥Get keys associated with user
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

自动化作业操作员Automation Job Operator


说明Description	使用自动化 Runbook 创建和管理作业。Create and Manage Jobs using Automation Runbooks.
Id Id	4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/readMicrosoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read	读取混合 Runbook 辅助角色资源Reads Hybrid Runbook Worker Resources
Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read	获取 Azure 自动化作业Gets an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action	恢复 Azure 自动化作业Resumes an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action	停止 Azure 自动化作业Stops an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read	获取 Azure 自动化作业流Gets an Azure Automation job stream
Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action	暂停 Azure 自动化作业Suspends an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write	创建 Azure 自动化作业Creates an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/output/readMicrosoft.Automation/automationAccounts/jobs/output/read	获取作业的输出Gets the output of a job
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

自动化运算符Automation Operator


说明Description	自动化操作员能够启动、停止、暂停和恢复作业Automation Operators are able to start, stop, suspend, and resume jobs
Id Id	d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/readMicrosoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read	读取混合 Runbook 辅助角色资源Reads Hybrid Runbook Worker Resources
Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read	获取 Azure 自动化作业Gets an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action	恢复 Azure 自动化作业Resumes an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action	停止 Azure 自动化作业Stops an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read	获取 Azure 自动化作业流Gets an Azure Automation job stream
Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action	暂停 Azure 自动化作业Suspends an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write	创建 Azure 自动化作业Creates an Azure Automation job
Microsoft.Automation/automationAccounts/jobSchedules/readMicrosoft.Automation/automationAccounts/jobSchedules/read	获取 Azure 自动化作业计划Gets an Azure Automation job schedule
Microsoft.Automation/automationAccounts/jobSchedules/writeMicrosoft.Automation/automationAccounts/jobSchedules/write	创建 Azure 自动化作业计划Creates an Azure Automation job schedule
Microsoft.Automation/automationAccounts/linkedWorkspace/readMicrosoft.Automation/automationAccounts/linkedWorkspace/read	获取链接到自动化帐户的工作区Gets the workspace linked to the automation account
Microsoft.Automation/automationAccounts/readMicrosoft.Automation/automationAccounts/read	获取 Azure 自动化帐户Gets an Azure Automation account
Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read	获取 Azure 自动化 RunbookGets an Azure Automation runbook
Microsoft.Automation/automationAccounts/schedules/readMicrosoft.Automation/automationAccounts/schedules/read	获取 Azure 自动化计划资产Gets an Azure Automation schedule asset
Microsoft.Automation/automationAccounts/schedules/writeMicrosoft.Automation/automationAccounts/schedules/write	创建或更新 Azure 自动化计划资产Creates or updates an Azure Automation schedule asset
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Automation/automationAccounts/jobs/output/readMicrosoft.Automation/automationAccounts/jobs/output/read	获取作业的输出Gets the output of a job
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

自动化 Runbook 操作员Automation Runbook Operator


说明Description	读取 Runbook 属性 - 以能够创建 runbook 的作业。Read Runbook properties - to be able to create Jobs of the runbook.
Id Id	5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read	获取 Azure 自动化 RunbookGets an Azure Automation runbook
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

Avere 参与者Avere Contributor


说明Description	可以创建和管理 Avere vFXT 群集。Can create and manage an Avere vFXT cluster.
Id Id	4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Compute//readMicrosoft.Compute//read
Microsoft.Compute/availabilitySets/Microsoft.Compute/availabilitySets/
Microsoft.Compute/virtualMachines/Microsoft.Compute/virtualMachines/
Microsoft.Compute/disks/Microsoft.Compute/disks/
Microsoft.Network//readMicrosoft.Network//read
Microsoft.Network/networkInterfaces/Microsoft.Network/networkInterfaces/
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read	获取虚拟网络定义Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read	获取虚拟网络子网定义Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action	加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable.
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action	将存储帐户或 SQL 数据库等资源加入到子网。Joins resource such as storage account or SQL database to a subnet. 不可发出警报。Not alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action	加入网络安全组。Joins a network security group. 不可发出警报。Not Alertable.
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage//readMicrosoft.Storage//read
Microsoft.Storage/storageAccounts/Microsoft.Storage/storageAccounts/
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
Microsoft.Resources/subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read	获取资源组的资源。Gets the resources for the resource group.
不操作NotActions
无none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete	返回删除 blob 的结果Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read	返回 blob 或 blob 列表Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write	返回写入 blob 的结果Returns the result of writing a blob
NotDataActionsNotDataActions
无none

Avere 操作员Avere Operator


说明Description	由 Avere vFXT 群集用来管理群集Used by the Avere vFXT cluster to manage the cluster
Id Id	c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
操作Actions
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read	获取虚拟机的属性Get the properties of a virtual machine
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read	获取网络接口定义。Gets a network interface definition.
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write	创建网络接口，或更新现有的网络接口。Creates a network interface or updates an existing network interface.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read	获取虚拟网络定义Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read	获取虚拟网络子网定义Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action	加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action	加入网络安全组。Joins a network security group. 不可发出警报。Not Alertable.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete	返回删除容器的结果Returns the result of deleting a container
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read	返回容器列表Returns list of containers
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write	返回放置 blob 容器的结果Returns the result of put blob container
不操作NotActions
无none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete	返回删除 blob 的结果Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read	返回 blob 或 blob 列表Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write	返回写入 blob 的结果Returns the result of writing a blob
NotDataActionsNotDataActions
无none

Azure 事件中心数据所有者Azure Event Hubs Data Owner


说明Description	允许完全访问 Azure 事件中心资源。Allows for full access to Azure Event Hubs resources.
Id Id	f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec
操作Actions
Microsoft.EventHub/Microsoft.EventHub/
不操作NotActions
无none
DataActionsDataActions
Microsoft.EventHub/Microsoft.EventHub/
NotDataActionsNotDataActions
无none

Azure 事件中心数据接收者Azure Event Hubs Data Receiver


说明Description	允许接收对 Azure 事件中心资源的访问权限。Allows receive access to Azure Event Hubs resources.
Id Id	a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde
操作Actions
Microsoft.EventHub//eventhubs/consumergroups/readMicrosoft.EventHub//eventhubs/consumergroups/read
不操作NotActions
无none
DataActionsDataActions
Microsoft.EventHub//receive/actionMicrosoft.EventHub//receive/action
NotDataActionsNotDataActions
无none

Azure 事件中心数据发送者Azure Event Hubs Data Sender


说明Description	允许以发送方式访问 Azure 事件中心资源。Allows send access to Azure Event Hubs resources.
Id Id	2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975
操作Actions
Microsoft.EventHub//eventhubs/readMicrosoft.EventHub//eventhubs/read
不操作NotActions
无none
DataActionsDataActions
Microsoft.EventHub//send/actionMicrosoft.EventHub//send/action
NotDataActionsNotDataActions
无none

Azure Kubernetes 服务群集管理员角色Azure Kubernetes Service Cluster Admin Role


说明Description	列出群集管理员凭据操作。List cluster admin credential action.
Id Id	0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
操作Actions
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action	列出托管群集的 clusterAdmin 凭据List the clusterAdmin credential of a managed cluster
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

Azure Kubernetes 服务群集用户角色Azure Kubernetes Service Cluster User Role


说明Description	列出群集用户凭据操作。List cluster user credential action.
Id Id	4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f
操作Actions
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action	列出托管群集的 clusterUser 凭据List the clusterUser credential of a managed cluster
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

Azure Maps 数据读取器(预览版)Azure Maps Data Reader (Preview)


说明Description	授予从 Azure Maps 帐户中读取相关数据的权限。Grants access to read map related data from an Azure maps account.
Id Id	423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa
操作Actions
无none
不操作NotActions
无none
DataActionsDataActions
Microsoft.Maps/accounts/data/readMicrosoft.Maps/accounts/data/read	授予对映射帐户的数据读权限。Grants data read access to a maps account.
NotDataActionsNotDataActions
无none

Azure 服务总线数据所有者Azure Service Bus Data Owner


说明Description	允许完全访问 Azure 服务总线资源。Allows for full access to Azure Service Bus resources.
Id Id	090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419
操作Actions
Microsoft.ServiceBus/Microsoft.ServiceBus/
不操作NotActions
无none
DataActionsDataActions
Microsoft.ServiceBus/Microsoft.ServiceBus/
NotDataActionsNotDataActions
无none

Azure 服务总线数据接收者Azure Service Bus Data Receiver


说明Description	允许对 Azure 服务总线资源进行接收访问。Allows for receive access to Azure Service Bus resources.
Id Id	4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0
操作Actions
Microsoft.ServiceBus//queues/readMicrosoft.ServiceBus//queues/read
Microsoft.ServiceBus//topics/readMicrosoft.ServiceBus//topics/read
Microsoft.ServiceBus//topics/subscriptions/readMicrosoft.ServiceBus//topics/subscriptions/read
不操作NotActions
无none
DataActionsDataActions
Microsoft.ServiceBus//receive/actionMicrosoft.ServiceBus//receive/action
NotDataActionsNotDataActions
无none

Azure 服务总线数据发送者Azure Service Bus Data Sender


说明Description	允许对 Azure 服务总线资源进行发送访问。Allows for send access to Azure Service Bus resources.
Id Id	69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39
操作Actions
Microsoft.ServiceBus//queues/readMicrosoft.ServiceBus//queues/read
Microsoft.ServiceBus//topics/readMicrosoft.ServiceBus//topics/read
Microsoft.ServiceBus//topics/subscriptions/readMicrosoft.ServiceBus//topics/subscriptions/read
不操作NotActions
无none
DataActionsDataActions
Microsoft.ServiceBus//send/actionMicrosoft.ServiceBus//send/action
NotDataActionsNotDataActions
无none

Azure Stack 注册所有者Azure Stack Registration Owner


说明Description	允许管理 Azure Stack 注册。Lets you manage Azure Stack registrations.
Id Id	6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a
操作Actions
Microsoft.AzureStack/registrations/products//actionMicrosoft.AzureStack/registrations/products//action
Microsoft.AzureStack/registrations/products/readMicrosoft.AzureStack/registrations/products/read	获取 Azure Stack 市场产品的属性Gets the properties of an Azure Stack Marketplace product
Microsoft.AzureStack/registrations/readMicrosoft.AzureStack/registrations/read	获取 Azure Stack 注册的属性Gets the properties of an Azure Stack registration
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

备份参与者Backup Contributor


说明Description	允许管理备份服务，但不允许创建保管库以及授予其他人访问权限Lets you manage backup service, but can't create vaults and give access to others
Id Id	5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read	获取虚拟网络定义Get the virtual network definition
Microsoft.RecoveryServices/locations/Microsoft.RecoveryServices/locations/
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/	管理备份管理操作的结果Manage results of operation on backup management
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/	在恢复服务保管库的备份结构内创建和管理备份容器Create and manage backup containers inside backup fabrics of Recovery Services vault
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action	刷新容器列表Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/Microsoft.RecoveryServices/Vaults/backupJobs/	创建和管理备份作业Create and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action	导出作业Export Jobs
Microsoft.RecoveryServices/Vaults/backupManagementMetaData/Microsoft.RecoveryServices/Vaults/backupManagementMetaData/	创建和管理与备份管理相关的元数据Create and manage meta data related to backup management
Microsoft.RecoveryServices/Vaults/backupOperationResults/Microsoft.RecoveryServices/Vaults/backupOperationResults/	创建和管理备份管理操作的结果Create and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/Microsoft.RecoveryServices/Vaults/backupPolicies/	创建和管理备份策略Create and manage backup policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/Microsoft.RecoveryServices/Vaults/backupProtectableItems/	创建和管理可以备份的项Create and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/Microsoft.RecoveryServices/Vaults/backupProtectedItems/	创建和管理已备份的项Create and manage backed up items
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/Microsoft.RecoveryServices/Vaults/backupProtectionContainers/	创建和管理保存备份项的容器Create and manage containers holding backup items
Microsoft.RecoveryServices/Vaults/backupSecurityPIN/Microsoft.RecoveryServices/Vaults/backupSecurityPIN/
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read	返回恢复服务的受保护项和受保护服务器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/Microsoft.RecoveryServices/Vaults/certificates/	创建和管理与恢复服务保管库中的备份相关的证书Create and manage certificates related to backup in Recovery Services vault
Microsoft.RecoveryServices/Vaults/extendedInformation/Microsoft.RecoveryServices/Vaults/extendedInformation/	创建和管理与保管库相关的扩展信息Create and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read	获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/Microsoft.RecoveryServices/Vaults/monitoringConfigurations/
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read	“获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/Microsoft.RecoveryServices/Vaults/registeredIdentities/	创建和管理已注册的标识Create and manage registered identities
Microsoft.RecoveryServices/Vaults/usages/Microsoft.RecoveryServices/Vaults/usages/	创建和管理恢复服务保管库的使用情况Create and manage usage of Recovery Services vault
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read	返回存储帐户的列表，或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/Microsoft.RecoveryServices/Vaults/backupstorageconfig/
Microsoft.RecoveryServices/Vaults/backupconfig/Microsoft.RecoveryServices/Vaults/backupconfig/
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action	验证对受保护项的操作Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write	“创建保管库”操作创建“vault”类型的 Azure 资源Create Vault operation creates an Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read	返回恢复服务保管库的备份操作状态。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read	返回使用保管库注册的所有备份管理服务器。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read	获取所有可保护的容器Get all protectable containers
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action	检查恢复服务保管库的备份状态Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action	验证功能Validate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write	解决警报。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read	操作返回资源提供程序的操作列表Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read	获取给定操作的操作状态Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read	列出所有备份保护意向List all backup Protection Intents
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

备份操作员Backup Operator


说明Description	允许管理备份服务，但删除备份、创建保管库以及授予其他人访问权限除外Lets you manage backup services, except removal of backup, vault creation and giving access to others
Id Id	00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read	获取虚拟网络定义Get the virtual network definition
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read	返回操作状态Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read	获取对保护容器执行的操作的结果。Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action	对受保护的项执行备份。Performs Backup for Protected Item.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read	获取对受保护项执行的操作的结果。Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read	返回对受保护项执行的操作的状态。Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read	返回受保护项的对象详细信息Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action	预配受保护项的即时项恢复Provision Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read	获取受保护项的恢复点。Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action	还原受保护项的恢复点。Restore Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action	吊销受保护项的即时项恢复Revoke Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write	创建备份受保护项Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read	返回所有已注册的容器Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action	刷新容器列表Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/Microsoft.RecoveryServices/Vaults/backupJobs/	创建和管理备份作业Create and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action	导出作业Export Jobs
Microsoft.RecoveryServices/Vaults/backupManagementMetaData/readMicrosoft.RecoveryServices/Vaults/backupManagementMetaData/read
Microsoft.RecoveryServices/Vaults/backupOperationResults/Microsoft.RecoveryServices/Vaults/backupOperationResults/	创建和管理备份管理操作的结果Create and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read	获取策略操作的结果。Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read	返回所有保护策略Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/Microsoft.RecoveryServices/Vaults/backupProtectableItems/	创建和管理可备份的项Create and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read	返回所有受保护项的列表。Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read	返回属于订阅的所有容器Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read	返回恢复服务的受保护项和受保护服务器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write	“更新资源证书”操作更新资源/保管库凭据证书。The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read	“获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write	“获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read	获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/Microsoft.RecoveryServices/Vaults/monitoringConfigurations/
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read	“获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read	“获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read	“获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write	“注册服务容器”操作可用于向恢复服务注册容器。The Register Service Container operation can be used to register a container with Recovery Service.
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read	返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read	返回存储帐户的列表，或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/Microsoft.RecoveryServices/Vaults/backupstorageconfig/
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action	验证对受保护项的操作Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read	返回恢复服务保管库的备份操作状态。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read	获取策略操作的状态。Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write	创建已注册的容器Creates a registered container
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action	在容器内进行工作负载的查询Do inquiry for workloads within a container
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read	返回使用保管库注册的所有备份管理服务器。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write	创建备份保护意向Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read	获取备份保护意向Get a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read	获取所有可保护的容器Get all protectable containers
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read	获取容器中的所有项Get all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action	检查恢复服务保管库的备份状态Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action	验证功能Validate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write	解决警报。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read	操作返回资源提供程序的操作列表Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read	获取给定操作的操作状态Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read	列出所有备份保护意向List all backup Protection Intents
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

备份读取器Backup Reader


说明Description	可以查看备份服务，但是不能进行更改Can view backup services, but can't make changes
Id Id	a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read	GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read	返回操作状态Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read	获取对保护容器执行的操作的结果。Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read	获取对受保护项执行的操作的结果。Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read	返回对受保护项执行的操作的状态。Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read	返回受保护项的对象详细信息Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read	获取受保护项的恢复点。Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read	返回所有已注册的容器Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read	返回作业操作的结果。Returns the Result of Job Operation.
Microsoft.RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read	返回所有作业对象Returns all Job Objects
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action	导出作业Export Jobs
Microsoft.RecoveryServices/Vaults/backupManagementMetaData/readMicrosoft.RecoveryServices/Vaults/backupManagementMetaData/read
Microsoft.RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read	返回恢复服务保管库的备份操作结果。Returns Backup Operation Result for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read	获取策略操作的结果。Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read	返回所有保护策略Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read	返回所有受保护项的列表。Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read	返回属于订阅的所有容器Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read	返回恢复服务的受保护项和受保护服务器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read	“获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read	获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read	“获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read	“获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read	“获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read	返回恢复服务保管库的存储配置。Returns Storage Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read	返回恢复服务保管库的配置。Returns Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read	返回恢复服务保管库的备份操作状态。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read	获取策略操作的状态。Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read	返回使用保管库注册的所有备份管理服务器。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read	获取备份保护意向Get a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read	获取容器中的所有项Get all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action	检查恢复服务保管库的备份状态Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/Microsoft.RecoveryServices/Vaults/monitoringConfigurations/
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write	解决警报。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read	操作返回资源提供程序的操作列表Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read	获取给定操作的操作状态Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read	列出所有备份保护意向List all backup Protection Intents
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read	返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

计费读者Billing Reader


说明Description	允许对帐单数据进行读取访问Allows read access to billing data
Id Id	fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Billing//readMicrosoft.Billing//read	读取计费信息Read Billing information
Microsoft.Commerce//readMicrosoft.Commerce//read
Microsoft.Consumption//readMicrosoft.Consumption//read
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read	列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
Microsoft.CostManagement//readMicrosoft.CostManagement//read
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

BizTalk 参与者BizTalk Contributor


说明Description	允许管理 BizTalk 服务，但不允许访问这些服务。Lets you manage BizTalk services, but not access to them.
Id Id	5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.BizTalkServices/BizTalk/Microsoft.BizTalkServices/BizTalk/	创建和管理 BizTalk 服务Create and manage BizTalk services
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

区块链成员节点访问（预览）Blockchain Member Node Access (Preview)


说明Description	允许访问区块链成员节点Allows for access to Blockchain Member nodes
Id Id	31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24
操作Actions
Microsoft.Blockchain/blockchainMembers/transactionNodes/readMicrosoft.Blockchain/blockchainMembers/transactionNodes/read	获取或列出现有的区块链成员事务节点。Gets or Lists existing Blockchain Member Transaction Node(s).
不操作NotActions
无none
DataActionsDataActions
Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/actionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action	连接到区块链成员事务节点。Connects to a Blockchain Member Transaction Node.
NotDataActionsNotDataActions
无none

CDN 终结点参与者CDN Endpoint Contributor


说明Description	可以管理 CDN 终结点，但不能向其他用户授予访问权限。Can manage CDN endpoints, but can’t grant access to other users.
Id Id	426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/Microsoft.Cdn/operationresults/
Microsoft.Cdn/profiles/endpoints/Microsoft.Cdn/profiles/endpoints/
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

CDN 终结点读者CDN Endpoint Reader


说明Description	可以查看 CDN 终结点，但不能进行更改。Can view CDN endpoints, but can’t make changes.
Id Id	871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/Microsoft.Cdn/operationresults/
Microsoft.Cdn/profiles/endpoints//readMicrosoft.Cdn/profiles/endpoints//read
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

CDN 配置文件参与者CDN Profile Contributor


说明Description	可以管理 CDN 配置文件及其终结点，但不能向其他用户授予访问权限。Can manage CDN profiles and their endpoints, but can’t grant access to other users.
Id Id	ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/Microsoft.Cdn/operationresults/
Microsoft.Cdn/profiles/Microsoft.Cdn/profiles/
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

CDN 配置文件读者CDN Profile Reader


说明Description	可以查看 CDN 配置文件及其终结点，但不能进行更改。Can view CDN profiles and their endpoints, but can’t make changes.
Id Id	8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/Microsoft.Cdn/operationresults/
Microsoft.Cdn/profiles//readMicrosoft.Cdn/profiles//read
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

经典网络参与者Classic Network Contributor


说明Description	允许管理经典网络，但不允许访问这些网络。Lets you manage classic networks, but not access to them.
Id Id	b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取授权Read authorization
Microsoft.ClassicNetwork/Microsoft.ClassicNetwork/	创建和管理经典网络Create and manage classic networks
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

经典存储帐户参与者Classic Storage Account Contributor


说明Description	允许管理经典存储帐户，但不允许对其进行访问。Lets you manage classic storage accounts, but not access to them.
Id Id	86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取授权Read authorization
Microsoft.ClassicStorage/storageAccounts/Microsoft.ClassicStorage/storageAccounts/	创建和管理存储帐户Create and manage storage accounts
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

经典存储帐户密钥操作员服务角色Classic Storage Account Key Operator Service Role


说明Description	允许经典存储帐户密钥操作员在经典存储帐户上列出和再生成密钥Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts
Id Id	985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d
操作Actions
Microsoft.ClassicStorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action	列出存储帐户的访问密钥。Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action	再生成存储帐户的现有访问密钥。Regenerates the existing access keys for the storage account.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

经典虚拟机参与者Classic Virtual Machine Contributor


说明Description	允许管理经典虚拟机，但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they’re connected to.
Id Id	d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取授权Read authorization
Microsoft.ClassicCompute/domainNames/Microsoft.ClassicCompute/domainNames/	创建和管理经典计算域名Create and manage classic compute domain names
Microsoft.ClassicCompute/virtualMachines/Microsoft.ClassicCompute/virtualMachines/	创建和管理虚拟机Create and manage virtual machines
Microsoft.ClassicNetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action
Microsoft.ClassicNetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action	链接保留 IPLink a reserved Ip
Microsoft.ClassicNetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read	获取保留 IPGets the reserved Ips
Microsoft.ClassicNetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action	加入虚拟网络。Joins the virtual network.
Microsoft.ClassicNetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read	获取虚拟网络。Get the virtual network.
Microsoft.ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read	返回存储帐户磁盘。Returns the storage account disk.
Microsoft.ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read	返回存储帐户映像。Returns the storage account image. （已弃用。(Deprecated. 请使用“Microsoft.ClassicStorage/storageAccounts/vmImages”）Use 'Microsoft.ClassicStorage/storageAccounts/vmImages')
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action	列出存储帐户的访问密钥。Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read	返回包含给定帐户的存储帐户。Return the storage account with the given account.
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

认知服务参与者Cognitive Services Contributor


说明Description	允许创建、读取、更新、删除和管理认知服务的密钥。Lets you create, read, update, delete and manage keys of Cognitive Services.
Id Id	25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.CognitiveServices/Microsoft.CognitiveServices/
Microsoft.Features/features/readMicrosoft.Features/features/read	获取订阅的功能。Gets the features of a subscription.
Microsoft.Features/providers/features/readMicrosoft.Features/providers/features/read	获取给定资源提供程序中某个订阅的功能。Gets the feature of a subscription in a given resource provider.
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/diagnosticSettings/Microsoft.Insights/diagnosticSettings/	创建、更新或读取 Analysis Server 的诊断设置Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read	读取日志定义Read log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read	读取指标定义Read metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read	添加指标Read metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read	获取或列出部署操作。Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read	获取订阅操作结果。Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read	获取订阅的列表。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourcegroups/deployments/Microsoft.Resources/subscriptions/resourcegroups/deployments/
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

认知服务数据读者（预览）Cognitive Services Data Reader (Preview)


说明Description	可以读取认知服务数据。Lets you read Cognitive Services data.
Id Id	b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c
操作Actions
无none
不操作NotActions
无none
DataActionsDataActions
Microsoft.CognitiveServices//readMicrosoft.CognitiveServices//read
NotDataActionsNotDataActions
无none

认知服务用户Cognitive Services User


说明Description	允许读取和列出认知服务的密钥。Lets you read and list keys of Cognitive Services.
Id Id	a97b65f3-24c7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908
操作Actions
Microsoft.CognitiveServices//readMicrosoft.CognitiveServices//read
Microsoft.CognitiveServices/accounts/listkeys/actionMicrosoft.CognitiveServices/accounts/listkeys/action	列出密钥List Keys
Microsoft.Insights/alertRules/readMicrosoft.Insights/alertRules/read	读取经典指标警报Read a classic metric alert
Microsoft.Insights/diagnosticSettings/readMicrosoft.Insights/diagnosticSettings/read	读取资源诊断设置Read a resource diagnostic setting
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read	读取日志定义Read log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read	读取指标定义Read metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read	添加指标Read metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read	获取或列出部署操作。Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read	获取订阅操作结果。Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read	获取订阅的列表。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
Microsoft.CognitiveServices/Microsoft.CognitiveServices/
NotDataActionsNotDataActions
无none

Cosmos DB 帐户读者角色Cosmos DB Account Reader Role


说明Description	可以读取 Azure Cosmos DB 帐户数据。Can read Azure Cosmos DB account data. 请参阅 Cosmos DB 帐户参与者，了解如何管理 Azure Cosmos DB 帐户。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts.
Id Id	fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配，可以读取授予每个用户的权限Read roles and role assignments, can read permissions given to each user
Microsoft.DocumentDB//readMicrosoft.DocumentDB//read	读取任何集合Read any collection
Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action	读取数据库帐户只读密钥。Reads the database account readonly keys.
Microsoft.Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read	读取指标定义Read metric definitions
Microsoft.Insights/Metrics/readMicrosoft.Insights/Metrics/read	添加指标Read metrics
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

Cosmos DB 操作员Cosmos DB Operator


说明Description	可以管理 Azure Cosmos DB 帐户，但不能访问其中的数据。Lets you manage Azure Cosmos DB accounts, but not access data in them. 阻止访问帐户密钥和连接字符串。Prevents access to account keys and connection strings.
Id Id	230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa
操作Actions
Microsoft.DocumentDb/databaseAccounts/Microsoft.DocumentDb/databaseAccounts/
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/Microsoft.DocumentDB/databaseAccounts/readonlyKeys/
Microsoft.DocumentDB/databaseAccounts/regenerateKey/Microsoft.DocumentDB/databaseAccounts/regenerateKey/
Microsoft.DocumentDB/databaseAccounts/listKeys/Microsoft.DocumentDB/databaseAccounts/listKeys/
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

CosmosBackupOperatorCosmosBackupOperator


说明Description	可以为帐户提交 Cosmos DB 数据库或容器的还原请求Can submit restore request for a Cosmos DB database or a container for an account
Id Id	db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb
操作Actions
Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action	提交配置备份的请求Submit a request to configure backup
Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action	提交还原请求Submit a restore request
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

成本管理参与者Cost Management Contributor


说明Description	可以查看成本和管理成本配置（例如预算、导出）Can view costs and manage cost configuration (e.g. budgets, exports)
Id Id	434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430
操作Actions
Microsoft.Consumption/Microsoft.Consumption/
Microsoft.CostManagement/Microsoft.CostManagement/
Microsoft.Billing/billingPeriods/readMicrosoft.Billing/billingPeriods/read
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read	获取订阅的列表。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
Microsoft.Advisor/configurations/readMicrosoft.Advisor/configurations/read	获取配置Get configurations
Microsoft.Advisor/recommendations/readMicrosoft.Advisor/recommendations/read	读取建议Reads recommendations
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read	列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

成本管理读者Cost Management Reader


说明Description	可以查看成本数据和配置（例如预算、导出）Can view cost data and configuration (e.g. budgets, exports)
Id Id	72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3
操作Actions
Microsoft.Consumption//readMicrosoft.Consumption//read
Microsoft.CostManagement//readMicrosoft.CostManagement//read
Microsoft.Billing/billingPeriods/readMicrosoft.Billing/billingPeriods/read
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read	获取订阅的列表。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
Microsoft.Advisor/configurations/readMicrosoft.Advisor/configurations/read	获取配置Get configurations
Microsoft.Advisor/recommendations/readMicrosoft.Advisor/recommendations/read	读取建议Reads recommendations
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read	列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

Data Box 参与者Data Box Contributor


说明Description	可让你管理 Data Box 服务下的所有内容，但不能向其他人授予访问权限。Lets you manage everything under Data Box Service except giving access to others.
Id Id	add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
Microsoft.Databox/Microsoft.Databox/
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

Data Box 读者Data Box Reader


说明Description	可让你管理 Data Box 服务，但不能创建订单或编辑订单详细信息，以及向其他人授予访问权限。Lets you manage Data Box Service except creating order or editing order details and giving access to others.
Id Id	028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Databox//readMicrosoft.Databox//read
Microsoft.Databox/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action
Microsoft.Databox/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action	列出与订单相关的未加密凭据。Lists the unencrypted credentials related to the order.
Microsoft.Databox/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action	此方法返回可用 SKU 列表。This method returns the list of available skus.
Microsoft.Databox/locations/validateAddress/actionMicrosoft.Databox/locations/validateAddress/action	验证送货地址，并提供备用地址（如有）。Validates the shipping address and provides alternate addresses if any.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

数据工厂参与者Data Factory Contributor


说明Description	创建和管理数据工厂，以及其中的子资源。Create and manage data factories, as well as child resources within them.
Id Id	673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role Assignments
Microsoft.DataFactory/dataFactories/Microsoft.DataFactory/dataFactories/	创建和管理数据工厂，以及它们包含的子资源。Create and manage data factories, and child resources within them.
Microsoft.DataFactory/factories/Microsoft.DataFactory/factories/	创建和管理数据工厂，以及它们包含的子资源。Create and manage data factories, and child resources within them.
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

DevTest 实验室用户DevTest Labs User


说明Description	允许连接、启动、重启和关闭 Azure 开发测试实验室中的虚拟机。Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.
Id Id	76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role Assignments
Microsoft.Compute/availabilitySets/readMicrosoft.Compute/availabilitySets/read	获取可用性集的属性Get the properties of an availability set
Microsoft.Compute/virtualMachines//readMicrosoft.Compute/virtualMachines//read	读取虚拟机属性（VM 大小、运行时状态、VM 扩展等）Read the properties of a virtual machine (VM sizes, runtime status, VM extensions, etc.)
Microsoft.Compute/virtualMachines/deallocate/actionMicrosoft.Compute/virtualMachines/deallocate/action	关闭虚拟机并释放计算资源Powers off the virtual machine and releases the compute resources
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read	获取虚拟机的属性Get the properties of a virtual machine
Microsoft.Compute/virtualMachines/restart/actionMicrosoft.Compute/virtualMachines/restart/action	重新启动虚拟机Restarts the virtual machine
Microsoft.Compute/virtualMachines/start/actionMicrosoft.Compute/virtualMachines/start/action	启动虚拟机Starts the virtual machine
Microsoft.DevTestLab//readMicrosoft.DevTestLab//read	读取实验室属性Read the properties of a lab
Microsoft.DevTestLab/labs/claimAnyVm/actionMicrosoft.DevTestLab/labs/claimAnyVm/action	在实验室中声明随机可声明的虚拟机。Claim a random claimable virtual machine in the lab.
Microsoft.DevTestLab/labs/createEnvironment/actionMicrosoft.DevTestLab/labs/createEnvironment/action	在实验室中创建虚拟机。Create virtual machines in a lab.
Microsoft.DevTestLab/labs/ensureCurrentUserProfile/actionMicrosoft.DevTestLab/labs/ensureCurrentUserProfile/action	确保当前用户在实验室中存在有效的配置文件。Ensure the current user has a valid profile in the lab.
Microsoft.DevTestLab/labs/formulas/deleteMicrosoft.DevTestLab/labs/formulas/delete	删除公式。Delete formulas.
Microsoft.DevTestLab/labs/formulas/readMicrosoft.DevTestLab/labs/formulas/read	读取公式。Read formulas.
Microsoft.DevTestLab/labs/formulas/writeMicrosoft.DevTestLab/labs/formulas/write	添加或修改公式。Add or modify formulas.
Microsoft.DevTestLab/labs/policySets/evaluatePolicies/actionMicrosoft.DevTestLab/labs/policySets/evaluatePolicies/action	评估实验室策略。Evaluates lab policy.
Microsoft.DevTestLab/labs/virtualMachines/claim/actionMicrosoft.DevTestLab/labs/virtualMachines/claim/action	获得现有虚拟机的所有权Take ownership of an existing virtual machine
Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/actionMicrosoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action	列出适用的启动/停止计划（如果有）。Lists the applicable start/stop schedules, if any.
Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/actionMicrosoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action	获取一个字符串，该字符串表示虚拟机的 RDP 文件内容Gets a string that represents the contents of the RDP file for the virtual machine
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action	加入负载均衡器后端地址池。Joins a load balancer backend address pool. 不可发出警报。Not Alertable.
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action	加入负载均衡器入站 NAT 规则。Joins a load balancer inbound nat rule. 不可发出警报。Not Alertable.
Microsoft.Network/networkInterfaces//readMicrosoft.Network/networkInterfaces//read	读取网络接口（例如，此网络接口所属的所有负载均衡器）的属性Read the properties of a network interface (for example, all the load balancers that the network interface is a part of)
Microsoft.Network/networkInterfaces/join/actionMicrosoft.Network/networkInterfaces/join/action	将虚拟机加入到网络接口。Joins a Virtual Machine to a network interface. 不可发出警报。Not Alertable.
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read	获取网络接口定义。Gets a network interface definition.
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write	创建网络接口，或更新现有的网络接口。Creates a network interface or updates an existing network interface.
Microsoft.Network/publicIPAddresses//readMicrosoft.Network/publicIPAddresses//read	读取公共 IP 地址的属性Read the properties of a public IP address
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action	加入公共 IP 地址。Joins a public ip address. 不可发出警报。Not Alertable.
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read	获取公共 IP 地址定义。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action	加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read	获取或列出部署操作。Gets or lists deployment operations.
Microsoft.Resources/deployments/readMicrosoft.Resources/deployments/read	获取或列出部署。Gets or lists deployments.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action	返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
不操作NotActions
Microsoft.Compute/virtualMachines/vmSizes/readMicrosoft.Compute/virtualMachines/vmSizes/read	列出可将虚拟机更新到的大小Lists available sizes the virtual machine can be updated to
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

DNS 区域参与者DNS Zone Contributor


说明Description	允许管理 Azure DNS 中的 DNS 区域和记录集，但不允许控制对其访问的人员。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.
Id Id	befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.Network/dnsZones/Microsoft.Network/dnsZones/	创建和管理 DNS 区域和记录Create and manage DNS zones and records
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage Support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

DocumentDB 帐户参与者DocumentDB Account Contributor


说明Description	可管理 Azure Cosmos DB 帐户。Can manage Azure Cosmos DB accounts. Azure Cosmos DB 以前称为 DocumentDB。Azure Cosmos DB is formerly known as DocumentDB.
Id Id	5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role Assignments
Microsoft.DocumentDb/databaseAccounts/Microsoft.DocumentDb/databaseAccounts/	创建并管理 Azure Cosmos DB 帐户Create and manage Azure Cosmos DB accounts
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

HDInsight 群集操作员HDInsight Cluster Operator


说明Description	允许你读取和修改 HDInsight 群集配置。Lets you read and modify HDInsight cluster configurations.
Id Id	61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a
操作Actions
Microsoft.HDInsight//readMicrosoft.HDInsight//read
Microsoft.HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action	获取 HDInsight 群集的网关设置Get gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action	更新 HDInsight 群集的网关设置Update gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/configurations/Microsoft.HDInsight/clusters/configurations/
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read	获取或列出部署操作。Gets or lists deployment operations.
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

HDInsight 域服务参与者HDInsight Domain Services Contributor


说明Description	可以读取、创建、修改和删除 HDInsight 企业安全性套餐所需的域服务相关操作Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package
Id Id	8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c
操作Actions
Microsoft.AAD//readMicrosoft.AAD//read
Microsoft.AAD/domainServices//readMicrosoft.AAD/domainServices//read
Microsoft.AAD/domainServices/oucontainer/Microsoft.AAD/domainServices/oucontainer/
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

Intelligent Systems 帐户参与者Intelligent Systems Account Contributor


说明Description	允许管理智能系统帐户，但不允许访问这些帐户。Lets you manage Intelligent Systems accounts, but not access to them.
Id Id	03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.IntelligentSystems/accounts/Microsoft.IntelligentSystems/accounts/	创建和管理智能系统帐户Create and manage intelligent systems accounts
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

密钥保管库参与者Key Vault Contributor


说明Description	允许管理密钥保管库，但不允许对其进行访问。Lets you manage key vaults, but not access to them.
Id Id	f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.KeyVault/Microsoft.KeyVault/
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.KeyVault/locations/deletedVaults/purge/actionMicrosoft.KeyVault/locations/deletedVaults/purge/action	清除软删除的密钥保管库Purge a soft deleted key vault
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

实验室创建者Lab Creator


说明Description	允许在 Azure 实验室帐户下创建、管理、删除托管实验室。Lets you create, manage, delete your managed labs under your Azure Lab Accounts.
Id Id	b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.LabServices/labAccounts//readMicrosoft.LabServices/labAccounts//read
Microsoft.LabServices/labAccounts/createLab/actionMicrosoft.LabServices/labAccounts/createLab/action	在实验室帐户中创建实验室。Create a lab in a lab account.
Microsoft.LabServices/labAccounts/sizes/getRegionalAvailability/actionMicrosoft.LabServices/labAccounts/sizes/getRegionalAvailability/action
Microsoft.LabServices/labAccounts/getRegionalAvailability/actionMicrosoft.LabServices/labAccounts/getRegionalAvailability/action	获取实验室帐户下配置的每个大小类别的区域可用性信息Get regional availability information for each size category configured under a lab account
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

Log Analytics 参与者Log Analytics Contributor


说明Description	Log Analytics 参与者可以读取所有监视数据并编辑监视设置。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 编辑监视设置包括向 VM 添加 VM 扩展、读取存储帐户密钥以便能够从 Azure 存储配置日志收集、创建和配置自动化帐户、添加解决方案以及配置所有 Azure 资源上的 Azure 诊断。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.
Id Id	92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293
操作Actions
/read/read	读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.Automation/automationAccounts/Microsoft.Automation/automationAccounts/
Microsoft.ClassicCompute/virtualMachines/extensions/Microsoft.ClassicCompute/virtualMachines/extensions/
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action	列出存储帐户的访问密钥。Lists the access keys for the storage accounts.
Microsoft.Compute/virtualMachines/extensions/Microsoft.Compute/virtualMachines/extensions/
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/diagnosticSettings/Microsoft.Insights/diagnosticSettings/	创建、更新或读取 Analysis Server 的诊断设置Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.OperationalInsights/Microsoft.OperationalInsights/
Microsoft.OperationsManagement/Microsoft.OperationsManagement/
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourcegroups/deployments/Microsoft.Resources/subscriptions/resourcegroups/deployments/
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action	返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

Log Analytics 读者Log Analytics Reader


说明Description	Log Analytics 读者可以查看和搜索所有监视数据并查看监视设置，其中包括查看所有 Azure 资源上的 Azure 诊断的配置。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.
Id Id	73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893
操作Actions
/read/read	读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action	使用新引擎进行搜索。Search using new engine.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action	执行搜索查询Executes a search query
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read	检索工作区的共享密钥。Retrieves the shared keys for the workspace. 这些密钥用于将 Microsoft Operational Insights 代理连接到工作区。These keys are used to connect Microsoft Operational Insights agents to the workspace.
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

逻辑应用参与者Logic App Contributor


说明Description	允许管理逻辑应用，但不允许更改其访问权限。Lets you manage logic apps, but not change access to them.
Id Id	87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action	列出存储帐户的访问密钥。Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read	返回包含给定帐户的存储帐户。Return the storage account with the given account.
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/diagnosticSettings/Microsoft.Insights/diagnosticSettings/	创建、更新或读取 Analysis Server 的诊断设置Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logdefinitions/Microsoft.Insights/logdefinitions/	此权限对于需要通过门户访问活动日志的用户是必需的。This permission is necessary for users who need access to Activity Logs via the portal. 列出活动日志中的日志类别。List log categories in Activity Log.
Microsoft.Insights/metricDefinitions/Microsoft.Insights/metricDefinitions/	读取指标定义（资源的可用指标类型的列表）。Read metric definitions (list of available metric types for a resource).
Microsoft.Logic/Microsoft.Logic/	管理逻辑应用资源。Manages Logic Apps resources.
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read	获取订阅操作结果。Get the subscription operation results.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action	返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read	返回存储帐户的列表，或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
Microsoft.Web/connectionGateways/Microsoft.Web/connectionGateways/	创建和管理连接网关。Create and manages a Connection Gateway.
Microsoft.Web/connections/Microsoft.Web/connections/	创建和管理连接。Create and manages a Connection.
Microsoft.Web/customApis/Microsoft.Web/customApis/	创建和管理自定义 API。Creates and manages a Custom API.
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read	获取应用服务计划的属性Get the properties on an App Service Plan
Microsoft.Web/sites/functions/listSecrets/actionMicrosoft.Web/sites/functions/listSecrets/action	列出机密 Web 应用函数。List Secrets Web Apps Functions.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

逻辑应用运算符Logic App Operator


说明Description	允许读取、启用和禁用逻辑应用，但不允许编辑或更新它们。Lets you read, enable, and disable logic apps, but not edit or update them.
Id Id	515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules//readMicrosoft.Insights/alertRules//read	读取 Insights 警报规则Read Insights alert rules
Microsoft.Insights/diagnosticSettings//readMicrosoft.Insights/diagnosticSettings//read	获取逻辑应用的诊断设置Gets diagnostic settings for Logic Apps
Microsoft.Insights/metricDefinitions//readMicrosoft.Insights/metricDefinitions//read	获取逻辑应用的可用指标。Gets the available metrics for Logic Apps.
Microsoft.Logic//readMicrosoft.Logic//read	读取逻辑应用资源。Reads Logic Apps resources.
Microsoft.Logic/workflows/disable/actionMicrosoft.Logic/workflows/disable/action	禁用工作流。Disables the workflow.
Microsoft.Logic/workflows/enable/actionMicrosoft.Logic/workflows/enable/action	启用工作流。Enables the workflow.
Microsoft.Logic/workflows/validate/actionMicrosoft.Logic/workflows/validate/action	验证工作流。Validates the workflow.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read	获取或列出部署操作。Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read	获取订阅操作结果。Get the subscription operation results.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
Microsoft.Web/connectionGateways//readMicrosoft.Web/connectionGateways//read	读取连接网关。Read Connection Gateways.
Microsoft.Web/connections//readMicrosoft.Web/connections//read	读取连接。Read Connections.
Microsoft.Web/customApis//readMicrosoft.Web/customApis//read	读取自定义 API。Read Custom API.
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read	获取应用服务计划的属性Get the properties on an App Service Plan
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

托管应用程序操作员角色Managed Application Operator Role


说明Description	可让你在托管应用程序资源上读取和执行操作Lets you read and perform actions on Managed Application resources
Id Id	c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae
操作Actions
/read/read	读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.Solutions/applications/readMicrosoft.Solutions/applications/read	检索应用程序列表。Retrieves a list of applications.
Microsoft.Solutions//actionMicrosoft.Solutions//action
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

托管应用程序读者Managed Applications Reader


说明Description	允许读取托管应用中的资源并请求 JIT 访问。Lets you read resources in a managed app and request JIT access.
Id Id	b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44
操作Actions
/read/read	读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Solutions/jitRequests/Microsoft.Solutions/jitRequests/
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

托管的标识参与者Managed Identity Contributor


说明Description	创建、读取、更新和删除用户分配的标识Create, Read, Update, and Delete User Assigned Identity
Id Id	e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
操作Actions
Microsoft.ManagedIdentity/userAssignedIdentities/readMicrosoft.ManagedIdentity/userAssignedIdentities/read	获取现有用户分配标识Gets an existing user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/writeMicrosoft.ManagedIdentity/userAssignedIdentities/write	创建新的用户分配标识或更新与现有用户分配标识关联的标记Creates a new user assigned identity or updates the tags associated with an existing user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/deleteMicrosoft.ManagedIdentity/userAssignedIdentities/delete	删除现有用户分配标识Deletes an existing user assigned identity
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

托管的标识操作员Managed Identity Operator


说明Description	读取和分配用户分配的标识Read and Assign User Assigned Identity
Id Id	f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830
操作Actions
Microsoft.ManagedIdentity/userAssignedIdentities//readMicrosoft.ManagedIdentity/userAssignedIdentities//read
Microsoft.ManagedIdentity/userAssignedIdentities//assign/actionMicrosoft.ManagedIdentity/userAssignedIdentities//assign/action
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

管理组参与者Management Group Contributor


说明Description	管理组参与者角色Management Group Contributor Role
Id Id	5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
操作Actions
Microsoft.Management/managementGroups/deleteMicrosoft.Management/managementGroups/delete	删除管理组。Delete management group.
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read	列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
Microsoft.Management/managementGroups/subscriptions/deleteMicrosoft.Management/managementGroups/subscriptions/delete	从管理组取消关联订阅。De-associates subscription from the management group.
Microsoft.Management/managementGroups/subscriptions/writeMicrosoft.Management/managementGroups/subscriptions/write	将现有订阅与管理组关联。Associates existing subscription with the management group.
Microsoft.Management/managementGroups/writeMicrosoft.Management/managementGroups/write	创建或更新管理组。Create or update a management group.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

管理组读取者Management Group Reader


说明Description	管理组读取者角色Management Group Reader Role
Id Id	ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d
操作Actions
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read	列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

监视参与者Monitoring Contributor


说明Description	可以读取所有监视数据和编辑监视设置。Can read all monitoring data and edit monitoring settings. 另请参阅 Azure Monitor 的角色、权限和安全入门。See also Get started with roles, permissions, and security with Azure Monitor.
Id Id	749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa
操作Actions
/read/read	读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.AlertsManagement/alerts/Microsoft.AlertsManagement/alerts/
Microsoft.AlertsManagement/alertsSummary/Microsoft.AlertsManagement/alertsSummary/
Microsoft.Insights/actiongroups/Microsoft.Insights/actiongroups/
Microsoft.Insights/activityLogAlerts/Microsoft.Insights/activityLogAlerts/
Microsoft.Insights/AlertRules/Microsoft.Insights/AlertRules/	读取/写入/删除警报规则。Read/write/delete alert rules.
Microsoft.Insights/DiagnosticSettings/Microsoft.Insights/DiagnosticSettings/	读取/写入/删除诊断设置。Read/write/delete diagnostic settings.
Microsoft.Insights/eventtypes/Microsoft.Insights/eventtypes/	列出订阅中的活动日志事件（管理事件）。List Activity Log events (management events) in a subscription. 此权限适用于对活动日志的编程和门户访问。This permission is applicable to both programmatic and portal access to the Activity Log.
Microsoft.Insights/LogDefinitions/Microsoft.Insights/LogDefinitions/	此权限对于需要通过门户访问活动日志的用户是必需的。This permission is necessary for users who need access to Activity Logs via the portal. 列出活动日志中的日志类别。List log categories in Activity Log.
Microsoft.Insights/metricalerts/Microsoft.Insights/metricalerts/
Microsoft.Insights/MetricDefinitions/Microsoft.Insights/MetricDefinitions/	读取指标定义（资源的可用指标类型的列表）。Read metric definitions (list of available metric types for a resource).
Microsoft.Insights/Metrics/Microsoft.Insights/Metrics/	读取资源的指标。Read metrics for a resource.
Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action	注册 Microsoft Insights 提供程序Register the Microsoft Insights provider
Microsoft.Insights/scheduledqueryrules/Microsoft.Insights/scheduledqueryrules/
Microsoft.OperationalInsights/workspaces/intelligencepacks/Microsoft.OperationalInsights/workspaces/intelligencepacks/	读取/写入/删除日志分析解决方案包。Read/write/delete log analytics solution packs.
Microsoft.OperationalInsights/workspaces/savedSearches/Microsoft.OperationalInsights/workspaces/savedSearches/	读取/写入/删除日志分析保存的搜索。Read/write/delete log analytics saved searches.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action	执行搜索查询Executes a search query
Microsoft.OperationalInsights/workspaces/sharedKeys/actionMicrosoft.OperationalInsights/workspaces/sharedKeys/action	检索工作区的共享密钥。Retrieves the shared keys for the workspace. 这些密钥用于将 Microsoft Operational Insights 代理连接到工作区。These keys are used to connect Microsoft Operational Insights agents to the workspace.
Microsoft.OperationalInsights/workspaces/storageinsightconfigs/Microsoft.OperationalInsights/workspaces/storageinsightconfigs/	读取/写入/删除日志分析存储见解配置。Read/write/delete log analytics storage insight configurations.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
Microsoft.WorkloadMonitor/monitors/Microsoft.WorkloadMonitor/monitors/
Microsoft.WorkloadMonitor/notificationSettings/Microsoft.WorkloadMonitor/notificationSettings/
Microsoft.AlertsManagement/smartDetectorAlertRules/Microsoft.AlertsManagement/smartDetectorAlertRules/
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

监视指标发布者Monitoring Metrics Publisher


说明Description	允许针对 Azure 资源发布指标Enables publishing metrics against Azure resources
Id Id	3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb
操作Actions
Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action	注册 Microsoft Insights 提供程序Register the Microsoft Insights provider
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
不操作NotActions
无none
DataActionsDataActions
Microsoft.Insights/Metrics/WriteMicrosoft.Insights/Metrics/Write	写入指标Write metrics
NotDataActionsNotDataActions
无none

监视读取者Monitoring Reader


说明Description	可以读取所有监视数据（指标、日志等）。Can read all monitoring data (metrics, logs, etc.). 另请参阅 Azure Monitor 的角色、权限和安全入门。See also Get started with roles, permissions, and security with Azure Monitor.
Id Id	43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05
操作Actions
/read/read	读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action	执行搜索查询Executes a search query
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

网络参与者Network Contributor


说明Description	允许管理网络，但不允许访问这些网络。Lets you manage networks, but not access to them.
Id Id	4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.Network/Microsoft.Network/	创建并管理网络Create and manage networks
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

New elic APM 帐户参与者New Relic APM Account Contributor


说明Description	允许管理 New Relic 应用程序性能管理帐户和应用程序，但不允许访问它们。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.
Id Id	5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
NewRelic.APM/accounts/NewRelic.APM/accounts/
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

读取器和数据访问Reader and Data Access


说明Description	允许查看所有内容，但不允许删除或创建存储帐户或包含的资源。Lets you view everything but will not let you delete or create a storage account or contained resource. 它还允许使用存储帐户密钥对存储帐户中包含的所有数据进行读/写访问。It will also allow read/write access to all data contained in a storage account via access to storage account keys.
Id Id	c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349
操作Actions
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action	返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action	返回指定存储帐户的帐户 SAS 令牌。Returns the Account SAS token for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read	返回存储帐户的列表，或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

Redis 缓存参与者Redis Cache Contributor


说明Description	允许管理 Redis 缓存，但不允许访问这些缓存。Lets you manage Redis caches, but not access to them.
Id Id	e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role Assignments
Microsoft.Cache/redis/Microsoft.Cache/redis/	创建和管理 Redis 缓存Create and manage Redis caches
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

资源策略参与者（预览）Resource Policy Contributor (Preview)


说明Description	（预览）通过 EA 回填的用户，具有创建/修改资源策略、创建支持票证和读取资源/层次结构的权限。(Preview) Backfilled users from EA, with rights to create/modify resource policy, create support ticket and read resources/hierarchy.
Id Id	36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608
操作Actions
/read/read	读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.Authorization/policyassignments/Microsoft.Authorization/policyassignments/	创建和管理策略分配Create and manage policy assignments
Microsoft.Authorization/policydefinitions/Microsoft.Authorization/policydefinitions/	创建和管理策略定义Create and manage policy definitions
Microsoft.Authorization/policysetdefinitions/Microsoft.Authorization/policysetdefinitions/	创建和管理策略集Create and manage policy sets
Microsoft.PolicyInsights/Microsoft.PolicyInsights/
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

计划程序作业集合参与者Scheduler Job Collections Contributor


说明Description	允许管理计划程序作业集合，但不允许访问这些集合。Lets you manage Scheduler job collections, but not access to them.
Id Id	188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Scheduler/jobcollections/Microsoft.Scheduler/jobcollections/	创建和管理作业集合Create and manage job collections
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

安全管理员Security Admin


说明Description	仅在安全中心内：可以查看安全策略、查看安全状态、编辑安全策略、查看警报和建议、关闭警报和建议In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations
Id Id	fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Authorization/policyAssignments/Microsoft.Authorization/policyAssignments/	创建和管理策略分配Create and manage policy assignments
Microsoft.Authorization/policyDefinitions/Microsoft.Authorization/policyDefinitions/	创建和管理策略定义Create and manage policy definitions
Microsoft.Authorization/policySetDefinitions/Microsoft.Authorization/policySetDefinitions/	创建和管理策略集Create and manage policy sets
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read	列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
Microsoft.operationalInsights/workspaces//readMicrosoft.operationalInsights/workspaces//read	查看日志分析数据View log analytics data
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Security/Microsoft.Security/
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

安全管理器（旧版）Security Manager (Legacy)


说明Description	这是旧角色。This is a legacy role. 请改用安全管理员角色Please use Security Administrator instead
Id Id	e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.ClassicCompute//readMicrosoft.ClassicCompute//read	读取经典虚拟机的配置信息Read configuration information classic virtual machines
Microsoft.ClassicCompute/virtualMachines//writeMicrosoft.ClassicCompute/virtualMachines//write	写入经典虚拟机的配置Write configuration for classic virtual machines
Microsoft.ClassicNetwork//readMicrosoft.ClassicNetwork//read	读取有关经典网络的配置信息Read configuration information about classic network
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Security/Microsoft.Security/	创建和管理安全组件和策略Create and manage security components and policies
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

安全读取者Security Reader


说明Description	仅在安全中心内：可以查看建议和警报、查看安全策略、查看安全状态，但不能进行更改In Security Center only: Can view recommendations and alerts, view security policies, view security states, but cannot make changes
Id Id	39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.operationalInsights/workspaces//readMicrosoft.operationalInsights/workspaces//read	查看日志分析数据View log analytics data
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Security//readMicrosoft.Security//read	读取安全组件和策略Read security components and policies
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read	列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

Site Recovery 参与者Site Recovery Contributor


说明Description	允许管理除保管库创建和角色分配外的 Site Recovery 服务Lets you manage Site Recovery service except vault creation and role assignment
Id Id	6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read	获取虚拟网络定义Get the virtual network definition
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read	GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/locations/allocateStamp/actionMicrosoft.RecoveryServices/locations/allocateStamp/action	AllocateStamp 是服务使用的内部操作AllocateStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write	“更新资源证书”操作更新资源/保管库凭据证书。The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/Microsoft.RecoveryServices/Vaults/extendedInformation/	创建和管理与保管库相关的扩展信息Create and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read	“获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read
Microsoft.RecoveryServices/Vaults/registeredIdentities/Microsoft.RecoveryServices/Vaults/registeredIdentities/	创建和管理已注册标识Create and manage registered identities
Microsoft.RecoveryServices/vaults/replicationAlertSettings/Microsoft.RecoveryServices/vaults/replicationAlertSettings/	创建或更新复制警报设置Create or Update replication alert settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read	读取任何事件Read any Events
Microsoft.RecoveryServices/vaults/replicationFabrics/Microsoft.RecoveryServices/vaults/replicationFabrics/	创建和管理复制结构Create and manage replication fabrics
Microsoft.RecoveryServices/vaults/replicationJobs/Microsoft.RecoveryServices/vaults/replicationJobs/	创建和管理复制作业Create and manage replication jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/Microsoft.RecoveryServices/vaults/replicationPolicies/	创建和管理复制策略Create and manage replication policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/	创建和管理恢复计划Create and manage recovery plans
Microsoft.RecoveryServices/Vaults/storageConfig/Microsoft.RecoveryServices/Vaults/storageConfig/	创建和管理恢复服务保管库的存储配置Create and manage storage configuration of Recovery Services vault
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read	返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read	“保管库令牌”操作可用于获取保管库级后端操作的保管库令牌。The Vault Token operation can be used to get Vault Token for vault level backend operations.
Microsoft.RecoveryServices/Vaults/monitoringAlerts/Microsoft.RecoveryServices/Vaults/monitoringAlerts/	读取恢复服务保管库的警报Read alerts for the Recovery services vault
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read	返回存储帐户的列表，或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

Site Recovery 操作员Site Recovery Operator


说明Description	允许进行故障转移和故障回复，但不允许执行其他 Site Recovery 管理操作Lets you failover and failback but not perform other Site Recovery management operations
Id Id	494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read	获取虚拟网络定义Get the virtual network definition
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read	GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/locations/allocateStamp/actionMicrosoft.RecoveryServices/locations/allocateStamp/action	AllocateStamp 是服务使用的内部操作AllocateStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read	“获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read	“获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read	“获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read	“获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/vaults/replicationAlertSettings/readMicrosoft.RecoveryServices/vaults/replicationAlertSettings/read	读取任何警报设置Read any Alerts Settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read	读取任何事件Read any Events
Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action	检查结构的一致性Checks Consistency of the Fabric
Microsoft.RecoveryServices/vaults/replicationFabrics/readMicrosoft.RecoveryServices/vaults/replicationFabrics/read	读取任何结构Read any Fabrics
Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action	重新关联网关Reassociate Gateway
Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action	续订 Fabric 的证书Renew Certificate for Fabric
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read	读取任何网络Read any Networks
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read	读取任何网络映射Read any Network Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read	读取任何保护容器Read any Protection Containers
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read	读取任何可保护项Read any Protectable Items
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action	应用还原点Apply Recovery Point
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action	故障转移提交Failover Commit
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action	计划内故障转移Planned Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read	读取任何受保护项Read any Protected Items
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read	读取任何复制恢复点Read any Replication Recovery Points
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action	修复复制Repair replication
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action	重新保护受保护的项ReProtect Protected Item
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action	测试故障转移Test Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action	测试故障转移清理Test Failover Cleanup
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action	故障转移Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action	更新移动服务Update Mobility Service
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read	读取任何保护容器映射Read any Protection Container Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read	读取任何恢复服务提供程序Read any Recovery Services Providers
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action	刷新提供程序Refresh Provider
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read	读取任何存储分类Read any Storage Classifications
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read	读取任何存储分类映射Read any Storage Classification Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read	读取任何 vCenterRead any vCenters
Microsoft.RecoveryServices/vaults/replicationJobs/Microsoft.RecoveryServices/vaults/replicationJobs/	创建和管理复制作业Create and manage replication jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/readMicrosoft.RecoveryServices/vaults/replicationPolicies/read	读取任何策略Read any Policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action	故障转移提交恢复计划Failover Commit Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action	计划内故障转移恢复计划Planned Failover Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/readMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/read	读取任何恢复计划Read any Recovery Plans
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action	重新保护恢复计划ReProtect Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action	测试故障转移恢复计划Test Failover Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action	测试故障转移清理恢复计划Test Failover Cleanup Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action	故障转移恢复计划Failover Recovery Plan
Microsoft.RecoveryServices/Vaults/monitoringAlerts/Microsoft.RecoveryServices/Vaults/monitoringAlerts/	读取恢复服务保管库的警报Read alerts for the Recovery services vault
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read
Microsoft.RecoveryServices/Vaults/storageConfig/readMicrosoft.RecoveryServices/Vaults/storageConfig/read
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read	返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read	“保管库令牌”操作可用于获取保管库级后端操作的保管库令牌。The Vault Token operation can be used to get Vault Token for vault level backend operations.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read	返回存储帐户的列表，或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

Site Recovery 读取者Site Recovery Reader


说明Description	允许查看 Site Recovery 状态，但不允许执行其他管理操作Lets you view Site Recovery status but not perform other management operations
Id Id	dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read	GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read	“获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read	获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read	“获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read	“获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read	“获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/vaults/replicationAlertSettings/readMicrosoft.RecoveryServices/vaults/replicationAlertSettings/read	读取任何警报设置Read any Alerts Settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read	读取任何事件Read any Events
Microsoft.RecoveryServices/vaults/replicationFabrics/readMicrosoft.RecoveryServices/vaults/replicationFabrics/read	读取任何结构Read any Fabrics
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read	读取任何网络Read any Networks
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read	读取任何网络映射Read any Network Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read	读取任何保护容器Read any Protection Containers
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read	读取任何可保护项Read any Protectable Items
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read	读取任何受保护项Read any Protected Items
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read	读取任何复制恢复点Read any Replication Recovery Points
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read	读取任何保护容器映射Read any Protection Container Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read	读取任何恢复服务提供程序Read any Recovery Services Providers
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read	读取任何存储分类Read any Storage Classifications
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read	读取任何存储分类映射Read any Storage Classification Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read	读取任何 vCenterRead any vCenters
Microsoft.RecoveryServices/vaults/replicationJobs/readMicrosoft.RecoveryServices/vaults/replicationJobs/read	读取任何作业Read any Jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/readMicrosoft.RecoveryServices/vaults/replicationPolicies/read	读取任何策略Read any Policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/readMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/read	读取任何恢复计划Read any Recovery Plans
Microsoft.RecoveryServices/Vaults/storageConfig/readMicrosoft.RecoveryServices/Vaults/storageConfig/read
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read	返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read	“保管库令牌”操作可用于获取保管库级后端操作的保管库令牌。The Vault Token operation can be used to get Vault Token for vault level backend operations.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

空间定位点帐户参与者Spatial Anchors Account Contributor


说明Description	允许管理帐户中的空间定位点，但不能删除它们Lets you manage spatial anchors in your account, but not delete them
Id Id	8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
操作Actions
无none
不操作NotActions
无none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action	创建空间定位点Create spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read	发现附近的空间定位点Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read	获取空间定位点的属性Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read	找到空间定位点Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read	提交诊断数据以帮助提高 Azure 空间定位点服务的质量Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write	更新空间定位点属性Update spatial anchors properties
NotDataActionsNotDataActions
无none

空间定位点帐户所有者Spatial Anchors Account Owner


说明Description	允许管理帐户中的空间定位点，包括删除它们Lets you manage spatial anchors in your account, including deleting them
Id Id	70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c
操作Actions
无none
不操作NotActions
无none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action	创建空间定位点Create spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/deleteMicrosoft.MixedReality/SpatialAnchorsAccounts/delete	删除空间定位点Delete spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read	发现附近的空间定位点Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read	获取空间定位点的属性Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read	找到空间定位点Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read	提交诊断数据以帮助提高 Azure 空间定位点服务的质量Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write	更新空间定位点属性Update spatial anchors properties
NotDataActionsNotDataActions
无none

空间定位点帐户读者Spatial Anchors Account Reader


说明Description	允许在帐户中查找和读取空间定位点的属性Lets you locate and read properties of spatial anchors in your account
Id Id	5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413
操作Actions
无none
不操作NotActions
无none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read	发现附近的空间定位点Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read	获取空间定位点的属性Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read	找到空间定位点Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read	提交诊断数据以帮助提高 Azure 空间定位点服务的质量Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
NotDataActionsNotDataActions
无none

SQL DB 参与者SQL DB Contributor


说明Description	允许管理 SQL 数据库，但不允许访问这些数据库。Lets you manage SQL databases, but not access to them. 此外，不允许管理其安全相关的策略或其父 SQL 服务器。Also, you can't manage their security-related policies or their parent SQL servers.
Id Id	9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Sql/locations//readMicrosoft.Sql/locations//read
Microsoft.Sql/servers/databases/Microsoft.Sql/servers/databases/	创建和管理 SQL 数据库Create and manage SQL databases
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read	返回服务器列表，或获取指定服务器的属性。Return the list of servers or gets the properties for the specified server.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read	添加指标Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read	读取指标定义Read metric definitions
不操作NotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/Microsoft.Sql/managedInstances/databases/securityAlertPolicies/
Microsoft.Sql/managedInstances/databases/sensitivityLabels/Microsoft.Sql/managedInstances/databases/sensitivityLabels/
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/
Microsoft.Sql/managedInstances/securityAlertPolicies/Microsoft.Sql/managedInstances/securityAlertPolicies/
Microsoft.Sql/managedInstances/vulnerabilityAssessments/Microsoft.Sql/managedInstances/vulnerabilityAssessments/
Microsoft.Sql/servers/databases/auditingPolicies/Microsoft.Sql/servers/databases/auditingPolicies/	编辑审核策略Edit audit policies
Microsoft.Sql/servers/databases/auditingSettings/Microsoft.Sql/servers/databases/auditingSettings/	编辑审核设置Edit audit settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read	检索数据库 Blob 审核记录Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/Microsoft.Sql/servers/databases/connectionPolicies/	编辑连接策略Edit connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/Microsoft.Sql/servers/databases/currentSensitivityLabels/
Microsoft.Sql/servers/databases/dataMaskingPolicies/Microsoft.Sql/servers/databases/dataMaskingPolicies/	编辑数据屏蔽策略Edit data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/Microsoft.Sql/servers/databases/extendedAuditingSettings/
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/Microsoft.Sql/servers/databases/recommendedSensitivityLabels/
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/
Microsoft.Sql/servers/databases/securityAlertPolicies/Microsoft.Sql/servers/databases/securityAlertPolicies/	编辑安全警报策略Edit security alert policies
Microsoft.Sql/servers/databases/securityMetrics/Microsoft.Sql/servers/databases/securityMetrics/	编辑安全度量值Edit security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/Microsoft.Sql/servers/databases/sensitivityLabels/
Microsoft.Sql/servers/databases/vulnerabilityAssessments/Microsoft.Sql/servers/databases/vulnerabilityAssessments/
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/
Microsoft.Sql/servers/vulnerabilityAssessments/Microsoft.Sql/servers/vulnerabilityAssessments/
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

SQL 托管实例参与者SQL Managed Instance Contributor


说明Description	允许你管理 SQL 托管实例和所需的网络配置，但无法向其他人授予访问权限。Lets you manage SQL Managed Instances and required network configuration, but can’t give access to others.
Id Id	4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
操作Actions
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Network/networkSecurityGroups/Microsoft.Network/networkSecurityGroups/
Microsoft.Network/routeTables/Microsoft.Network/routeTables/
Microsoft.Sql/locations//readMicrosoft.Sql/locations//read
Microsoft.Sql/managedInstances/Microsoft.Sql/managedInstances/
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
Microsoft.Network/virtualNetworks/subnets/Microsoft.Network/virtualNetworks/subnets/
Microsoft.Network/virtualNetworks/Microsoft.Network/virtualNetworks/
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read	添加指标Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read	读取指标定义Read metric definitions
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

SQL 安全管理器SQL Security Manager


说明Description	允许管理 SQL 服务器和数据库的安全相关策略，但不允许访问它们。Lets you manage the security-related policies of SQL servers and databases, but not access to them.
Id Id	056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取 Microsoft 授权Read Microsoft authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action	将存储帐户或 SQL 数据库等资源加入到子网。Joins resource such as storage account or SQL database to a subnet. 不可发出警报。Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/Microsoft.Sql/managedInstances/databases/securityAlertPolicies/
Microsoft.Sql/managedInstances/databases/sensitivityLabels/Microsoft.Sql/managedInstances/databases/sensitivityLabels/
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/
Microsoft.Sql/managedInstances/securityAlertPolicies/Microsoft.Sql/managedInstances/securityAlertPolicies/
Microsoft.Sql/managedInstances/databases/transparentDataEncryption/Microsoft.Sql/managedInstances/databases/transparentDataEncryption/
Microsoft.Sql/managedInstances/vulnerabilityAssessments/Microsoft.Sql/managedInstances/vulnerabilityAssessments/
Microsoft.Sql/servers/auditingPolicies/Microsoft.Sql/servers/auditingPolicies/	创建和管理 SQL 服务器审核策略Create and manage SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/Microsoft.Sql/servers/auditingSettings/	创建和管理 SQL 服务器审核设置Create and manage SQL server auditing setting
Microsoft.Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read	检索在给定服务器上配置的扩展服务器 blob 审核策略的详细信息Retrieve details of the extended server blob auditing policy configured on a given server
Microsoft.Sql/servers/databases/auditingPolicies/Microsoft.Sql/servers/databases/auditingPolicies/	创建和管理 SQL 服务器数据库审核策略Create and manage SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/Microsoft.Sql/servers/databases/auditingSettings/	创建和管理 SQL 服务器数据库审核设置Create and manage SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read	读取审核记录Read audit records
Microsoft.Sql/servers/databases/connectionPolicies/Microsoft.Sql/servers/databases/connectionPolicies/	创建和管理 SQL 服务器数据库连接策略Create and manage SQL server database connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/Microsoft.Sql/servers/databases/currentSensitivityLabels/
Microsoft.Sql/servers/databases/dataMaskingPolicies/Microsoft.Sql/servers/databases/dataMaskingPolicies/	创建和管理 SQL 服务器数据库数据屏蔽策略Create and manage SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read	检索在给定的数据库上配置的扩展 blob 审核策略的详细信息Retrieve details of the extended blob auditing policy configured on a given database
Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/read	返回数据库的列表，或获取指定数据库的属性。Return the list of databases or gets the properties for the specified database.
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/Microsoft.Sql/servers/databases/recommendedSensitivityLabels/
Microsoft.Sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read	获取数据库架构。Get a database schema.
Microsoft.Sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read	获取数据库列。Get a database column.
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/
Microsoft.Sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read	获取数据库表。Get a database table.
Microsoft.Sql/servers/databases/securityAlertPolicies/Microsoft.Sql/servers/databases/securityAlertPolicies/	创建和管理 SQL 服务器数据库安全警报策略Create and manage SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/Microsoft.Sql/servers/databases/securityMetrics/	创建和管理 SQL 服务器数据库安全度量值Create and manage SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/Microsoft.Sql/servers/databases/sensitivityLabels/
Microsoft.Sql/servers/databases/transparentDataEncryption/Microsoft.Sql/servers/databases/transparentDataEncryption/
Microsoft.Sql/servers/databases/vulnerabilityAssessments/Microsoft.Sql/servers/databases/vulnerabilityAssessments/
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/
Microsoft.Sql/servers/firewallRules/Microsoft.Sql/servers/firewallRules/
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read	返回服务器列表，或获取指定服务器的属性。Return the list of servers or gets the properties for the specified server.
Microsoft.Sql/servers/securityAlertPolicies/Microsoft.Sql/servers/securityAlertPolicies/	创建和管理 SQL 服务器安全警报策略Create and manage SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/Microsoft.Sql/servers/vulnerabilityAssessments/
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

SQL Server 参与者SQL Server Contributor


说明Description	允许管理 SQL 服务器和数据库，但不允许访问它们及其安全相关的策略。Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.
Id Id	6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Sql/locations//readMicrosoft.Sql/locations//read
Microsoft.Sql/servers/Microsoft.Sql/servers/	创建和管理 SQL 服务器Create and manage SQL servers
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read	添加指标Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read	读取指标定义Read metric definitions
不操作NotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/Microsoft.Sql/managedInstances/databases/securityAlertPolicies/
Microsoft.Sql/managedInstances/databases/sensitivityLabels/Microsoft.Sql/managedInstances/databases/sensitivityLabels/
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/
Microsoft.Sql/managedInstances/securityAlertPolicies/Microsoft.Sql/managedInstances/securityAlertPolicies/
Microsoft.Sql/managedInstances/vulnerabilityAssessments/Microsoft.Sql/managedInstances/vulnerabilityAssessments/
Microsoft.Sql/servers/auditingPolicies/Microsoft.Sql/servers/auditingPolicies/	编辑 SQL 服务器审核策略Edit SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/Microsoft.Sql/servers/auditingSettings/	编辑 SQL 服务器审核设置Edit SQL server auditing settings
Microsoft.Sql/servers/databases/auditingPolicies/Microsoft.Sql/servers/databases/auditingPolicies/	编辑 SQL 服务器数据库审核策略Edit SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/Microsoft.Sql/servers/databases/auditingSettings/	编辑 SQL 服务器数据库审核设置Edit SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read	读取审核记录Read audit records
Microsoft.Sql/servers/databases/connectionPolicies/Microsoft.Sql/servers/databases/connectionPolicies/	编辑 SQL 服务器数据库连接策略Edit SQL server database connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/Microsoft.Sql/servers/databases/currentSensitivityLabels/
Microsoft.Sql/servers/databases/dataMaskingPolicies/Microsoft.Sql/servers/databases/dataMaskingPolicies/	编辑 SQL 服务器数据库数据屏蔽策略Edit SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/Microsoft.Sql/servers/databases/extendedAuditingSettings/
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/Microsoft.Sql/servers/databases/recommendedSensitivityLabels/
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/
Microsoft.Sql/servers/databases/securityAlertPolicies/Microsoft.Sql/servers/databases/securityAlertPolicies/	编辑 SQL 服务器数据库安全警报策略Edit SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/Microsoft.Sql/servers/databases/securityMetrics/	编辑 SQL 服务器数据库安全度量值Edit SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/Microsoft.Sql/servers/databases/sensitivityLabels/
Microsoft.Sql/servers/databases/vulnerabilityAssessments/Microsoft.Sql/servers/databases/vulnerabilityAssessments/
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/
Microsoft.Sql/servers/extendedAuditingSettings/Microsoft.Sql/servers/extendedAuditingSettings/
Microsoft.Sql/servers/securityAlertPolicies/Microsoft.Sql/servers/securityAlertPolicies/	编辑 SQL 服务器安全警报策略Edit SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/Microsoft.Sql/servers/vulnerabilityAssessments/
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

存储帐户参与者Storage Account Contributor


说明Description	允许管理存储帐户。Permits management of storage accounts. 提供对帐户密钥的访问权限，而帐户密钥可以用来通过共享密钥授权对数据进行访问。Provides access to the account key, which can be used to access data via Shared Key authorization.
Id Id	17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取所有授权Read all authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/diagnosticSettings/Microsoft.Insights/diagnosticSettings/	管理诊断设置Manage diagnostic settings
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action	将存储帐户或 SQL 数据库等资源加入到子网。Joins resource such as storage account or SQL database to a subnet. 不可发出警报。Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/Microsoft.Storage/storageAccounts/	创建和管理存储帐户Create and manage storage accounts
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

存储帐户密钥操作员服务角色Storage Account Key Operator Service Role


说明Description	允许列出和重新生成存储帐户访问密钥。Permits listing and regenerating storage account access keys.
Id Id	81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12
操作Actions
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action	返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action	再生成指定存储帐户的访问密钥。Regenerates the access keys for the specified storage account.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

存储 Blob 数据参与者Storage Blob Data Contributor


说明Description	读取、写入和删除 Azure 存储容器与 Blob。Read, write, and delete Azure Storage containers and blobs. 若要了解需要对给定的数据执行哪些操作，请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
Id Id	ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe
操作Actions
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete	删除容器。Delete a container.
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read	返回容器或容器列表。Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write	修改容器的元数据或属性。Modify a container's metadata or properties.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action	返回 Blob 服务的用户委托密钥。Returns a user delegation key for the Blob service.
不操作NotActions
无none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete	删除 Blob。Delete a blob.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read	返回 Blob 或 Blob 列表。Return a blob or a list of blobs.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write	写入到 Blob。Write to a blob.
NotDataActionsNotDataActions
无none

存储 Blob 数据所有者Storage Blob Data Owner


说明Description	提供对 Azure 存储 blob 容器和数据的完全访问权限，包括分配 POSIX 访问控制。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 若要了解需要对给定的数据执行哪些操作，请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
Id Id	b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b
操作Actions
Microsoft.Storage/storageAccounts/blobServices/containers/Microsoft.Storage/storageAccounts/blobServices/containers/	对容器的完全权限。Full permissions on containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action	返回 Blob 服务的用户委托密钥。Returns a user delegation key for the Blob service.
不操作NotActions
无none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/Microsoft.Storage/storageAccounts/blobServices/containers/blobs/	对 Blob 的完全权限。Full permissions on blobs.
NotDataActionsNotDataActions
无none

存储 Blob 数据读取者Storage Blob Data Reader


说明Description	读取和列出 Azure 存储容器与 Blob。Read and list Azure Storage containers and blobs. 若要了解需要对给定的数据执行哪些操作，请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
Id Id	2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1
操作Actions
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read	返回容器或容器列表。Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action	返回 Blob 服务的用户委托密钥。Returns a user delegation key for the Blob service.
不操作NotActions
无none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read	返回 Blob 或 Blob 列表。Return a blob or a list of blobs.
NotDataActionsNotDataActions
无none

存储 Blob 代理Storage Blob Delegator


说明Description	获取用户委托密钥，该密钥随后可用来为通过 Azure AD 凭据签名的容器或 Blob 创建共享访问签名。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 有关详细信息，请参阅创建用户委托 SAS。For more information, see Create a user delegation SAS.
Id Id	db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a
操作Actions
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action	返回 Blob 服务的用户委托密钥。Returns a user delegation key for the Blob service.
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none


说明Description	允许通过 SMB 在 Azure 存储文件共享中进行读取、写入和删除访问Allows for read, write, and delete access in Azure Storage file shares over SMB
Id Id	0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb
操作Actions
无none
不操作NotActions
无none
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read	返回某个文件/文件夹，或文件/文件夹列表。Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write	返回写入文件或创建文件夹的结果。Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete	返回删除文件/文件夹的结果。Returns the result of deleting a file/folder.
NotDataActionsNotDataActions
无none


说明Description	允许通过 SMB 在 Azure 存储文件共享中进行读取、写入、删除和修改 NTFS 权限的访问Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB
Id Id	a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7
操作Actions
无none
不操作NotActions
无none
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read	返回某个文件/文件夹，或文件/文件夹列表。Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write	返回写入文件或创建文件夹的结果。Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete	返回删除文件/文件夹的结果。Returns the result of deleting a file/folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/actionMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action	返回修改文件/文件夹权限的结果。Returns the result of modifying permission on a file/folder.
NotDataActionsNotDataActions
无none


说明Description	允许通过 SMB 对 Azure 文件共享进行读取访问Allows for read access to Azure File Share over SMB
Id Id	aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314
操作Actions
无none
不操作NotActions
无none
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read	返回某个文件/文件夹，或文件/文件夹列表。Returns a file/folder or a list of files/folders.
NotDataActionsNotDataActions
无none

存储队列数据参与者Storage Queue Data Contributor


说明Description	读取、写入和删除 Azure 存储队列与队列消息。Read, write, and delete Azure Storage queues and queue messages. 若要了解需要对给定的数据执行哪些操作，请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
Id Id	974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88
操作Actions
Microsoft.Storage/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete	删除队列。Delete a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read	返回队列或队列列表。Return a queue or a list of queues.
Microsoft.Storage/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write	修改队列元数据或属性。Modify queue metadata or properties.
不操作NotActions
无none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete	从队列中删除一个或多个消息。Delete one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read	扫视或检索队列中的一个或多个消息。Peek or retrieve one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write	向队列添加消息。Add a message to a queue.
NotDataActionsNotDataActions
无none

存储队列数据消息处理者Storage Queue Data Message Processor


说明Description	在 Azure 存储队列中扫视、检索和删除消息。Peek, retrieve, and delete a message from an Azure Storage queue. 若要了解需要对给定的数据执行哪些操作，请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
Id Id	8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed
操作Actions
无none
不操作NotActions
无none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read	扫视消息。Peek a message.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action	检索和删除消息。Retrieve and delete a message.
NotDataActionsNotDataActions
无none

存储队列数据消息发送者Storage Queue Data Message Sender


说明Description	向 Azure 存储队列添加消息。Add messages to an Azure Storage queue. 若要了解需要对给定的数据执行哪些操作，请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
Id Id	c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a
操作Actions
无none
不操作NotActions
无none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action	向队列添加消息。Add a message to a queue.
NotDataActionsNotDataActions
无none

存储队列数据读取者Storage Queue Data Reader


说明Description	读取和列出 Azure 存储队列与队列消息。Read and list Azure Storage queues and queue messages. 若要了解需要对给定的数据执行哪些操作，请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
Id Id	19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925
操作Actions
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read	返回队列或队列列表。Returns a queue or a list of queues.
不操作NotActions
无none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read	扫视或检索队列中的一个或多个消息。Peek or retrieve one or more messages from a queue.
NotDataActionsNotDataActions
无none

支持请求参与者Support Request Contributor


说明Description	允许创建和管理支持请求Lets you create and manage Support requests
Id Id	cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取授权Read authorization
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

流量管理器参与者Traffic Manager Contributor


说明Description	允许管理流量管理器配置文件，但不允许控制谁可以访问它们。Lets you manage Traffic Manager profiles, but does not let you control who has access to them.
Id Id	a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Network/trafficManagerProfiles/Microsoft.Network/trafficManagerProfiles/
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

用户访问管理员User Access Administrator


说明Description	允许管理用户对 Azure 资源的访问权限。Lets you manage user access to Azure resources.
Id Id	18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9
操作Actions
/read/read	读取除密码外的所有类型的资源。Read resources of all Types, except secrets.
Microsoft.Authorization/Microsoft.Authorization/	管理授权Manage authorization
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none


说明Description	在门户中查看虚拟机并以管理员身份登录View Virtual Machines in the portal and login as administrator
Id Id	1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4
操作Actions
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read	获取公共 IP 地址定义。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read	获取虚拟网络定义Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read	获取负载均衡器定义Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read	获取网络接口定义。Gets a network interface definition.
Microsoft.Compute/virtualMachines//readMicrosoft.Compute/virtualMachines//read
不操作NotActions
无none
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action	以普通用户身份登录虚拟机Log in to a virtual machine as a regular user
Microsoft.Compute/virtualMachines/loginAsAdmin/actionMicrosoft.Compute/virtualMachines/loginAsAdmin/action	以 Windows 管理员身份或 Linux 根用户权限登录虚拟机Log in to a virtual machine with Windows administrator or Linux root user privileges
NotDataActionsNotDataActions
无none

虚拟机参与者Virtual Machine Contributor


说明Description	允许管理虚拟机，但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
Id Id	9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取授权Read authorization
Microsoft.Compute/availabilitySets/Microsoft.Compute/availabilitySets/	创建和管理计算可用性集Create and manage compute availability sets
Microsoft.Compute/locations/Microsoft.Compute/locations/	创建和管理计算位置Create and manage compute locations
Microsoft.Compute/virtualMachines/Microsoft.Compute/virtualMachines/	创建和管理虚拟机Create and manage virtual machines
Microsoft.Compute/virtualMachineScaleSets/Microsoft.Compute/virtualMachineScaleSets/	创建和管理虚拟机规模集Create and manage virtual machine scale sets
Microsoft.DevTestLab/schedules/Microsoft.DevTestLab/schedules/
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action	加入应用程序网关后端地址池。Joins an application gateway backend address pool. 不可发出警报。Not Alertable.
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action	加入负载均衡器后端地址池。Joins a load balancer backend address pool. 不可发出警报。Not Alertable.
Microsoft.Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action	加入负载均衡器入站 NAT 池。Joins a load balancer inbound NAT pool. 不可发出警报。Not alertable.
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action	加入负载均衡器入站 NAT 规则。Joins a load balancer inbound nat rule. 不可发出警报。Not Alertable.
Microsoft.Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action	允许使用负载均衡器的探测。Allows using probes of a load balancer. 例如，使用此权限，VM 规模集的 healthProbe 属性可以引用探测。For example, with this permission healthProbe property of VM scale set can reference the probe. 不可发出警报。Not alertable.
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read	获取负载均衡器定义Gets a load balancer definition
Microsoft.Network/locations/Microsoft.Network/locations/	创建和管理网络位置Create and manage network locations
Microsoft.Network/networkInterfaces/Microsoft.Network/networkInterfaces/	创建和管理网络接口Create and manage network interfaces
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action	加入网络安全组。Joins a network security group. 不可发出警报。Not Alertable.
Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read	获取网络安全组定义Gets a network security group definition
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action	加入公共 IP 地址。Joins a public ip address. 不可发出警报。Not Alertable.
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read	获取公共 IP 地址定义。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read	获取虚拟网络定义Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action	加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable.
Microsoft.RecoveryServices/locations/Microsoft.RecoveryServices/locations/
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write	创建备份保护意向Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems//readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems//read
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read	返回受保护项的对象详细信息Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write	创建备份受保护项Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read	返回所有保护策略Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write	创建保护策略Creates Protection Policy
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read	“获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read	返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write	“创建保管库”操作创建“vault”类型的 Azure 资源Create Vault operation creates an Azure resource of type 'vault'
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.SqlVirtualMachine/Microsoft.SqlVirtualMachine/
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action	返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read	返回存储帐户的列表，或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none


说明Description	在门户中查看虚拟机并以普通用户身份登录。View Virtual Machines in the portal and login as a regular user.
Id Id	fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52
操作Actions
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read	获取公共 IP 地址定义。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read	获取虚拟网络定义Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read	获取负载均衡器定义Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read	获取网络接口定义。Gets a network interface definition.
Microsoft.Compute/virtualMachines//readMicrosoft.Compute/virtualMachines//read
不操作NotActions
无none
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action	以普通用户身份登录虚拟机Log in to a virtual machine as a regular user
NotDataActionsNotDataActions
无none

Web 计划参与者Web Plan Contributor


说明Description	允许管理网站的 Web 计划，但不允许访问这些计划。Lets you manage the web plans for websites, but not access to them.
Id Id	2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取授权Read authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
Microsoft.Web/serverFarms/Microsoft.Web/serverFarms/	创建和管理服务器场Create and manage server farms
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none

网站参与者Website Contributor


说明Description	允许管理网站（而非 Web 计划），但不允许访问这些网站。Lets you manage websites (not web plans), but not access to them.
Id Id	de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772
操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read	读取授权Read authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/	创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/components/Microsoft.Insights/components/	创建和管理 Insights 组件Create and manage Insights components
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read	获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/Microsoft.Resources/deployments/	创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/Microsoft.Support/	创建和管理支持票证Create and manage support tickets
Microsoft.Web/certificates/Microsoft.Web/certificates/	创建和管理网站证书Create and manage website certificates
Microsoft.Web/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read	获取分配给主机名的站点名称。Get names of sites assigned to hostname.
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read	获取应用服务计划的属性Get the properties on an App Service Plan
Microsoft.Web/sites/Microsoft.Web/sites/	创建和管理网站（站点创建还需要对关联的应用服务计划有写入权限）Create and manage websites (site creation also requires write permissions to the associated App Service Plan)
不操作NotActions
无none
DataActionsDataActions
无none
NotDataActionsNotDataActions
无none