Azure 内置角色Azure built-in roles
Azure 基于角色的访问控制 (RBAC) 有多个 Azure 内置角色,可将其分配给用户、组、服务主体和托管标识。Azure role-based access control (RBAC) has several Azure built-in roles that you can assign to users, groups, service principals, and managed identities. 角色分配是控制对 Azure 资源的访问的方式。Role assignments are the way you control access to Azure resources. 如果内置角色不能满足组织的具体需求,则可创建自己的 Azure 自定义角色。If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles.
本文列出了 Azure 资源的内置角色,这些角色总是在不断发展。This article lists the built-in roles for Azure resources, which are always evolving. 若要获取最新角色,请使用 Get-AzRoleDefinition 或 az role definition list。To get the latest roles, use Get-AzRoleDefinition or az role definition list. 如果你正在查找 Azure Active Directory (Azure AD) 的管理员角色,请参阅 Azure Active Directory 中的管理员角色权限。If you are looking for administrator roles for Azure Active Directory (Azure AD), see Administrator role permissions in Azure Active Directory.
说明和 IDDescriptions and IDs
下表提供了每个内置角色的简短说明和唯一 ID。The following table provides a brief description and the unique ID of each built-in role. 选择角色名称可查看每个角色的 Actions、NotActions、DataActions 和 NotDataActions 列表。Select the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. 有关这些操作的含义以及它们如何应用于管理和数据平面的信息,请参阅了解 Azure 资源的角色定义。For information about what these actions mean and how they apply to the management and data planes, see Understand role definitions for Azure resources.
| 内置角色Built-in role | 说明Description | IDID |
|---|---|---|
| AcrDeleteAcrDelete | acr deleteacr delete | c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11 |
| AcrImageSignerAcrImageSigner | ACR 映像签名程序acr image signer | 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f |
| AcrPullAcrPull | acr 拉取acr pull | 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d |
| AcrPushAcrPush | acr 推送acr push | 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec |
| AcrQuarantineReaderAcrQuarantineReader | ACR 隔离数据读取器acr quarantine data reader | cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04 |
| AcrQuarantineWriterAcrQuarantineWriter | ACR 隔离数据编写器acr quarantine data writer | c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608 |
| API 管理服务参与者API Management Service Contributor | 可以管理服务和 APICan manage service and the APIs | 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c |
| API 管理服务操作员角色API Management Service Operator Role | 可以管理服务,但不可管理 APICan manage service but not the APIs | e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61 |
| API 管理服务读者角色API Management Service Reader Role | 对服务和 API 的只读访问权限Read-only access to service and APIs | 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d |
| 应用程序配置数据所有者App Configuration Data Owner | 允许对应用程序配置数据进行完全访问。Allows full access to App Configuration data. | 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b |
| 应用程序配置数据读取者App Configuration Data Reader | 允许对应用程序配置数据进行读取访问。Allows read access to App Configuration data. | 516239f1-63e1-4d78-a4de-a74fb236a071516239f1-63e1-4d78-a4de-a74fb236a071 |
| Application Insights 组件参与者Application Insights Component Contributor | 可管理 Application Insights 组件Can manage Application Insights components | ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e |
| Application Insights 快照调试器Application Insights Snapshot Debugger | 授予用户查看和下载使用 Application Insights Snapshot Debugger 收集的调试快照的权限。Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. 请注意,所有者或参与者角色不包括这些权限。Note that these permissions are not included in the Owner or Contributor roles. | 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b |
| 自动化作业操作员Automation Job Operator | 使用自动化 Runbook 创建和管理作业。Create and Manage Jobs using Automation Runbooks. | 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f |
| 自动化运算符Automation Operator | 自动化操作员能够启动、停止、暂停和恢复作业Automation Operators are able to start, stop, suspend, and resume jobs | d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404 |
| 自动化 Runbook 操作员Automation Runbook Operator | 读取 Runbook 属性 - 以能够创建 runbook 的作业。Read Runbook properties - to be able to create Jobs of the runbook. | 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5 |
| Avere 参与者Avere Contributor | 可以创建和管理 Avere vFXT 群集。Can create and manage an Avere vFXT cluster. | 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a |
| Avere 操作员Avere Operator | 由 Avere vFXT 群集用来管理群集Used by the Avere vFXT cluster to manage the cluster | c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9 |
| Azure Connected Machine 加入Azure Connected Machine Onboarding | 可以加入 Azure Connected Machine。Can onboard Azure Connected Machines. | b64e21ea-ac4e-4cdf-9dc9-5b892992bee7b64e21ea-ac4e-4cdf-9dc9-5b892992bee7 |
| Azure Connected Machine 资源管理员Azure Connected Machine Resource Administrator | 可以读取、写入、删除和重新加入 Azure Connected Machine。Can read, write, delete and re-onboard Azure Connected Machines. | cd570a14-e51a-42ad-bac8-bafd67325302cd570a14-e51a-42ad-bac8-bafd67325302 |
| Azure 事件中心数据所有者Azure Event Hubs Data Owner | 允许完全访问 Azure 事件中心资源。Allows for full access to Azure Event Hubs resources. | f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec |
| Azure 事件中心数据接收者Azure Event Hubs Data Receiver | 允许接收对 Azure 事件中心资源的访问权限。Allows receive access to Azure Event Hubs resources. | a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde |
| Azure 事件中心数据发送者Azure Event Hubs Data Sender | 允许以发送方式访问 Azure 事件中心资源。Allows send access to Azure Event Hubs resources. | 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975 |
| Azure Kubernetes 服务群集管理员角色Azure Kubernetes Service Cluster Admin Role | 列出群集管理员凭据操作。List cluster admin credential action. | 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8 |
| Azure Kubernetes 服务群集用户角色Azure Kubernetes Service Cluster User Role | 列出群集用户凭据操作。List cluster user credential action. | 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f |
| Azure Maps 数据读取器(预览)Azure Maps Data Reader (Preview) | 授予从 Azure Maps 帐户中读取相关数据的权限。Grants access to read map related data from an Azure maps account. | 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa |
| Azure Sentinel 参与者Azure Sentinel Contributor | Azure Sentinel 参与者Azure Sentinel Contributor | ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade |
| Azure Sentinel 读取者Azure Sentinel Reader | Azure Sentinel 读取者Azure Sentinel Reader | 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb |
| Azure Sentinel 响应方Azure Sentinel Responder | Azure Sentinel 响应方Azure Sentinel Responder | 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056 |
| Azure 服务总线数据所有者Azure Service Bus Data Owner | 允许完全访问 Azure 服务总线资源。Allows for full access to Azure Service Bus resources. | 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419 |
| Azure 服务总线数据接收者Azure Service Bus Data Receiver | 允许对 Azure 服务总线资源进行接收访问。Allows for receive access to Azure Service Bus resources. | 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0 |
| Azure 服务总线数据发送者Azure Service Bus Data Sender | 允许对 Azure 服务总线资源进行发送访问。Allows for send access to Azure Service Bus resources. | 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39 |
| Azure Stack 注册所有者Azure Stack Registration Owner | 允许管理 Azure Stack 注册。Lets you manage Azure Stack registrations. | 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a |
| 备份参与者Backup Contributor | 允许管理备份服务,但不允许创建保管库以及授予其他人访问权限Lets you manage backup service, but can't create vaults and give access to others | 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b |
| 备份操作员Backup Operator | 允许管理备份服务,但删除备份、创建保管库以及授予其他人访问权限除外Lets you manage backup services, except removal of backup, vault creation and giving access to others | 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324 |
| 备份读者Backup Reader | 可以查看备份服务,但是不能进行更改Can view backup services, but can't make changes | a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912 |
| 计费读者Billing Reader | 允许对帐单数据进行读取访问Allows read access to billing data | fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64 |
| BizTalk 参与者BizTalk Contributor | 允许管理 BizTalk 服务,但不允许访问这些服务。Lets you manage BizTalk services, but not access to them. | 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342 |
| 区块链成员节点访问(预览)Blockchain Member Node Access (Preview) | 允许访问区块链成员节点Allows for access to Blockchain Member nodes | 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24 |
| 蓝图参与者Blueprint Contributor | 可以管理蓝图定义,但不能对其进行分配。Can manage blueprint definitions, but not assign them. | 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4 |
| 蓝图操作员Blueprint Operator | 可以分配现有已发布的蓝图,但不能创建新蓝图。Can assign existing published blueprints, but cannot create new blueprints. 注意:仅当使用用户分配的托管标识完成分配时,此操作才有效。NOTE: this only works if the assignment is done with a user-assigned managed identity. | 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090 |
| CDN 终结点参与者CDN Endpoint Contributor | 可以管理 CDN 终结点,但不能向其他用户授予访问权限。Can manage CDN endpoints, but can't grant access to other users. | 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45 |
| CDN 终结点读者CDN Endpoint Reader | 可以查看 CDN 终结点,但不能进行更改。Can view CDN endpoints, but can't make changes. | 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd |
| CDN 配置文件参与者CDN Profile Contributor | 可以管理 CDN 配置文件及其终结点,但不能向其他用户授予访问权限。Can manage CDN profiles and their endpoints, but can't grant access to other users. | ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432 |
| CDN 配置文件读者CDN Profile Reader | 可以查看 CDN 配置文件及其终结点,但不能进行更改。Can view CDN profiles and their endpoints, but can't make changes. | 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af |
| 经典网络参与者Classic Network Contributor | 允许管理经典网络,但不允许访问这些网络。Lets you manage classic networks, but not access to them. | b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f |
| 经典存储帐户参与者Classic Storage Account Contributor | 允许管理经典存储帐户,但不允许对其进行访问。Lets you manage classic storage accounts, but not access to them. | 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25 |
| 经典存储帐户密钥操作员服务角色Classic Storage Account Key Operator Service Role | 允许经典存储帐户密钥操作员在经典存储帐户上列出和再生成密钥Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts | 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d |
| 经典虚拟机参与者Classic Virtual Machine Contributor | 允许管理经典虚拟机,但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb |
| 认知服务参与者Cognitive Services Contributor | 允许创建、读取、更新、删除和管理认知服务的密钥。Lets you create, read, update, delete and manage keys of Cognitive Services. | 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68 |
| 认知服务数据读者(预览)Cognitive Services Data Reader (Preview) | 可以读取认知服务数据。Lets you read Cognitive Services data. | b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c |
| 认知服务用户Cognitive Services User | 允许读取和列出认知服务的密钥。Lets you read and list keys of Cognitive Services. | a97b65f3-24c7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908 |
| 参与者Contributor | 允许管理所有功能(授予对资源的访问权限除外)。Lets you manage everything except granting access to resources. | b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c |
| Cosmos DB 帐户读者角色Cosmos DB Account Reader Role | 可以读取 Azure Cosmos DB 帐户数据。Can read Azure Cosmos DB account data. 请参阅 Cosmos DB 帐户参与者,了解如何管理 Azure Cosmos DB 帐户。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. | fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8 |
| Cosmos DB 操作员Cosmos DB Operator | 可以管理 Azure Cosmos DB 帐户,但不能访问其中的数据。Lets you manage Azure Cosmos DB accounts, but not access data in them. 阻止访问帐户密钥和连接字符串。Prevents access to account keys and connection strings. | 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa |
| CosmosBackupOperatorCosmosBackupOperator | 可以为帐户提交 Cosmos DB 数据库或容器的还原请求Can submit restore request for a Cosmos DB database or a container for an account | db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb |
| 成本管理参与者Cost Management Contributor | 可以查看成本和管理成本配置(例如预算、导出)Can view costs and manage cost configuration (e.g. budgets, exports) | 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430 |
| 成本管理读者Cost Management Reader | 可以查看成本数据和配置(例如预算、导出)Can view cost data and configuration (e.g. budgets, exports) | 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3 |
| Data Box 参与者Data Box Contributor | 可让你管理 Data Box 服务下的所有内容,但不能向其他人授予访问权限。Lets you manage everything under Data Box Service except giving access to others. | add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5 |
| Data Box 读者Data Box Reader | 可让你管理 Data Box 服务,但不能创建订单或编辑订单详细信息,以及向其他人授予访问权限。Lets you manage Data Box Service except creating order or editing order details and giving access to others. | 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027 |
| 数据工厂参与者Data Factory Contributor | 创建和管理数据工厂,以及其中的子资源。Create and manage data factories, as well as child resources within them. | 673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5 |
| Data Lake Analytics 开发人员Data Lake Analytics Developer | 允许提交、监视和管理自己的作业,但是不允许创建或删除 Data Lake Analytics 帐户。Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. | 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88 |
| 数据清除程序Data Purger | 可清除分析数据Can purge analytics data | 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90 |
| DevTest 实验室用户DevTest Labs User | 允许连接、启动、重启和关闭 Azure 开发测试实验室中的虚拟机。Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. | 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64 |
| DNS 区域参与者DNS Zone Contributor | 允许管理 Azure DNS 中的 DNS 区域和记录集,但不允许控制对其访问的人员。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. | befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314 |
| DocumentDB 帐户参与者DocumentDB Account Contributor | 可管理 Azure Cosmos DB 帐户。Can manage Azure Cosmos DB accounts. Azure Cosmos DB 以前称为 DocumentDB。Azure Cosmos DB is formerly known as DocumentDB. | 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450 |
| EventGrid EventSubscription 参与者EventGrid EventSubscription Contributor | 可以管理 EventGrid 事件订阅操作。Lets you manage EventGrid event subscription operations. | 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443 |
| EventGrid EventSubscription 读者EventGrid EventSubscription Reader | 可以读取 EventGrid 事件订阅。Lets you read EventGrid event subscriptions. | 2414bbcf-6497-4faf-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405 |
| HDInsight 群集操作员HDInsight Cluster Operator | 允许你读取和修改 HDInsight 群集配置。Lets you read and modify HDInsight cluster configurations. | 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a |
| HDInsight 域服务参与者HDInsight Domain Services Contributor | 可以读取、创建、修改和删除 HDInsight 企业安全性套餐所需的域服务相关操作Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package | 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c |
| Intelligent Systems 帐户参与者Intelligent Systems Account Contributor | 允许管理智能系统帐户,但不允许访问这些帐户。Lets you manage Intelligent Systems accounts, but not access to them. | 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e |
| 密钥保管库参与者Key Vault Contributor | 允许管理密钥保管库,但不允许对其进行访问。Lets you manage key vaults, but not access to them. | f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395 |
| 实验室创建者Lab Creator | 允许在 Azure 实验室帐户下创建、管理、删除托管实验室。Lets you create, manage, delete your managed labs under your Azure Lab Accounts. | b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead |
| Log Analytics 参与者Log Analytics Contributor | Log Analytics 参与者可以读取所有监视数据并编辑监视设置。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 编辑监视设置包括向 VM 添加 VM 扩展、读取存储帐户密钥以便能够从 Azure 存储配置日志收集、创建和配置自动化帐户、添加解决方案以及配置所有 Azure 资源上的 Azure 诊断。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. | 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293 |
| Log Analytics 读者Log Analytics Reader | Log Analytics 读者可以查看和搜索所有监视数据并查看监视设置,其中包括查看所有 Azure 资源上的 Azure 诊断的配置。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. | 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893 |
| 逻辑应用参与者Logic App Contributor | 允许管理逻辑应用,但不允许更改其访问权限。Lets you manage logic apps, but not change access to them. | 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e |
| 逻辑应用操作员Logic App Operator | 允许读取、启用和禁用逻辑应用,但不允许编辑或更新它们。Lets you read, enable, and disable logic apps, but not edit or update them. | 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe |
| 托管应用程序参与者角色Managed Application Contributor Role | 允许创建托管应用程序资源。Allows for creating managed application resources. | 641177b8-a67a-45b9-a033-47bc880bb21e641177b8-a67a-45b9-a033-47bc880bb21e |
| 托管应用程序操作员角色Managed Application Operator Role | 可让你在托管应用程序资源上读取和执行操作Lets you read and perform actions on Managed Application resources | c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae |
| 托管应用程序读者Managed Applications Reader | 允许读取托管应用中的资源并请求 JIT 访问。Lets you read resources in a managed app and request JIT access. | b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44 |
| 托管的标识参与者Managed Identity Contributor | 创建、读取、更新和删除用户分配的标识Create, Read, Update, and Delete User Assigned Identity | e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59 |
| 托管的标识操作员Managed Identity Operator | 读取和分配用户分配的标识Read and Assign User Assigned Identity | f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830 |
| 托管服务注册分配删除角色Managed Services Registration assignment Delete Role | 托管服务注册分配删除角色允许管理租户用户删除分配给其租户的注册分配。Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. | 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46 |
| 管理组参与者Management Group Contributor | 管理组参与者角色Management Group Contributor Role | 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c |
| 管理组读取者Management Group Reader | 管理组读取者角色Management Group Reader Role | ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d |
| 监视参与者Monitoring Contributor | 可以读取所有监视数据和编辑监视设置。Can read all monitoring data and edit monitoring settings. 另请参阅 Azure Monitor 的角色、权限和安全入门。See also Get started with roles, permissions, and security with Azure Monitor. | 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa |
| 监视指标发布者Monitoring Metrics Publisher | 允许针对 Azure 资源发布指标Enables publishing metrics against Azure resources | 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb |
| 监视读取者Monitoring Reader | 可以读取所有监视数据(指标、日志等)。Can read all monitoring data (metrics, logs, etc.). 另请参阅 Azure Monitor 的角色、权限和安全入门。See also Get started with roles, permissions, and security with Azure Monitor. | 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05 |
| 网络参与者Network Contributor | 允许管理网络,但不允许访问这些网络。Lets you manage networks, but not access to them. | 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7 |
| New elic APM 帐户参与者New Relic APM Account Contributor | 允许管理 New Relic 应用程序性能管理帐户和应用程序,但不允许访问它们。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. | 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237 |
| 所有者Owner | 允许管理所有功能,包括对资源的访问权限。Lets you manage everything, including access to resources. | 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635 |
| 策略见解数据编写者(预览)Policy Insights Data Writer (Preview) | 允许对资源策略进行读取访问,并允许对资源组件策略事件进行写入访问。Allows read access to resource policies and write access to resource component policy events. | 66bb4e9e-b016-4a94-8249-4c0511c2be8466bb4e9e-b016-4a94-8249-4c0511c2be84 |
| 读者Reader | 允许查看所有内容,但不能进行任何更改。Lets you view everything, but not make any changes. | acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7 |
| 读取器和数据访问Reader and Data Access | 允许查看所有内容,但不允许删除或创建存储帐户或包含的资源。Lets you view everything but will not let you delete or create a storage account or contained resource. 它还允许使用存储帐户密钥对存储帐户中包含的所有数据进行读/写访问。It will also allow read/write access to all data contained in a storage account via access to storage account keys. | c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349 |
| Redis 缓存参与者Redis Cache Contributor | 允许管理 Redis 缓存,但不允许访问这些缓存。Lets you manage Redis caches, but not access to them. | e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17 |
| 资源策略参与者Resource Policy Contributor | 有权创建/修改资源策略、创建支持票证和读取资源/层次结构的用户。Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. | 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608 |
| 计划程序作业集合参与者Scheduler Job Collections Contributor | 允许管理计划程序作业集合,但不允许访问这些集合。Lets you manage Scheduler job collections, but not access to them. | 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94 |
| 搜索服务参与者Search Service Contributor | 允许管理搜索服务,但不允许访问这些服务。Lets you manage Search services, but not access to them. | 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0 |
| 安全管理员Security Admin | 可以查看安全策略、查看安全状态、编辑安全策略、查看警报和建议、关闭警报和建议。Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations. | fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd |
| 安全评估参与者Security Assessment Contributor | 允许你将评估推送到安全中心Lets you push assessments to Security Center | 612c2aa1-cb24-443b-ac28-3ab7272de6f5612c2aa1-cb24-443b-ac28-3ab7272de6f5 |
| 安全管理器(旧版)Security Manager (Legacy) | 这是旧角色。This is a legacy role. 请改用安全管理员。Please use Security Admin instead. | e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10 |
| 安全读取者Security Reader | 可以查看建议和警报、查看安全策略、查看安全状态,但不能进行更改。Can view recommendations and alerts, view security policies, view security states, but cannot make changes. | 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4 |
| Site Recovery 参与者Site Recovery Contributor | 允许管理除保管库创建和角色分配外的 Site Recovery 服务Lets you manage Site Recovery service except vault creation and role assignment | 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567 |
| Site Recovery 操作员Site Recovery Operator | 允许进行故障转移和故障回复,但不允许执行其他 Site Recovery 管理操作Lets you failover and failback but not perform other Site Recovery management operations | 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca |
| Site Recovery 读取者Site Recovery Reader | 允许查看 Site Recovery 状态,但不允许执行其他管理操作Lets you view Site Recovery status but not perform other management operations | dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149 |
| 空间定位点帐户参与者Spatial Anchors Account Contributor | 允许管理帐户中的空间定位点,但不能删除它们Lets you manage spatial anchors in your account, but not delete them | 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827 |
| 空间定位点帐户所有者Spatial Anchors Account Owner | 允许管理帐户中的空间定位点,包括删除它们Lets you manage spatial anchors in your account, including deleting them | 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c |
| 空间定位点帐户读取者Spatial Anchors Account Reader | 允许在帐户中查找和读取空间定位点的属性Lets you locate and read properties of spatial anchors in your account | 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413 |
| SQL DB 参与者SQL DB Contributor | 允许管理 SQL 数据库,但不允许访问这些数据库。Lets you manage SQL databases, but not access to them. 此外,不允许管理其安全相关的策略或其父 SQL 服务器。Also, you can't manage their security-related policies or their parent SQL servers. | 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec |
| SQL 托管实例参与者SQL Managed Instance Contributor | 允许管理 SQL 托管实例和所需的网络配置,但不能向其他人授予访问权限。Lets you manage SQL Managed Instances and required network configuration, but can't give access to others. | 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d |
| SQL 安全管理器SQL Security Manager | 允许管理 SQL 服务器和数据库的安全相关策略,但不允许访问它们。Lets you manage the security-related policies of SQL servers and databases, but not access to them. | 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3 |
| SQL Server 参与者SQL Server Contributor | 允许管理 SQL 服务器和数据库,但不允许访问它们及其安全相关的策略。Lets you manage SQL servers and databases, but not access to them, and not their security -related policies. | 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 |
| 存储帐户参与者Storage Account Contributor | 允许管理存储帐户。Permits management of storage accounts. 提供对帐户密钥的访问权限,而帐户密钥可以用来通过共享密钥授权对数据进行访问。Provides access to the account key, which can be used to access data via Shared Key authorization. | 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab |
| 存储帐户密钥操作员服务角色Storage Account Key Operator Service Role | 允许列出和重新生成存储帐户访问密钥。Permits listing and regenerating storage account access keys. | 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12 |
| 存储 Blob 数据参与者Storage Blob Data Contributor | 读取、写入和删除 Azure 存储容器与 Blob。Read, write, and delete Azure Storage containers and blobs. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe |
| 存储 Blob 数据所有者Storage Blob Data Owner | 提供对 Azure 存储 blob 容器和数据的完全访问权限,包括分配 POSIX 访问控制。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b |
| 存储 Blob 数据读者Storage Blob Data Reader | 读取和列出 Azure 存储容器与 Blob。Read and list Azure Storage containers and blobs. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1 |
| 存储 Blob 代理Storage Blob Delegator | 获取用户委托密钥,该密钥随后可用来为通过 Azure AD 凭据签名的容器或 Blob 创建共享访问签名。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 有关详细信息,请参阅创建用户委托 SAS。For more information, see Create a user delegation SAS. | db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a |
| 存储文件数据 SMB 共享参与者Storage File Data SMB Share Contributor | 允许对 Azure 文件共享中的文件/目录进行读取、写入和删除访问。Allows for read, write, and delete access on files/directories in Azure file shares. 此角色在 Windows 文件服务器上没有内置的等效角色。This role has no built-in equivalent on Windows file servers. | 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb |
| 存储文件数据 SMB 共享的权限提升参与者Storage File Data SMB Share Elevated Contributor | 允许读取、写入、删除和修改 Azure 文件共享中文件/目录上的 ACL。Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. 此角色等效于 Windows 文件服务器上的文件共享更改 ACL。This role is equivalent to a file share ACL of change on Windows file servers. | a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7 |
| 存储文件数据 SMB 共享读取者Storage File Data SMB Share Reader | 允许对 Azure 文件共享中的文件/目录进行读取访问。Allows for read access on files/directories in Azure file shares. 此角色等效于 Windows 文件服务器上的文件共享读取 ACL。This role is equivalent to a file share ACL of read on Windows file servers. | aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314 |
| 存储队列数据参与者Storage Queue Data Contributor | 读取、写入和删除 Azure 存储队列与队列消息。Read, write, and delete Azure Storage queues and queue messages. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88 |
| 存储队列数据消息处理者Storage Queue Data Message Processor | 在 Azure 存储队列中扫视、检索和删除消息。Peek, retrieve, and delete a message from an Azure Storage queue. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed |
| 存储队列数据消息发送者Storage Queue Data Message Sender | 向 Azure 存储队列添加消息。Add messages to an Azure Storage queue. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a |
| 存储队列数据读取者Storage Queue Data Reader | 读取和列出 Azure 存储队列与队列消息。Read and list Azure Storage queues and queue messages. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925 |
| 支持请求参与者Support Request Contributor | 允许创建和管理支持请求Lets you create and manage Support requests | cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e |
| 流量管理器参与者Traffic Manager Contributor | 允许管理流量管理器配置文件,但不允许控制谁可以访问它们。Lets you manage Traffic Manager profiles, but does not let you control who has access to them. | a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7 |
| 用户访问管理员User Access Administrator | 允许管理用户对 Azure 资源的访问权限。Lets you manage user access to Azure resources. | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9 |
| 虚拟机管理员登录Virtual Machine Administrator Login | 在门户中查看虚拟机并以管理员身份登录View Virtual Machines in the portal and login as administrator | 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4 |
| 虚拟机参与者Virtual Machine Contributor | 允许管理虚拟机,但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c |
| 虚拟机用户登录Virtual Machine User Login | 在门户中查看虚拟机并以普通用户身份登录。View Virtual Machines in the portal and login as a regular user. | fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52 |
| Web 计划参与者Web Plan Contributor | 允许管理网站的 Web 计划,但不允许访问这些计划。Lets you manage the web plans for websites, but not access to them. | 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b |
| 网站参与者Website Contributor | 允许管理网站(而非 Web 计划),但不允许访问这些网站。Lets you manage websites (not web plans), but not access to them. | de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772 |
| 工作簿参与者Workbook Contributor | 可以保存共享的工作簿。Can save shared workbooks. | e8ddcd69-c73f-4f9f-9844-4100522f16ade8ddcd69-c73f-4f9f-9844-4100522f16ad |
| 工作簿读者Workbook Reader | 可以读取工作簿。Can read workbooks. | b279062a-9be3-42a0-92ae-8b3cf002ec4db279062a-9be3-42a0-92ae-8b3cf002ec4d |
常规General
参与者Contributor
允许管理所有功能(授予对资源的访问权限除外)。Lets you manage everything except granting access to resources.
| 操作Actions | |
| * | 创建和管理所有类型的资源Create and manage resources of all types |
| 不操作NotActions | |
| Microsoft.Authorization/*/DeleteMicrosoft.Authorization/*/Delete | 删除角色、策略分配、策略定义和策略集定义Delete roles, policy assignments, policy definitions and policy set definitions |
| Microsoft.Authorization/*/WriteMicrosoft.Authorization/*/Write | 创建角色、角色分配、策略分配、策略定义和策略集定义Create roles, role assignments, policy assignments, policy definitions and policy set definitions |
| Microsoft.Authorization/elevateAccess/ActionMicrosoft.Authorization/elevateAccess/Action | 向调用方授予租户范围的“用户访问管理员”访问权限Grants the caller User Access Administrator access at the tenant scope |
| Microsoft.Blueprint/blueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write | 创建或更新任何蓝图分配Create or update any blueprint assignments |
| Microsoft.Blueprint/blueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete | 删除任何蓝图分配Delete any blueprint assignments |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage everything except access to resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
"name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
"permissions": [
{
"actions": [
"*"
],
"notActions": [
"Microsoft.Authorization/*/Delete",
"Microsoft.Authorization/*/Write",
"Microsoft.Authorization/elevateAccess/Action",
"Microsoft.Blueprint/blueprintAssignments/write",
"Microsoft.Blueprint/blueprintAssignments/delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
所有者Owner
允许管理所有功能,包括对资源的访问权限。Lets you manage everything, including access to resources.
| 操作Actions | |
| * | 创建和管理所有类型的资源Create and manage resources of all types |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage everything, including access to resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"permissions": [
{
"actions": [
"*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
读取器Reader
允许查看所有内容,但不能进行任何更改。Lets you view everything, but not make any changes.
| 操作Actions | |
| */read*/read | 读取除密码外的所有类型的资源。Read resources of all types, except secrets. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you view everything, but not make any changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
"name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
"permissions": [
{
"actions": [
"*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
用户访问管理员User Access Administrator
允许管理用户对 Azure 资源的访问权限。Lets you manage user access to Azure resources.
| 操作Actions | |
| */read*/read | 读取除密码外的所有类型的资源。Read resources of all types, except secrets. |
| Microsoft.Authorization/*Microsoft.Authorization/* | 管理授权Manage authorization |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage user access to Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "User Access Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AI + 机器学习AI + machine learning
认知服务参与者Cognitive Services Contributor
允许创建、读取、更新、删除和管理认知服务的密钥。Lets you create, read, update, delete and manage keys of Cognitive Services.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.CognitiveServices/*Microsoft.CognitiveServices/* | |
| Microsoft.Features/features/readMicrosoft.Features/features/read | 获取订阅的功能。Gets the features of a subscription. |
| Microsoft.Features/providers/features/readMicrosoft.Features/providers/features/read | 获取给定资源提供程序中某个订阅的功能。Gets the feature of a subscription in a given resource provider. |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* | 创建、更新或读取 Analysis Server 的诊断设置Creates, updates, or reads the diagnostic setting for Analysis Server |
| Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read | 读取日志定义Read log definitions |
| Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read | 读取指标定义Read metric definitions |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | 添加指标Read metrics |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | 获取或列出部署操作。Gets or lists deployment operations. |
| Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。Get the subscription operation results. |
| Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | 获取订阅的列表。Gets the list of subscriptions. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.CognitiveServices/*",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cognitive Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务数据读者(预览)Cognitive Services Data Reader (Preview)
可以读取认知服务数据。Lets you read Cognitive Services data.
| 操作Actions | |
| 无none | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read Cognitive Services data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
"name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Data Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务用户Cognitive Services User
允许读取和列出认知服务的密钥。Lets you read and list keys of Cognitive Services.
| 操作Actions | |
| Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read | |
| Microsoft.CognitiveServices/accounts/listkeys/actionMicrosoft.CognitiveServices/accounts/listkeys/action | 列出密钥List Keys |
| Microsoft.Insights/alertRules/readMicrosoft.Insights/alertRules/read | 读取经典指标警报Read a classic metric alert |
| Microsoft.Insights/diagnosticSettings/readMicrosoft.Insights/diagnosticSettings/read | 读取资源诊断设置Read a resource diagnostic setting |
| Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read | 读取日志定义Read log definitions |
| Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read | 读取指标定义Read metric definitions |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | 添加指标Read metrics |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | 获取或列出部署操作。Gets or lists deployment operations. |
| Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。Get the subscription operation results. |
| Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | 获取订阅的列表。Gets the list of subscriptions. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.CognitiveServices/*Microsoft.CognitiveServices/* | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and list keys of Cognitive Services.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
"name": "a97b65f3-24c7-4388-baec-2e87135dc908",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/listkeys/action",
"Microsoft.Insights/alertRules/read",
"Microsoft.Insights/diagnosticSettings/read",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
分析Analytics
Azure 事件中心数据所有者Azure Event Hubs Data Owner
允许完全访问 Azure 事件中心资源。Allows for full access to Azure Event Hubs resources.
| 操作Actions | |
| Microsoft.EventHub/*Microsoft.EventHub/* | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.EventHub/*Microsoft.EventHub/* | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
"name": "f526a384-b230-433a-b45c-95f59c4a2dec",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 事件中心数据接收者Azure Event Hubs Data Receiver
允许接收对 Azure 事件中心资源的访问权限。Allows receive access to Azure Event Hubs resources.
| 操作Actions | |
| Microsoft.EventHub/*/eventhubs/consumergroups/readMicrosoft.EventHub/*/eventhubs/consumergroups/read | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.EventHub/*/receive/actionMicrosoft.EventHub/*/receive/action | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows receive access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/consumergroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 事件中心数据发送者Azure Event Hubs Data Sender
允许以发送方式访问 Azure 事件中心资源。Allows send access to Azure Event Hubs resources.
| 操作Actions | |
| Microsoft.EventHub/*/eventhubs/readMicrosoft.EventHub/*/eventhubs/read | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.EventHub/*/send/actionMicrosoft.EventHub/*/send/action | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows send access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
"name": "2b629674-e913-4c01-ae53-ef4638d8f975",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
数据工厂参与者Data Factory Contributor
创建和管理数据工厂,以及其中的子资源。Create and manage data factories, as well as child resources within them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.DataFactory/dataFactories/*Microsoft.DataFactory/dataFactories/* | 创建和管理数据工厂,以及它们包含的子资源。Create and manage data factories, and child resources within them. |
| Microsoft.DataFactory/factories/*Microsoft.DataFactory/factories/* | 创建和管理数据工厂,以及它们包含的子资源。Create and manage data factories, and child resources within them. |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.EventGrid/eventSubscriptions/writeMicrosoft.EventGrid/eventSubscriptions/write | 创建或更新事件订阅Create or update an eventSubscription |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Create and manage data factories, as well as child resources within them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
"name": "673868aa-7521-48a0-acc6-0f60742d39f5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DataFactory/dataFactories/*",
"Microsoft.DataFactory/factories/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.EventGrid/eventSubscriptions/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Factory Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
数据清除程序Data Purger
可清除分析数据Can purge analytics data
| 操作Actions | |
| Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read | |
| Microsoft.Insights/components/purge/actionMicrosoft.Insights/components/purge/action | 从 Application Insights 清除数据Purging data from Application Insights |
| Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read | 查看日志分析数据View log analytics data |
| Microsoft.OperationalInsights/workspaces/purge/actionMicrosoft.OperationalInsights/workspaces/purge/action | 从工作区中删除指定数据Delete specified data from workspace |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can purge analytics data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"permissions": [
{
"actions": [
"Microsoft.Insights/components/*/read",
"Microsoft.Insights/components/purge/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/purge/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Purger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight 群集操作员HDInsight Cluster Operator
允许你读取和修改 HDInsight 群集配置。Lets you read and modify HDInsight cluster configurations.
| 操作Actions | |
| Microsoft.HDInsight/*/readMicrosoft.HDInsight/*/read | |
| Microsoft.HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action | 获取 HDInsight 群集的网关设置Get gateway settings for HDInsight Cluster |
| Microsoft.HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action | 更新 HDInsight 群集的网关设置Update gateway settings for HDInsight Cluster |
| Microsoft.HDInsight/clusters/configurations/*Microsoft.HDInsight/clusters/configurations/* | |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | 获取或列出部署操作。Gets or lists deployment operations. |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and modify HDInsight cluster configurations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
"name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
"permissions": [
{
"actions": [
"Microsoft.HDInsight/*/read",
"Microsoft.HDInsight/clusters/getGatewaySettings/action",
"Microsoft.HDInsight/clusters/updateGatewaySettings/action",
"Microsoft.HDInsight/clusters/configurations/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Cluster Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight 域服务参与者HDInsight Domain Services Contributor
可以读取、创建、修改和删除 HDInsight 企业安全性套餐所需的域服务相关操作Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package
| 操作Actions | |
| Microsoft.AAD/*/readMicrosoft.AAD/*/read | |
| Microsoft.AAD/domainServices/*/readMicrosoft.AAD/domainServices/*/read | |
| Microsoft.AAD/domainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/* | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
"name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
"permissions": [
{
"actions": [
"Microsoft.AAD/*/read",
"Microsoft.AAD/domainServices/*/read",
"Microsoft.AAD/domainServices/oucontainer/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Domain Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Log Analytics 参与者Log Analytics Contributor
Log Analytics 参与者可以读取所有监视数据并编辑监视设置。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 编辑监视设置包括向 VM 添加 VM 扩展、读取存储帐户密钥以便能够从 Azure 存储配置日志收集、创建和配置自动化帐户、添加解决方案以及配置所有 Azure 资源上的 Azure 诊断。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.
| 操作Actions | |
| */read*/read | 读取除密码外的所有类型的资源。Read resources of all types, except secrets. |
| Microsoft.Automation/automationAccounts/*Microsoft.Automation/automationAccounts/* | |
| Microsoft.ClassicCompute/virtualMachines/extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/* | |
| Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action | 列出存储帐户的访问密钥。Lists the access keys for the storage accounts. |
| Microsoft.Compute/virtualMachines/extensions/*Microsoft.Compute/virtualMachines/extensions/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* | 创建、更新或读取 Analysis Server 的诊断设置Creates, updates, or reads the diagnostic setting for Analysis Server |
| Microsoft.OperationalInsights/*Microsoft.OperationalInsights/* | |
| Microsoft.OperationsManagement/*Microsoft.OperationsManagement/* | |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action | 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Automation/automationAccounts/*",
"Microsoft.ClassicCompute/virtualMachines/extensions/*",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.Compute/virtualMachines/extensions/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/*",
"Microsoft.OperationsManagement/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Log Analytics 读者Log Analytics Reader
Log Analytics 读者可以查看和搜索所有监视数据并查看监视设置,其中包括查看所有 Azure 资源上的 Azure 诊断的配置。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.
| 操作Actions | |
| */read*/read | 读取除密码外的所有类型的资源。Read resources of all types, except secrets. |
| Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action | 使用新引擎进行搜索。Search using new engine. |
| Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action | 执行搜索查询Executes a search query |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| Microsoft.OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read | 检索工作区的共享密钥。Retrieves the shared keys for the workspace. 这些密钥用于将 Microsoft Operational Insights 代理连接到工作区。These keys are used to connect Microsoft Operational Insights agents to the workspace. |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
"name": "73c42c96-874c-492b-b04d-ab87d138a893",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.OperationalInsights/workspaces/sharedKeys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
区块链Blockchain
区块链成员节点访问(预览)Blockchain Member Node Access (Preview)
允许访问区块链成员节点Allows for access to Blockchain Member nodes
| 操作Actions | |
| Microsoft.Blockchain/blockchainMembers/transactionNodes/readMicrosoft.Blockchain/blockchainMembers/transactionNodes/read | 获取或列出现有的区块链成员事务节点。Gets or Lists existing Blockchain Member Transaction Node(s). |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/actionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action | 连接到区块链成员事务节点。Connects to a Blockchain Member Transaction Node. |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for access to Blockchain Member nodes",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24",
"name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24",
"permissions": [
{
"actions": [
"Microsoft.Blockchain/blockchainMembers/transactionNodes/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action"
],
"notDataActions": []
}
],
"roleName": "Blockchain Member Node Access (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
计算Compute
经典虚拟机参与者Classic Virtual Machine Contributor
允许管理经典虚拟机,但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.ClassicCompute/domainNames/*Microsoft.ClassicCompute/domainNames/* | 创建和管理经典计算域名Create and manage classic compute domain names |
| Microsoft.ClassicCompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* | 创建和管理虚拟机Create and manage virtual machines |
| Microsoft.ClassicNetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action | |
| Microsoft.ClassicNetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action | 链接保留 IPLink a reserved Ip |
| Microsoft.ClassicNetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read | 获取保留 IPGets the reserved Ips |
| Microsoft.ClassicNetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action | 加入虚拟网络。Joins the virtual network. |
| Microsoft.ClassicNetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read | 获取虚拟网络。Get the virtual network. |
| Microsoft.ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read | 返回存储帐户磁盘。Returns the storage account disk. |
| Microsoft.ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read | 返回存储帐户映像。Returns the storage account image. (已弃用。(Deprecated. 请使用“Microsoft.ClassicStorage/storageAccounts/vmImages”)Use 'Microsoft.ClassicStorage/storageAccounts/vmImages') |
| Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action | 列出存储帐户的访问密钥。Lists the access keys for the storage accounts. |
| Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read | 返回包含给定帐户的存储帐户。Return the storage account with the given account. |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicCompute/domainNames/*",
"Microsoft.ClassicCompute/virtualMachines/*",
"Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
"Microsoft.ClassicNetwork/reservedIps/link/action",
"Microsoft.ClassicNetwork/reservedIps/read",
"Microsoft.ClassicNetwork/virtualNetworks/join/action",
"Microsoft.ClassicNetwork/virtualNetworks/read",
"Microsoft.ClassicStorage/storageAccounts/disks/read",
"Microsoft.ClassicStorage/storageAccounts/images/read",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.ClassicStorage/storageAccounts/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虚拟机管理员登录Virtual Machine Administrator Login
在门户中查看虚拟机并以管理员身份登录View Virtual Machines in the portal and login as administrator
| 操作Actions | |
| Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read | 获取公共 IP 地址定义。Gets a public ip address definition. |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 获取虚拟网络定义Get the virtual network definition |
| Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read | 获取负载均衡器定义Gets a load balancer definition |
| Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read | 获取网络接口定义。Gets a network interface definition. |
| Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action | 以普通用户身份登录虚拟机Log in to a virtual machine as a regular user |
| Microsoft.Compute/virtualMachines/loginAsAdmin/actionMicrosoft.Compute/virtualMachines/loginAsAdmin/action | 以 Windows 管理员身份或 Linux 根用户权限登录虚拟机Log in to a virtual machine with Windows administrator or Linux root user privileges |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as administrator",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
"name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action",
"Microsoft.Compute/virtualMachines/loginAsAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine Administrator Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虚拟机参与者Virtual Machine Contributor
允许管理虚拟机,但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* | 创建和管理计算可用性集Create and manage compute availability sets |
| Microsoft.Compute/locations/*Microsoft.Compute/locations/* | 创建和管理计算位置Create and manage compute locations |
| Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* | 创建和管理虚拟机Create and manage virtual machines |
| Microsoft.Compute/virtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* | 创建和管理虚拟机规模集Create and manage virtual machine scale sets |
| Microsoft.Compute/disks/writeMicrosoft.Compute/disks/write | 创建新的磁盘,或更新现有的磁盘Creates a new Disk or updates an existing one |
| Microsoft.Compute/disks/readMicrosoft.Compute/disks/read | 获取磁盘的属性Get the properties of a Disk |
| Microsoft.Compute/disks/deleteMicrosoft.Compute/disks/delete | 删除磁盘Deletes the Disk |
| Microsoft.DevTestLab/schedules/*Microsoft.DevTestLab/schedules/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action | 加入应用程序网关后端地址池。Joins an application gateway backend address pool. 不可发出警报。Not Alertable. |
| Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action | 加入负载均衡器后端地址池。Joins a load balancer backend address pool. 不可发出警报。Not Alertable. |
| Microsoft.Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action | 加入负载均衡器入站 NAT 池。Joins a load balancer inbound NAT pool. 不可发出警报。Not alertable. |
| Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action | 加入负载均衡器入站 NAT 规则。Joins a load balancer inbound nat rule. 不可发出警报。Not Alertable. |
| Microsoft.Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action | 允许使用负载均衡器的探测。Allows using probes of a load balancer. 例如,使用此权限,VM 规模集的 healthProbe 属性可以引用探测。For example, with this permission healthProbe property of VM scale set can reference the probe. 不可发出警报。Not alertable. |
| Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read | 获取负载均衡器定义Gets a load balancer definition |
| Microsoft.Network/locations/*Microsoft.Network/locations/* | 创建和管理网络位置Create and manage network locations |
| Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* | 创建和管理网络接口Create and manage network interfaces |
| Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action | 加入网络安全组。Joins a network security group. 不可发出警报。Not Alertable. |
| Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read | 获取网络安全组定义Gets a network security group definition |
| Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action | 加入公共 IP 地址。Joins a public ip address. 不可发出警报。Not Alertable. |
| Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read | 获取公共 IP 地址定义。Gets a public ip address definition. |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 获取虚拟网络定义Get the virtual network definition |
| Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action | 加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable. |
| Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write | 创建备份保护意向Create a backup Protection Intent |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | 返回受保护项的对象详细信息Returns object details of the Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write | 创建备份受保护项Create a backup Protected Item |
| Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read | 返回所有保护策略Returns all Protection Policies |
| Microsoft.RecoveryServices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write | 创建保护策略Creates Protection Policy |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write | “创建保管库”操作创建“vault”类型的 Azure 资源Create Vault operation creates an Azure resource of type 'vault' |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.SqlVirtualMachine/*Microsoft.SqlVirtualMachine/* | |
| Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action | 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/locations/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/virtualMachineScaleSets/*",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/delete",
"Microsoft.DevTestLab/schedules/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/applicationGateways/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/loadBalancers/probes/join/action",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/locations/*",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/write",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SqlVirtualMachine/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虚拟机用户登录Virtual Machine User Login
在门户中查看虚拟机并以普通用户身份登录。View Virtual Machines in the portal and login as a regular user.
| 操作Actions | |
| Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read | 获取公共 IP 地址定义。Gets a public ip address definition. |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 获取虚拟网络定义Get the virtual network definition |
| Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read | 获取负载均衡器定义Gets a load balancer definition |
| Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read | 获取网络接口定义。Gets a network interface definition. |
| Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action | 以普通用户身份登录虚拟机Log in to a virtual machine as a regular user |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as a regular user.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
"name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine User Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
容器Containers
AcrDeleteAcrDelete
acr deleteacr delete
| 操作Actions | |
| Microsoft.ContainerRegistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete | 删除容器注册表中的项目。Delete artifact in a container registry. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "acr delete",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
"name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/artifacts/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrDelete",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrImageSignerAcrImageSigner
ACR 映像签名程序acr image signer
| 操作Actions | |
| Microsoft.ContainerRegistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write | 推送/拉取容器注册表的内容信任元数据。Push/Pull content trust metadata for a container registry. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "acr image signer",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
"name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/sign/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrImageSigner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrPullAcrPull
acr 拉取acr pull
| 操作Actions | |
| Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read | 从容器注册表中拉取或获取映像。Pull or Get images from a container registry. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "acr pull",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
"name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/pull/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrPull",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrPushAcrPush
acr 推送acr push
| 操作Actions | |
| Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read | 从容器注册表中拉取或获取映像。Pull or Get images from a container registry. |
| Microsoft.ContainerRegistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write | 将映像推送或写入容器注册表。Push or Write images to a container registry. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "acr push",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
"name": "8311e382-0749-4cb8-b61a-304f252e45ec",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/pull/read",
"Microsoft.ContainerRegistry/registries/push/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrPush",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrQuarantineReaderAcrQuarantineReader
ACR 隔离数据读取器acr quarantine data reader
| 操作Actions | |
| Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read | 从容器注册表中拉取或获取已隔离的映像Pull or Get quarantined images from container registry |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "acr quarantine data reader",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
"name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/quarantine/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrQuarantineReader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrQuarantineWriterAcrQuarantineWriter
ACR 隔离数据编写器acr quarantine data writer
| 操作Actions | |
| Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read | 从容器注册表中拉取或获取已隔离的映像Pull or Get quarantined images from container registry |
| Microsoft.ContainerRegistry/registries/quarantine/writeMicrosoft.ContainerRegistry/registries/quarantine/write | 写入/修改已隔离映像的隔离状态Write/Modify quarantine state of quarantined images |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "acr quarantine data writer",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
"name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/quarantine/read",
"Microsoft.ContainerRegistry/registries/quarantine/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrQuarantineWriter",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes 服务群集管理员角色Azure Kubernetes Service Cluster Admin Role
列出群集管理员凭据操作。List cluster admin credential action.
| 操作Actions | |
| Microsoft.ContainerService/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action | 列出托管群集的 clusterAdmin 凭据List the clusterAdmin credential of a managed cluster |
| Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/actionMicrosoft.ContainerService/managedClusters/accessProfiles/listCredential/action | 使用列表凭据按角色名称获取托管的群集访问配置文件Get a managed cluster access profile by role name using list credential |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "List cluster admin credential action.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
"name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
"Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service Cluster Admin Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes 服务群集用户角色Azure Kubernetes Service Cluster User Role
列出群集用户凭据操作。List cluster user credential action.
| 操作Actions | |
| Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action | 列出托管群集的 clusterUser 凭据List the clusterUser credential of a managed cluster |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "List cluster user credential action.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
"name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service Cluster User Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
数据库Databases
Cosmos DB 帐户读者角色Cosmos DB Account Reader Role
可以读取 Azure Cosmos DB 帐户数据。Can read Azure Cosmos DB account data. 请参阅 Cosmos DB 帐户参与者,了解如何管理 Azure Cosmos DB 帐户。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.DocumentDB/*/readMicrosoft.DocumentDB/*/read | 读取任何集合Read any collection |
| Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action | 读取数据库帐户只读密钥。Reads the database account readonly keys. |
| Microsoft.Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read | 读取指标定义Read metric definitions |
| Microsoft.Insights/Metrics/readMicrosoft.Insights/Metrics/read | 添加指标Read metrics |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can read Azure Cosmos DB Accounts data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
"name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DocumentDB/*/read",
"Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
"Microsoft.Insights/MetricDefinitions/read",
"Microsoft.Insights/Metrics/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cosmos DB Account Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Cosmos DB 操作员Cosmos DB Operator
可以管理 Azure Cosmos DB 帐户,但不能访问其中的数据。Lets you manage Azure Cosmos DB accounts, but not access data in them. 阻止访问帐户密钥和连接字符串。Prevents access to account keys and connection strings.
| 操作Actions | |
| Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | 将存储帐户或 SQL 数据库等资源加入到子网。Joins resource such as storage account or SQL database to a subnet. 不可发出警报。Not alertable. |
| 不操作NotActions | |
| Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*Microsoft.DocumentDB/databaseAccounts/readonlyKeys/* | |
| Microsoft.DocumentDB/databaseAccounts/regenerateKey/*Microsoft.DocumentDB/databaseAccounts/regenerateKey/* | |
| Microsoft.DocumentDB/databaseAccounts/listKeys/*Microsoft.DocumentDB/databaseAccounts/listKeys/* | |
| Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/* | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
"name": "230815da-be43-4aae-9cb4-875f7bd000aa",
"permissions": [
{
"actions": [
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
],
"notActions": [
"Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
"Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
"Microsoft.DocumentDB/databaseAccounts/listKeys/*",
"Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cosmos DB Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CosmosBackupOperatorCosmosBackupOperator
可以为帐户提交 Cosmos DB 数据库或容器的还原请求Can submit restore request for a Cosmos DB database or a container for an account
| 操作Actions | |
| Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action | 提交配置备份的请求Submit a request to configure backup |
| Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action | 提交还原请求Submit a restore request |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can submit restore request for a Cosmos DB database or a container for an account",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
"name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
"permissions": [
{
"actions": [
"Microsoft.DocumentDB/databaseAccounts/backup/action",
"Microsoft.DocumentDB/databaseAccounts/restore/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CosmosBackupOperator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DocumentDB 帐户参与者DocumentDB Account Contributor
可管理 Azure Cosmos DB 帐户。Can manage Azure Cosmos DB accounts. Azure Cosmos DB 以前称为 DocumentDB。Azure Cosmos DB is formerly known as DocumentDB.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* | 创建并管理 Azure Cosmos DB 帐户Create and manage Azure Cosmos DB accounts |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | 将存储帐户或 SQL 数据库等资源加入到子网。Joins resource such as storage account or SQL database to a subnet. 不可发出警报。Not alertable. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage DocumentDB accounts, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
"name": "5bd9cd88-fe45-4216-938b-f97437e15450",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DocumentDB Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Redis 缓存参与者Redis Cache Contributor
允许管理 Redis 缓存,但不允许访问这些缓存。Lets you manage Redis caches, but not access to them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Cache/redis/*Microsoft.Cache/redis/* | 创建和管理 Redis 缓存Create and manage Redis caches |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Redis caches, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
"name": "e0f68234-74aa-48ed-b826-c38b57376e17",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cache/redis/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Redis Cache Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
SQL DB 参与者SQL DB Contributor
允许管理 SQL 数据库,但不允许访问这些数据库。Lets you manage SQL databases, but not access to them. 此外,不允许管理其安全相关的策略或其父 SQL 服务器。Also, you can't manage their security-related policies or their parent SQL servers.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read | |
| Microsoft.Sql/servers/databases/*Microsoft.Sql/servers/databases/* | 创建和管理 SQL 数据库Create and manage SQL databases |
| Microsoft.Sql/servers/readMicrosoft.Sql/servers/read | 返回服务器列表,或获取指定服务器的属性。Return the list of servers or gets the properties for the specified server. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | 添加指标Read metrics |
| Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read | 读取指标定义Read metric definitions |
| 不操作NotActions | |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* | 编辑审核策略Edit audit policies |
| Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* | 编辑审核设置Edit audit settings |
| Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read | 检索数据库 Blob 审核记录Retrieve the database blob audit records |
| Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* | 编辑连接策略Edit connection policies |
| Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* | 编辑数据屏蔽策略Edit data masking policies |
| Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/* | |
| Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* | 编辑安全警报策略Edit security alert policies |
| Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* | 编辑安全度量值Edit security metrics |
| Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/* | |
| Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/* | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
"name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/servers/databases/*",
"Microsoft.Sql/servers/read",
"Microsoft.Support/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/auditingPolicies/*",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/connectionPolicies/*",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL DB Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
SQL 托管实例参与者SQL Managed Instance Contributor
允许管理 SQL 托管实例和所需的网络配置,但不能向其他人授予访问权限。Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.
| 操作Actions | |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Network/networkSecurityGroups/*Microsoft.Network/networkSecurityGroups/* | |
| Microsoft.Network/routeTables/*Microsoft.Network/routeTables/* | |
| Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read | |
| Microsoft.Sql/managedInstances/*Microsoft.Sql/managedInstances/* | |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.Network/virtualNetworks/subnets/*Microsoft.Network/virtualNetworks/subnets/* | |
| Microsoft.Network/virtualNetworks/*Microsoft.Network/virtualNetworks/* | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | 添加指标Read metrics |
| Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read | 读取指标定义Read metric definitions |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
"name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
"permissions": [
{
"actions": [
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Network/networkSecurityGroups/*",
"Microsoft.Network/routeTables/*",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/managedInstances/*",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/*",
"Microsoft.Network/virtualNetworks/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Managed Instance Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
SQL 安全管理器SQL Security Manager
允许管理 SQL 服务器和数据库的安全相关策略,但不允许访问它们。Lets you manage the security-related policies of SQL servers and databases, but not access to them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | 将存储帐户或 SQL 数据库等资源加入到子网。Joins resource such as storage account or SQL database to a subnet. 不可发出警报。Not alertable. |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*Microsoft.Sql/managedInstances/databases/transparentDataEncryption/* | |
| Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* | 创建和管理 SQL 服务器审核策略Create and manage SQL server auditing policies |
| Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* | 创建和管理 SQL 服务器审核设置Create and manage SQL server auditing setting |
| Microsoft.Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read | 检索在给定服务器上配置的扩展服务器 blob 审核策略的详细信息Retrieve details of the extended server blob auditing policy configured on a given server |
| Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* | 创建和管理 SQL 服务器数据库审核策略Create and manage SQL server database auditing policies |
| Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* | 创建和管理 SQL 服务器数据库审核设置Create and manage SQL server database auditing settings |
| Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read | 检索数据库 Blob 审核记录Retrieve the database blob audit records |
| Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* | 创建和管理 SQL 服务器数据库连接策略Create and manage SQL server database connection policies |
| Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* | 创建和管理 SQL 服务器数据库数据屏蔽策略Create and manage SQL server database data masking policies |
| Microsoft.Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read | 检索在给定的数据库上配置的扩展 blob 审核策略的详细信息Retrieve details of the extended blob auditing policy configured on a given database |
| Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/read | 返回数据库的列表,或获取指定数据库的属性。Return the list of databases or gets the properties for the specified database. |
| Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read | 获取数据库架构。Get a database schema. |
| Microsoft.Sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read | 获取数据库列。Get a database column. |
| Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read | 获取数据库表。Get a database table. |
| Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* | 创建和管理 SQL 服务器数据库安全警报策略Create and manage SQL server database security alert policies |
| Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* | 创建和管理 SQL 服务器数据库安全度量值Create and manage SQL server database security metrics |
| Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/transparentDataEncryption/*Microsoft.Sql/servers/databases/transparentDataEncryption/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/* | |
| Microsoft.Sql/servers/firewallRules/*Microsoft.Sql/servers/firewallRules/* | |
| Microsoft.Sql/servers/readMicrosoft.Sql/servers/read | 返回服务器列表,或获取指定服务器的属性。Return the list of servers or gets the properties for the specified server. |
| Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* | 创建和管理 SQL 服务器安全警报策略Create and manage SQL server security alert policies |
| Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/* | |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
"name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/auditingPolicies/*",
"Microsoft.Sql/servers/auditingSettings/*",
"Microsoft.Sql/servers/extendedAuditingSettings/read",
"Microsoft.Sql/servers/databases/auditingPolicies/*",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/connectionPolicies/*",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
"Microsoft.Sql/servers/databases/read",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/read",
"Microsoft.Sql/servers/databases/schemas/tables/columns/read",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/read",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/transparentDataEncryption/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/firewallRules/*",
"Microsoft.Sql/servers/read",
"Microsoft.Sql/servers/securityAlertPolicies/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Security Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
SQL Server 参与者SQL Server Contributor
允许管理 SQL 服务器和数据库,但不允许访问它们及其安全相关的策略。Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read | |
| Microsoft.Sql/servers/*Microsoft.Sql/servers/* | 创建和管理 SQL 服务器Create and manage SQL servers |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | 添加指标Read metrics |
| Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read | 读取指标定义Read metric definitions |
| 不操作NotActions | |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* | 编辑 SQL 服务器审核策略Edit SQL server auditing policies |
| Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* | 编辑 SQL 服务器审核设置Edit SQL server auditing settings |
| Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* | 编辑 SQL 服务器数据库审核策略Edit SQL server database auditing policies |
| Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* | 编辑 SQL 服务器数据库审核设置Edit SQL server database auditing settings |
| Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read | 检索数据库 Blob 审核记录Retrieve the database blob audit records |
| Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* | 编辑 SQL 服务器数据库连接策略Edit SQL server database connection policies |
| Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* | 编辑 SQL 服务器数据库数据屏蔽策略Edit SQL server database data masking policies |
| Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/* | |
| Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* | 编辑 SQL 服务器数据库安全警报策略Edit SQL server database security alert policies |
| Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* | 编辑 SQL 服务器数据库安全度量值Edit SQL server database security metrics |
| Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/* | |
| Microsoft.Sql/servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/* | |
| Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* | 编辑 SQL 服务器安全警报策略Edit SQL server security alert policies |
| Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/* | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
"name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/servers/*",
"Microsoft.Support/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/auditingPolicies/*",
"Microsoft.Sql/servers/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditingPolicies/*",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/connectionPolicies/*",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/extendedAuditingSettings/*",
"Microsoft.Sql/servers/securityAlertPolicies/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Server Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
开发人员工具Developer tools
应用程序配置数据所有者App Configuration Data Owner
允许对应用程序配置数据进行完全访问。Allows full access to App Configuration data.
| 操作Actions | |
| 无none | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.AppConfiguration/configurationStores/*/readMicrosoft.AppConfiguration/configurationStores/*/read | |
| Microsoft.AppConfiguration/configurationStores/*/writeMicrosoft.AppConfiguration/configurationStores/*/write | |
| Microsoft.AppConfiguration/configurationStores/*/deleteMicrosoft.AppConfiguration/configurationStores/*/delete | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows full access to App Configuration data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
"name": "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppConfiguration/configurationStores/*/read",
"Microsoft.AppConfiguration/configurationStores/*/write",
"Microsoft.AppConfiguration/configurationStores/*/delete"
],
"notDataActions": []
}
],
"roleName": "App Configuration Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
应用程序配置数据读取者App Configuration Data Reader
允许对应用程序配置数据进行读取访问。Allows read access to App Configuration data.
| 操作Actions | |
| 无none | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.AppConfiguration/configurationStores/*/readMicrosoft.AppConfiguration/configurationStores/*/read | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to App Configuration data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071",
"name": "516239f1-63e1-4d78-a4de-a74fb236a071",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppConfiguration/configurationStores/*/read"
],
"notDataActions": []
}
],
"roleName": "App Configuration Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
实验室创建者Lab Creator
允许在 Azure 实验室帐户下创建、管理、删除托管实验室。Lets you create, manage, delete your managed labs under your Azure Lab Accounts.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.LabServices/labAccounts/*/readMicrosoft.LabServices/labAccounts/*/read | |
| Microsoft.LabServices/labAccounts/createLab/actionMicrosoft.LabServices/labAccounts/createLab/action | 在实验室帐户中创建实验室。Create a lab in a lab account. |
| Microsoft.LabServices/labAccounts/sizes/getRegionalAvailability/actionMicrosoft.LabServices/labAccounts/sizes/getRegionalAvailability/action | |
| Microsoft.LabServices/labAccounts/getRegionalAvailability/actionMicrosoft.LabServices/labAccounts/getRegionalAvailability/action | 获取实验室帐户下配置的每个大小类别的区域可用性信息Get regional availability information for each size category configured under a lab account |
| Microsoft.LabServices/labAccounts/getPricingAndAvailability/actionMicrosoft.LabServices/labAccounts/getPricingAndAvailability/action | 获取实验室帐户的大小、地理位置和操作系统组合的定价与可用性。Get the pricing and availability of combinations of sizes, geographies, and operating systems for the lab account. |
| Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/actionMicrosoft.LabServices/labAccounts/getRestrictionsAndUsage/action | 获取此订阅的核心限制和用量Get core restrictions and usage for this subscription |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you create, manage, delete your managed labs under your Azure Lab Accounts.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
"name": "b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.LabServices/labAccounts/*/read",
"Microsoft.LabServices/labAccounts/createLab/action",
"Microsoft.LabServices/labAccounts/sizes/getRegionalAvailability/action",
"Microsoft.LabServices/labAccounts/getRegionalAvailability/action",
"Microsoft.LabServices/labAccounts/getPricingAndAvailability/action",
"Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Lab Creator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DevOpsDevOps
DevTest 实验室用户DevTest Labs User
允许连接、启动、重启和关闭 Azure 开发测试实验室中的虚拟机。Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Compute/availabilitySets/readMicrosoft.Compute/availabilitySets/read | 获取可用性集的属性Get the properties of an availability set |
| Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read | 读取虚拟机属性(VM 大小、运行时状态、VM 扩展等)Read the properties of a virtual machine (VM sizes, runtime status, VM extensions, etc.) |
| Microsoft.Compute/virtualMachines/deallocate/actionMicrosoft.Compute/virtualMachines/deallocate/action | 关闭虚拟机并释放计算资源Powers off the virtual machine and releases the compute resources |
| Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read | 获取虚拟机的属性Get the properties of a virtual machine |
| Microsoft.Compute/virtualMachines/restart/actionMicrosoft.Compute/virtualMachines/restart/action | 重新启动虚拟机Restarts the virtual machine |
| Microsoft.Compute/virtualMachines/start/actionMicrosoft.Compute/virtualMachines/start/action | 启动虚拟机Starts the virtual machine |
| Microsoft.DevTestLab/*/readMicrosoft.DevTestLab/*/read | 读取实验室属性Read the properties of a lab |
| Microsoft.DevTestLab/labs/claimAnyVm/actionMicrosoft.DevTestLab/labs/claimAnyVm/action | 在实验室中声明随机可声明的虚拟机。Claim a random claimable virtual machine in the lab. |
| Microsoft.DevTestLab/labs/createEnvironment/actionMicrosoft.DevTestLab/labs/createEnvironment/action | 在实验室中创建虚拟机。Create virtual machines in a lab. |
| Microsoft.DevTestLab/labs/ensureCurrentUserProfile/actionMicrosoft.DevTestLab/labs/ensureCurrentUserProfile/action | 确保当前用户在实验室中存在有效的配置文件。Ensure the current user has a valid profile in the lab. |
| Microsoft.DevTestLab/labs/formulas/deleteMicrosoft.DevTestLab/labs/formulas/delete | 删除公式。Delete formulas. |
| Microsoft.DevTestLab/labs/formulas/readMicrosoft.DevTestLab/labs/formulas/read | 读取公式。Read formulas. |
| Microsoft.DevTestLab/labs/formulas/writeMicrosoft.DevTestLab/labs/formulas/write | 添加或修改公式。Add or modify formulas. |
| Microsoft.DevTestLab/labs/policySets/evaluatePolicies/actionMicrosoft.DevTestLab/labs/policySets/evaluatePolicies/action | 评估实验室策略。Evaluates lab policy. |
| Microsoft.DevTestLab/labs/virtualMachines/claim/actionMicrosoft.DevTestLab/labs/virtualMachines/claim/action | 获得现有虚拟机的所有权Take ownership of an existing virtual machine |
| Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/actionMicrosoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action | 列出适用的启动/停止计划(如果有)。Lists the applicable start/stop schedules, if any. |
| Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/actionMicrosoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action | 获取一个字符串,该字符串表示虚拟机的 RDP 文件内容Gets a string that represents the contents of the RDP file for the virtual machine |
| Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action | 加入负载均衡器后端地址池。Joins a load balancer backend address pool. 不可发出警报。Not Alertable. |
| Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action | 加入负载均衡器入站 NAT 规则。Joins a load balancer inbound nat rule. 不可发出警报。Not Alertable. |
| Microsoft.Network/networkInterfaces/*/readMicrosoft.Network/networkInterfaces/*/read | 读取网络接口(例如,此网络接口所属的所有负载均衡器)的属性Read the properties of a network interface (for example, all the load balancers that the network interface is a part of) |
| Microsoft.Network/networkInterfaces/join/actionMicrosoft.Network/networkInterfaces/join/action | 将虚拟机加入到网络接口。Joins a Virtual Machine to a network interface. 不可发出警报。Not Alertable. |
| Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read | 获取网络接口定义。Gets a network interface definition. |
| Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write | 创建网络接口,或更新现有的网络接口。Creates a network interface or updates an existing network interface. |
| Microsoft.Network/publicIPAddresses/*/readMicrosoft.Network/publicIPAddresses/*/read | 读取公共 IP 地址的属性Read the properties of a public IP address |
| Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action | 加入公共 IP 地址。Joins a public ip address. 不可发出警报。Not Alertable. |
| Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read | 获取公共 IP 地址定义。Gets a public ip address definition. |
| Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action | 加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable. |
| Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | 获取或列出部署操作。Gets or lists deployment operations. |
| Microsoft.Resources/deployments/readMicrosoft.Resources/deployments/read | 获取或列出部署。Gets or lists deployments. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action | 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account. |
| 不操作NotActions | |
| Microsoft.Compute/virtualMachines/vmSizes/readMicrosoft.Compute/virtualMachines/vmSizes/read | 列出可将虚拟机更新到的大小Lists available sizes the virtual machine can be updated to |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64",
"name": "76283e04-6283-4c54-8f91-bcf1374a3c64",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.Compute/virtualMachines/deallocate/action",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/restart/action",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.DevTestLab/*/read",
"Microsoft.DevTestLab/labs/claimAnyVm/action",
"Microsoft.DevTestLab/labs/createEnvironment/action",
"Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action",
"Microsoft.DevTestLab/labs/formulas/delete",
"Microsoft.DevTestLab/labs/formulas/read",
"Microsoft.DevTestLab/labs/formulas/write",
"Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action",
"Microsoft.DevTestLab/labs/virtualMachines/claim/action",
"Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action",
"Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/networkInterfaces/*/read",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/publicIPAddresses/*/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/listKeys/action"
],
"notActions": [
"Microsoft.Compute/virtualMachines/vmSizes/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DevTest Labs User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
混合Hybrid
Azure Connected Machine 加入Azure Connected Machine Onboarding
可以加入 Azure Connected Machine。Can onboard Azure Connected Machines.
| 操作Actions | |
| Microsoft.HybridCompute/machines/readMicrosoft.HybridCompute/machines/read | 读取任何 Azure Arc 计算机Read any Azure Arc machines |
| Microsoft.HybridCompute/machines/writeMicrosoft.HybridCompute/machines/write | 写入 Azure Arc 计算机Writes an Azure Arc machines |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/readMicrosoft.GuestConfiguration/guestConfigurationAssignments/read | 获取来宾配置分配。Get guest configuration assignment. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can onboard Azure Connected Machines.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"name": "b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Onboarding",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Connected Machine 资源管理员Azure Connected Machine Resource Administrator
可以读取、写入、删除和重新加入 Azure Connected Machine。Can read, write, delete and re-onboard Azure Connected Machines.
| 操作Actions | |
| Microsoft.HybridCompute/machines/readMicrosoft.HybridCompute/machines/read | 读取任何 Azure Arc 计算机Read any Azure Arc machines |
| Microsoft.HybridCompute/machines/writeMicrosoft.HybridCompute/machines/write | 写入 Azure Arc 计算机Writes an Azure Arc machines |
| Microsoft.HybridCompute/machines/deleteMicrosoft.HybridCompute/machines/delete | 删除 Azure Arc 计算机Deletes an Azure Arc machines |
| Microsoft.HybridCompute/machines/reconnect/actionMicrosoft.HybridCompute/machines/reconnect/action | 重新连接 Azure Arc 计算机Reconnects an Azure Arc machines |
| Microsoft.HybridCompute/*/readMicrosoft.HybridCompute/*/read | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can read, write, delete and re-onboard Azure Connected Machines.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302",
"name": "cd570a14-e51a-42ad-bac8-bafd67325302",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/reconnect/action",
"Microsoft.HybridCompute/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Resource Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack 注册所有者Azure Stack Registration Owner
允许管理 Azure Stack 注册。Lets you manage Azure Stack registrations.
| 操作Actions | |
| Microsoft.AzureStack/registrations/products/*/actionMicrosoft.AzureStack/registrations/products/*/action | |
| Microsoft.AzureStack/registrations/products/readMicrosoft.AzureStack/registrations/products/read | 获取 Azure Stack 市场产品的属性Gets the properties of an Azure Stack Marketplace product |
| Microsoft.AzureStack/registrations/readMicrosoft.AzureStack/registrations/read | 获取 Azure Stack 注册的属性Gets the properties of an Azure Stack registration |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Stack registrations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"permissions": [
{
"actions": [
"Microsoft.AzureStack/registrations/products/*/action",
"Microsoft.AzureStack/registrations/products/read",
"Microsoft.AzureStack/registrations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack Registration Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
标识Identity
托管的标识参与者Managed Identity Contributor
创建、读取、更新和删除用户分配的标识Create, Read, Update, and Delete User Assigned Identity
| 操作Actions | |
| Microsoft.ManagedIdentity/userAssignedIdentities/readMicrosoft.ManagedIdentity/userAssignedIdentities/read | 获取现有用户分配标识Gets an existing user assigned identity |
| Microsoft.ManagedIdentity/userAssignedIdentities/writeMicrosoft.ManagedIdentity/userAssignedIdentities/write | 创建新的用户分配标识或更新与现有用户分配标识关联的标记Creates a new user assigned identity or updates the tags associated with an existing user assigned identity |
| Microsoft.ManagedIdentity/userAssignedIdentities/deleteMicrosoft.ManagedIdentity/userAssignedIdentities/delete | 删除现有用户分配标识Deletes an existing user assigned identity |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Create, Read, Update, and Delete User Assigned Identity",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
"name": "e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
"permissions": [
{
"actions": [
"Microsoft.ManagedIdentity/userAssignedIdentities/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/write",
"Microsoft.ManagedIdentity/userAssignedIdentities/delete",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Identity Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
托管的标识操作员Managed Identity Operator
读取和分配用户分配的标识Read and Assign User Assigned Identity
| 操作Actions | |
| Microsoft.ManagedIdentity/userAssignedIdentities/*/readMicrosoft.ManagedIdentity/userAssignedIdentities/*/read | |
| Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/actionMicrosoft.ManagedIdentity/userAssignedIdentities/*/assign/action | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Read and Assign User Assigned Identity",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830",
"name": "f1a07417-d97a-45cb-824c-7a7467783830",
"permissions": [
{
"actions": [
"Microsoft.ManagedIdentity/userAssignedIdentities/*/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Identity Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
集成Integration
API 管理服务参与者API Management Service Contributor
可以管理服务和 APICan manage service and the APIs
| 操作Actions | |
| Microsoft.ApiManagement/service/*Microsoft.ApiManagement/service/* | 创建和管理 API 管理服务Create and manage API Management service |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can manage service and the APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c",
"name": "312a565d-c81f-4fd8-895a-4e21e48d571c",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API 管理服务操作员角色API Management Service Operator Role
可以管理服务,但不可管理 APICan manage service but not the APIs
| 操作Actions | |
| Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read | 读取 API 管理服务实例Read API Management Service instances |
| Microsoft.ApiManagement/service/backup/actionMicrosoft.ApiManagement/service/backup/action | 将 API 管理服务备份到用户提供的存储帐户中的指定容器Backup API Management Service to the specified container in a user provided storage account |
| Microsoft.ApiManagement/service/deleteMicrosoft.ApiManagement/service/delete | 删除 API 管理服务实例Delete API Management Service instance |
| Microsoft.ApiManagement/service/managedeployments/actionMicrosoft.ApiManagement/service/managedeployments/action | 更改 API 管理服务的 SKU/单位,以及添加/删除其区域部署Change SKU/units, add/remove regional deployments of API Management Service |
| Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read | 读取 API 管理服务实例的元数据Read metadata for an API Management Service instance |
| Microsoft.ApiManagement/service/restore/actionMicrosoft.ApiManagement/service/restore/action | 从用户提供的存储帐户中的指定容器还原 API 管理服务Restore API Management Service from the specified container in a user provided storage account |
| Microsoft.ApiManagement/service/updatecertificate/actionMicrosoft.ApiManagement/service/updatecertificate/action | 上传 API 管理服务的 SSL 证书Upload SSL certificate for an API Management Service |
| Microsoft.ApiManagement/service/updatehostname/actionMicrosoft.ApiManagement/service/updatehostname/action | 设置、更新或删除 API 管理服务的自定义域名Setup, update or remove custom domain names for an API Management Service |
| Microsoft.ApiManagement/service/writeMicrosoft.ApiManagement/service/write | 创建或更新 API 管理服务实例Create or Update API Management Service instance |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read | 获取与用户关联的密钥Get keys associated with user |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can manage service but not the APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61",
"name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*/read",
"Microsoft.ApiManagement/service/backup/action",
"Microsoft.ApiManagement/service/delete",
"Microsoft.ApiManagement/service/managedeployments/action",
"Microsoft.ApiManagement/service/read",
"Microsoft.ApiManagement/service/restore/action",
"Microsoft.ApiManagement/service/updatecertificate/action",
"Microsoft.ApiManagement/service/updatehostname/action",
"Microsoft.ApiManagement/service/write",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.ApiManagement/service/users/keys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API 管理服务读者角色API Management Service Reader Role
对服务和 API 的只读访问权限Read-only access to service and APIs
| 操作Actions | |
| Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read | 读取 API 管理服务实例Read API Management Service instances |
| Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read | 读取 API 管理服务实例的元数据Read metadata for an API Management Service instance |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read | 获取与用户关联的密钥Get keys associated with user |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Read-only access to service and APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d",
"name": "71522526-b88f-4d52-b57f-d31fc3546d0d",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*/read",
"Microsoft.ApiManagement/service/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.ApiManagement/service/users/keys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 服务总线数据所有者Azure Service Bus Data Owner
允许完全访问 Azure 服务总线资源。Allows for full access to Azure Service Bus resources.
| 操作Actions | |
| Microsoft.ServiceBus/*Microsoft.ServiceBus/* | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.ServiceBus/*Microsoft.ServiceBus/* | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Service Bus resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419",
"name": "090c5cfd-751d-490a-894a-3ce6f1109419",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 服务总线数据接收者Azure Service Bus Data Receiver
允许对 Azure 服务总线资源进行接收访问。Allows for receive access to Azure Service Bus resources.
| 操作Actions | |
| Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read | |
| Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read | |
| Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.ServiceBus/*/receive/actionMicrosoft.ServiceBus/*/receive/action | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for receive access to Azure Service Bus resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
"name": "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*/queues/read",
"Microsoft.ServiceBus/*/topics/read",
"Microsoft.ServiceBus/*/topics/subscriptions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 服务总线数据发送者Azure Service Bus Data Sender
允许对 Azure 服务总线资源进行发送访问。Allows for send access to Azure Service Bus resources.
| 操作Actions | |
| Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read | |
| Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read | |
| Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.ServiceBus/*/send/actionMicrosoft.ServiceBus/*/send/action | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for send access to Azure Service Bus resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
"name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*/queues/read",
"Microsoft.ServiceBus/*/topics/read",
"Microsoft.ServiceBus/*/topics/subscriptions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Intelligent Systems 帐户参与者Intelligent Systems Account Contributor
允许管理智能系统帐户,但不允许访问这些帐户。Lets you manage Intelligent Systems accounts, but not access to them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.IntelligentSystems/accounts/*Microsoft.IntelligentSystems/accounts/* | 创建和管理智能系统帐户Create and manage intelligent systems accounts |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Intelligent Systems accounts, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e",
"name": "03a6d094-3444-4b3d-88af-7477090a9e5e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.IntelligentSystems/accounts/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Intelligent Systems Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
逻辑应用参与者Logic App Contributor
允许管理逻辑应用,但不允许更改其访问权限。Lets you manage logic apps, but not change access to them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action | 列出存储帐户的访问密钥。Lists the access keys for the storage accounts. |
| Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read | 返回包含给定帐户的存储帐户。Return the storage account with the given account. |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Insights/metricAlerts/*Microsoft.Insights/metricAlerts/* | |
| Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* | 创建、更新或读取 Analysis Server 的诊断设置Creates, updates, or reads the diagnostic setting for Analysis Server |
| Microsoft.Insights/logdefinitions/*Microsoft.Insights/logdefinitions/* | 此权限对于需要通过门户访问活动日志的用户是必需的。This permission is necessary for users who need access to Activity Logs via the portal. 列出活动日志中的日志类别。List log categories in Activity Log. |
| Microsoft.Insights/metricDefinitions/*Microsoft.Insights/metricDefinitions/* | 读取指标定义(资源的可用指标类型的列表)。Read metric definitions (list of available metric types for a resource). |
| Microsoft.Logic/*Microsoft.Logic/* | 管理逻辑应用资源。Manages Logic Apps resources. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。Get the subscription operation results. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action | 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.Web/connectionGateways/*Microsoft.Web/connectionGateways/* | 创建和管理连接网关。Create and manages a Connection Gateway. |
| Microsoft.Web/connections/*Microsoft.Web/connections/* | 创建和管理连接。Create and manages a Connection. |
| Microsoft.Web/customApis/*Microsoft.Web/customApis/* | 创建和管理自定义 API。Creates and manages a Custom API. |
| Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action | |
| Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read | 获取应用服务计划的属性Get the properties on an App Service Plan |
| Microsoft.Web/sites/functions/listSecrets/actionMicrosoft.Web/sites/functions/listSecrets/action | 列出函数机密。List Function secrets. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage logic app, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e",
"name": "87a39d53-fc1b-424a-814c-f7e04687dc9e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.ClassicStorage/storageAccounts/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/logdefinitions/*",
"Microsoft.Insights/metricDefinitions/*",
"Microsoft.Logic/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*",
"Microsoft.Web/connectionGateways/*",
"Microsoft.Web/connections/*",
"Microsoft.Web/customApis/*",
"Microsoft.Web/serverFarms/join/action",
"Microsoft.Web/serverFarms/read",
"Microsoft.Web/sites/functions/listSecrets/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic App Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
逻辑应用运算符Logic App Operator
允许读取、启用和禁用逻辑应用,但不允许编辑或更新它们。Lets you read, enable, and disable logic apps, but not edit or update them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*/readMicrosoft.Insights/alertRules/*/read | 读取 Insights 警报规则Read Insights alert rules |
| Microsoft.Insights/metricAlerts/*/readMicrosoft.Insights/metricAlerts/*/read | |
| Microsoft.Insights/diagnosticSettings/*/readMicrosoft.Insights/diagnosticSettings/*/read | 获取逻辑应用的诊断设置Gets diagnostic settings for Logic Apps |
| Microsoft.Insights/metricDefinitions/*/readMicrosoft.Insights/metricDefinitions/*/read | 获取逻辑应用的可用指标。Gets the available metrics for Logic Apps. |
| Microsoft.Logic/*/readMicrosoft.Logic/*/read | 读取逻辑应用资源。Reads Logic Apps resources. |
| Microsoft.Logic/workflows/disable/actionMicrosoft.Logic/workflows/disable/action | 禁用工作流。Disables the workflow. |
| Microsoft.Logic/workflows/enable/actionMicrosoft.Logic/workflows/enable/action | 启用工作流。Enables the workflow. |
| Microsoft.Logic/workflows/validate/actionMicrosoft.Logic/workflows/validate/action | 验证工作流。Validates the workflow. |
| Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | 获取或列出部署操作。Gets or lists deployment operations. |
| Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。Get the subscription operation results. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.Web/connectionGateways/*/readMicrosoft.Web/connectionGateways/*/read | 读取连接网关。Read Connection Gateways. |
| Microsoft.Web/connections/*/readMicrosoft.Web/connections/*/read | 读取连接。Read Connections. |
| Microsoft.Web/customApis/*/readMicrosoft.Web/customApis/*/read | 读取自定义 API。Read Custom API. |
| Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read | 获取应用服务计划的属性Get the properties on an App Service Plan |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read, enable and disable logic app.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
"name": "515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*/read",
"Microsoft.Insights/metricAlerts/*/read",
"Microsoft.Insights/diagnosticSettings/*/read",
"Microsoft.Insights/metricDefinitions/*/read",
"Microsoft.Logic/*/read",
"Microsoft.Logic/workflows/disable/action",
"Microsoft.Logic/workflows/enable/action",
"Microsoft.Logic/workflows/validate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/connectionGateways/*/read",
"Microsoft.Web/connections/*/read",
"Microsoft.Web/customApis/*/read",
"Microsoft.Web/serverFarms/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic App Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
物联网Internet of things
EventGrid EventSubscription 参与者EventGrid EventSubscription Contributor
可以管理 EventGrid 事件订阅操作。Lets you manage EventGrid event subscription operations.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.EventGrid/eventSubscriptions/*Microsoft.EventGrid/eventSubscriptions/* | |
| Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read | 按主题类型列出全局事件订阅List global event subscriptions by topic type |
| Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read | 列出区域事件订阅List regional event subscriptions |
| Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read | 按主题类型列出区域事件订阅List regional event subscriptions by topictype |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage EventGrid event subscription operations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
"name": "428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/eventSubscriptions/*",
"Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
"Microsoft.EventGrid/locations/eventSubscriptions/read",
"Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid EventSubscription Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid EventSubscription 读者EventGrid EventSubscription Reader
可以读取 EventGrid 事件订阅。Lets you read EventGrid event subscriptions.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.EventGrid/eventSubscriptions/readMicrosoft.EventGrid/eventSubscriptions/read | 读取 eventSubscriptionRead an eventSubscription |
| Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read | 按主题类型列出全局事件订阅List global event subscriptions by topic type |
| Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read | 列出区域事件订阅List regional event subscriptions |
| Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read | 按主题类型列出区域事件订阅List regional event subscriptions by topictype |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read EventGrid event subscriptions.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405",
"name": "2414bbcf-6497-4faf-8c65-045460748405",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/eventSubscriptions/read",
"Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
"Microsoft.EventGrid/locations/eventSubscriptions/read",
"Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid EventSubscription Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
管理 + 治理Management + governance
Application Insights 组件参与者Application Insights Component Contributor
可管理 Application Insights 组件Can manage Application Insights components
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理经典警报规则Create and manage classic alert rules |
| Microsoft.Insights/metricAlerts/*Microsoft.Insights/metricAlerts/* | 创建和管理新警报规则Create and manage new alert rules |
| Microsoft.Insights/components/*Microsoft.Insights/components/* | 创建和管理 Insights 组件Create and manage Insights components |
| Microsoft.Insights/webtests/*Microsoft.Insights/webtests/* | 创建和管理 Insights Web 测试Create and manage Insights web tests |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can manage Application Insights components",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e",
"name": "ae349356-3a1b-4a5e-921d-050484c6347e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.Insights/components/*",
"Microsoft.Insights/webtests/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Application Insights Component Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Application Insights 快照调试器Application Insights Snapshot Debugger
授予用户查看和下载使用 Application Insights Snapshot Debugger 收集的调试快照的权限。Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. 请注意,所有者或参与者角色不包括这些权限。Note that these permissions are not included in the Owner or Contributor roles.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read | |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Gives user permission to use Application Insights Snapshot Debugger features",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b",
"name": "08954f03-6346-4c2e-81c0-ec3a5cfae23b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/components/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Application Insights Snapshot Debugger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
自动化作业操作员Automation Job Operator
使用自动化 Runbook 创建和管理作业。Create and Manage Jobs using Automation Runbooks.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/readMicrosoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read | 读取混合 Runbook 辅助角色资源Reads Hybrid Runbook Worker Resources |
| Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read | 获取 Azure 自动化作业Gets an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action | 恢复 Azure 自动化作业Resumes an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action | 停止 Azure 自动化作业Stops an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read | 获取 Azure 自动化作业流Gets an Azure Automation job stream |
| Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action | 暂停 Azure 自动化作业Suspends an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write | 创建 Azure 自动化作业Creates an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/output/readMicrosoft.Automation/automationAccounts/jobs/output/read | 获取作业的输出Gets the output of a job |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Create and Manage Jobs using Automation Runbooks.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f",
"name": "4fe576fe-1146-4730-92eb-48519fa6bf9f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Job Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
自动化运算符Automation Operator
自动化操作员能够启动、停止、暂停和恢复作业Automation Operators are able to start, stop, suspend, and resume jobs
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/readMicrosoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read | 读取混合 Runbook 辅助角色资源Reads Hybrid Runbook Worker Resources |
| Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read | 获取 Azure 自动化作业Gets an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action | 恢复 Azure 自动化作业Resumes an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action | 停止 Azure 自动化作业Stops an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read | 获取 Azure 自动化作业流Gets an Azure Automation job stream |
| Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action | 暂停 Azure 自动化作业Suspends an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write | 创建 Azure 自动化作业Creates an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobSchedules/readMicrosoft.Automation/automationAccounts/jobSchedules/read | 获取 Azure 自动化作业计划Gets an Azure Automation job schedule |
| Microsoft.Automation/automationAccounts/jobSchedules/writeMicrosoft.Automation/automationAccounts/jobSchedules/write | 创建 Azure 自动化作业计划Creates an Azure Automation job schedule |
| Microsoft.Automation/automationAccounts/linkedWorkspace/readMicrosoft.Automation/automationAccounts/linkedWorkspace/read | 获取链接到自动化帐户的工作区Gets the workspace linked to the automation account |
| Microsoft.Automation/automationAccounts/readMicrosoft.Automation/automationAccounts/read | 获取 Azure 自动化帐户Gets an Azure Automation account |
| Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read | 获取 Azure 自动化 RunbookGets an Azure Automation runbook |
| Microsoft.Automation/automationAccounts/schedules/readMicrosoft.Automation/automationAccounts/schedules/read | 获取 Azure 自动化计划资产Gets an Azure Automation schedule asset |
| Microsoft.Automation/automationAccounts/schedules/writeMicrosoft.Automation/automationAccounts/schedules/write | 创建或更新 Azure 自动化计划资产Creates or updates an Azure Automation schedule asset |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Automation/automationAccounts/jobs/output/readMicrosoft.Automation/automationAccounts/jobs/output/read | 获取作业的输出Gets the output of a job |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Automation Operators are able to start, stop, suspend, and resume jobs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404",
"name": "d3881f73-407a-4167-8283-e981cbba0404",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobSchedules/read",
"Microsoft.Automation/automationAccounts/jobSchedules/write",
"Microsoft.Automation/automationAccounts/linkedWorkspace/read",
"Microsoft.Automation/automationAccounts/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Automation/automationAccounts/schedules/read",
"Microsoft.Automation/automationAccounts/schedules/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
自动化 Runbook 操作员Automation Runbook Operator
读取 Runbook 属性 - 以能够创建 runbook 的作业。Read Runbook properties - to be able to create Jobs of the runbook.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read | 获取 Azure 自动化 RunbookGets an Azure Automation runbook |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Read Runbook properties - to be able to create Jobs of the runbook.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"name": "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Runbook Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
计费读者Billing Reader
允许对帐单数据进行读取访问Allows read access to billing data
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Billing/*/readMicrosoft.Billing/*/read | 读取计费信息Read Billing information |
| Microsoft.Commerce/*/readMicrosoft.Commerce/*/read | |
| Microsoft.Consumption/*/readMicrosoft.Consumption/*/read | |
| Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read | 列出已通过身份验证的用户的管理组。List management groups for the authenticated user. |
| Microsoft.CostManagement/*/readMicrosoft.CostManagement/*/read | |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to billing data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"name": "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Billing/*/read",
"Microsoft.Commerce/*/read",
"Microsoft.Consumption/*/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Billing Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
蓝图参与者Blueprint Contributor
可以管理蓝图定义,但不能对其进行分配。Can manage blueprint definitions, but not assign them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Blueprint/blueprints/*Microsoft.Blueprint/blueprints/* | 创建和管理蓝图定义或蓝图项目。Create and manage blueprint definitions or blueprint artifacts. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can manage blueprint definitions, but not assign them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4",
"name": "41077137-e803-4205-871c-5a86e6a753b4",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprints/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
蓝图操作员Blueprint Operator
可以分配现有已发布的蓝图,但不能创建新蓝图。Can assign existing published blueprints, but cannot create new blueprints. 注意:仅当使用用户分配的托管标识完成分配时,此操作才有效。NOTE: this only works if the assignment is done with a user-assigned managed identity.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Blueprint/blueprintAssignments/*Microsoft.Blueprint/blueprintAssignments/* | 创建和管理蓝图分配。Create and manage blueprint assignments. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090",
"name": "437d2ced-4a38-4302-8479-ed2bcb43d090",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprintAssignments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
成本管理参与者Cost Management Contributor
可以查看成本和管理成本配置(例如预算、导出)Can view costs and manage cost configuration (e.g. budgets, exports)
| 操作Actions | |
| Microsoft.Consumption/*Microsoft.Consumption/* | |
| Microsoft.CostManagement/*Microsoft.CostManagement/* | |
| Microsoft.Billing/billingPeriods/readMicrosoft.Billing/billingPeriods/read | |
| Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | 获取订阅的列表。Gets the list of subscriptions. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.Advisor/configurations/readMicrosoft.Advisor/configurations/read | 获取配置Get configurations |
| Microsoft.Advisor/recommendations/readMicrosoft.Advisor/recommendations/read | 读取建议Reads recommendations |
| Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read | 列出已通过身份验证的用户的管理组。List management groups for the authenticated user. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can view costs and manage cost configuration (e.g. budgets, exports)",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430",
"name": "434105ed-43f6-45c7-a02f-909b2ba83430",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*",
"Microsoft.CostManagement/*",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
成本管理读者Cost Management Reader
可以查看成本数据和配置(例如预算、导出)Can view cost data and configuration (e.g. budgets, exports)
| 操作Actions | |
| Microsoft.Consumption/*/readMicrosoft.Consumption/*/read | |
| Microsoft.CostManagement/*/readMicrosoft.CostManagement/*/read | |
| Microsoft.Billing/billingPeriods/readMicrosoft.Billing/billingPeriods/read | |
| Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | 获取订阅的列表。Gets the list of subscriptions. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.Advisor/configurations/readMicrosoft.Advisor/configurations/read | 获取配置Get configurations |
| Microsoft.Advisor/recommendations/readMicrosoft.Advisor/recommendations/read | 读取建议Reads recommendations |
| Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read | 列出已通过身份验证的用户的管理组。List management groups for the authenticated user. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can view cost data and configuration (e.g. budgets, exports)",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3",
"name": "72fafb9e-0641-4937-9268-a91bfd8191a3",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
托管应用程序参与者角色Managed Application Contributor Role
允许创建托管应用程序资源。Allows for creating managed application resources.
| 操作Actions | |
| */read*/read | 读取除密码外的所有类型的资源。Read resources of all types, except secrets. |
| Microsoft.Solutions/applications/*Microsoft.Solutions/applications/* | |
| Microsoft.Solutions/register/actionMicrosoft.Solutions/register/action | 注册到解决方案。Register to Solutions. |
| Microsoft.Resources/subscriptions/resourceGroups/*Microsoft.Resources/subscriptions/resourceGroups/* | |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for creating managed application resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e",
"name": "641177b8-a67a-45b9-a033-47bc880bb21e",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/*",
"Microsoft.Solutions/register/action",
"Microsoft.Resources/subscriptions/resourceGroups/*",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Contributor Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
托管应用程序操作员角色Managed Application Operator Role
可让你在托管应用程序资源上读取和执行操作Lets you read and perform actions on Managed Application resources
| 操作Actions | |
| */read*/read | 读取除密码外的所有类型的资源。Read resources of all types, except secrets. |
| Microsoft.Solutions/applications/readMicrosoft.Solutions/applications/read | 检索应用程序列表。Retrieves a list of applications. |
| Microsoft.Solutions/*/actionMicrosoft.Solutions/*/action | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and perform actions on Managed Application resources",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae",
"name": "c7393b34-138c-406f-901b-d8cf2b17e6ae",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/read",
"Microsoft.Solutions/*/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
托管应用程序读者Managed Applications Reader
允许读取托管应用中的资源并请求 JIT 访问。Lets you read resources in a managed app and request JIT access.
| 操作Actions | |
| */read*/read | 读取除密码外的所有类型的资源。Read resources of all types, except secrets. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Solutions/jitRequests/*Microsoft.Solutions/jitRequests/* | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read resources in a managed app and request JIT access.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44",
"name": "b9331d33-8a36-4f8c-b097-4f54124fdb44",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Solutions/jitRequests/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Applications Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
托管服务注册分配删除角色Managed Services Registration assignment Delete Role
托管服务注册分配删除角色允许管理租户用户删除分配给其租户的注册分配。Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.
| 操作Actions | |
| Microsoft.ManagedServices/registrationAssignments/readMicrosoft.ManagedServices/registrationAssignments/read | 检索托管服务注册分配的列表。Retrieves a list of Managed Services registration assignments. |
| Microsoft.ManagedServices/registrationAssignments/deleteMicrosoft.ManagedServices/registrationAssignments/delete | 删除托管服务注册分配。Removes Managed Services registration assignment. |
| Microsoft.ManagedServices/operationStatuses/readMicrosoft.ManagedServices/operationStatuses/read | 读取资源的操作状态。Reads the operation status for the resource. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46",
"name": "91c1777a-f3dc-4fae-b103-61d183457e46",
"permissions": [
{
"actions": [
"Microsoft.ManagedServices/registrationAssignments/read",
"Microsoft.ManagedServices/registrationAssignments/delete",
"Microsoft.ManagedServices/operationStatuses/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Services Registration assignment Delete Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
管理组参与者Management Group Contributor
管理组参与者角色Management Group Contributor Role
| 操作Actions | |
| Microsoft.Management/managementGroups/deleteMicrosoft.Management/managementGroups/delete | 删除管理组。Delete management group. |
| Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read | 列出已通过身份验证的用户的管理组。List management groups for the authenticated user. |
| Microsoft.Management/managementGroups/subscriptions/deleteMicrosoft.Management/managementGroups/subscriptions/delete | 从管理组取消关联订阅。De-associates subscription from the management group. |
| Microsoft.Management/managementGroups/subscriptions/writeMicrosoft.Management/managementGroups/subscriptions/write | 将现有订阅与管理组关联。Associates existing subscription with the management group. |
| Microsoft.Management/managementGroups/writeMicrosoft.Management/managementGroups/write | 创建或更新管理组。Create or update a management group. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Management Group Contributor Role",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"name": "5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/delete",
"Microsoft.Management/managementGroups/read",
"Microsoft.Management/managementGroups/subscriptions/delete",
"Microsoft.Management/managementGroups/subscriptions/write",
"Microsoft.Management/managementGroups/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
管理组读取者Management Group Reader
管理组读取者角色Management Group Reader Role
| 操作Actions | |
| Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read | 列出已通过身份验证的用户的管理组。List management groups for the authenticated user. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Management Group Reader Role",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d",
"name": "ac63b705-f282-497d-ac71-919bf39d939d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
监视参与者Monitoring Contributor
可以读取所有监视数据和编辑监视设置。Can read all monitoring data and edit monitoring settings. 另请参阅 Azure Monitor 的角色、权限和安全入门。See also Get started with roles, permissions, and security with Azure Monitor.
| 操作Actions | |
| */read*/read | 读取除密码外的所有类型的资源。Read resources of all types, except secrets. |
| Microsoft.AlertsManagement/alerts/*Microsoft.AlertsManagement/alerts/* | |
| Microsoft.AlertsManagement/alertsSummary/*Microsoft.AlertsManagement/alertsSummary/* | |
| Microsoft.Insights/actiongroups/*Microsoft.Insights/actiongroups/* | |
| Microsoft.Insights/activityLogAlerts/*Microsoft.Insights/activityLogAlerts/* | |
| Microsoft.Insights/AlertRules/*Microsoft.Insights/AlertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Insights/components/*Microsoft.Insights/components/* | 创建和管理 Insights 组件Create and manage Insights components |
| Microsoft.Insights/DiagnosticSettings/*Microsoft.Insights/DiagnosticSettings/* | 创建、更新或读取 Analysis Server 的诊断设置Creates, updates, or reads the diagnostic setting for Analysis Server |
| Microsoft.Insights/eventtypes/*Microsoft.Insights/eventtypes/* | 列出订阅中的活动日志事件(管理事件)。List Activity Log events (management events) in a subscription. 此权限适用于以编程方式和通过门户访问活动日志。This permission is applicable to both programmatic and portal access to the Activity Log. |
| Microsoft.Insights/LogDefinitions/*Microsoft.Insights/LogDefinitions/* | 此权限对于需要通过门户访问活动日志的用户是必需的。This permission is necessary for users who need access to Activity Logs via the portal. 列出活动日志中的日志类别。List log categories in Activity Log. |
| Microsoft.Insights/metricalerts/*Microsoft.Insights/metricalerts/* | |
| Microsoft.Insights/MetricDefinitions/*Microsoft.Insights/MetricDefinitions/* | 读取指标定义(资源的可用指标类型的列表)。Read metric definitions (list of available metric types for a resource). |
| Microsoft.Insights/Metrics/*Microsoft.Insights/Metrics/* | 读取资源的指标。Read metrics for a resource. |
| Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action | 注册 Microsoft Insights 提供程序Register the Microsoft Insights provider |
| Microsoft.Insights/scheduledqueryrules/*Microsoft.Insights/scheduledqueryrules/* | |
| Microsoft.Insights/webtests/*Microsoft.Insights/webtests/* | 创建和管理 Insights Web 测试Create and manage Insights web tests |
| Microsoft.Insights/workbooks/*Microsoft.Insights/workbooks/* | |
| Microsoft.OperationalInsights/workspaces/intelligencepacks/*Microsoft.OperationalInsights/workspaces/intelligencepacks/* | 读取/写入/删除日志分析解决方案包。Read/write/delete log analytics solution packs. |
| Microsoft.OperationalInsights/workspaces/savedSearches/*Microsoft.OperationalInsights/workspaces/savedSearches/* | 读取/写入/删除日志分析保存的搜索。Read/write/delete log analytics saved searches. |
| Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action | 执行搜索查询Executes a search query |
| Microsoft.OperationalInsights/workspaces/sharedKeys/actionMicrosoft.OperationalInsights/workspaces/sharedKeys/action | 检索工作区的共享密钥。Retrieves the shared keys for the workspace. 这些密钥用于将 Microsoft Operational Insights 代理连接到工作区。These keys are used to connect Microsoft Operational Insights agents to the workspace. |
| Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*Microsoft.OperationalInsights/workspaces/storageinsightconfigs/* | 读取/写入/删除日志分析存储见解配置。Read/write/delete log analytics storage insight configurations. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.WorkloadMonitor/monitors/*Microsoft.WorkloadMonitor/monitors/* | |
| Microsoft.WorkloadMonitor/notificationSettings/*Microsoft.WorkloadMonitor/notificationSettings/* | |
| Microsoft.AlertsManagement/smartDetectorAlertRules/*Microsoft.AlertsManagement/smartDetectorAlertRules/* | |
| Microsoft.AlertsManagement/actionRules/*Microsoft.AlertsManagement/actionRules/* | |
| Microsoft.AlertsManagement/smartGroups/*Microsoft.AlertsManagement/smartGroups/* | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can read all monitoring data and update monitoring settings.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"name": "749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.AlertsManagement/alerts/*",
"Microsoft.AlertsManagement/alertsSummary/*",
"Microsoft.Insights/actiongroups/*",
"Microsoft.Insights/activityLogAlerts/*",
"Microsoft.Insights/AlertRules/*",
"Microsoft.Insights/components/*",
"Microsoft.Insights/DiagnosticSettings/*",
"Microsoft.Insights/eventtypes/*",
"Microsoft.Insights/LogDefinitions/*",
"Microsoft.Insights/metricalerts/*",
"Microsoft.Insights/MetricDefinitions/*",
"Microsoft.Insights/Metrics/*",
"Microsoft.Insights/Register/Action",
"Microsoft.Insights/scheduledqueryrules/*",
"Microsoft.Insights/webtests/*",
"Microsoft.Insights/workbooks/*",
"Microsoft.OperationalInsights/workspaces/intelligencepacks/*",
"Microsoft.OperationalInsights/workspaces/savedSearches/*",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.OperationalInsights/workspaces/sharedKeys/action",
"Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*",
"Microsoft.Support/*",
"Microsoft.WorkloadMonitor/monitors/*",
"Microsoft.WorkloadMonitor/notificationSettings/*",
"Microsoft.AlertsManagement/smartDetectorAlertRules/*",
"Microsoft.AlertsManagement/actionRules/*",
"Microsoft.AlertsManagement/smartGroups/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Monitoring Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
监视指标发布者Monitoring Metrics Publisher
允许针对 Azure 资源发布指标Enables publishing metrics against Azure resources
| 操作Actions | |
| Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action | 注册 Microsoft Insights 提供程序Register the Microsoft Insights provider |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Insights/Metrics/WriteMicrosoft.Insights/Metrics/Write | 写入指标Write metrics |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Enables publishing metrics against Azure resources",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb",
"name": "3913510d-42f4-4e42-8a64-420c390055eb",
"permissions": [
{
"actions": [
"Microsoft.Insights/Register/Action",
"Microsoft.Support/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Insights/Metrics/Write"
],
"notDataActions": []
}
],
"roleName": "Monitoring Metrics Publisher",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
监视读取者Monitoring Reader
可以读取所有监视数据(指标、日志等)。Can read all monitoring data (metrics, logs, etc.). 另请参阅 Azure Monitor 的角色、权限和安全入门。See also Get started with roles, permissions, and security with Azure Monitor.
| 操作Actions | |
| */read*/read | 读取除密码外的所有类型的资源。Read resources of all types, except secrets. |
| Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action | 执行搜索查询Executes a search query |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can read all monitoring data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05",
"name": "43d0d8ad-25c7-4714-9337-8ba259a9fe05",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Monitoring Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
New elic APM 帐户参与者New Relic APM Account Contributor
允许管理 New Relic 应用程序性能管理帐户和应用程序,但不允许访问它们。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| NewRelic.APM/accounts/*NewRelic.APM/accounts/* | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237",
"name": "5d28c62d-5b37-4476-8438-e587778df237",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"NewRelic.APM/accounts/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "New Relic APM Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
策略见解数据编写者(预览)Policy Insights Data Writer (Preview)
允许对资源策略进行读取访问,并允许对资源组件策略事件进行写入访问。Allows read access to resource policies and write access to resource component policy events.
| 操作Actions | |
| Microsoft.Authorization/policyassignments/readMicrosoft.Authorization/policyassignments/read | 获取有关策略分配的信息。Get information about a policy assignment. |
| Microsoft.Authorization/policydefinitions/readMicrosoft.Authorization/policydefinitions/read | 获取有关策略定义的信息。Get information about a policy definition. |
| Microsoft.Authorization/policysetdefinitions/readMicrosoft.Authorization/policysetdefinitions/read | 获取有关策略集定义的信息。Get information about a policy set definition. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.PolicyInsights/checkDataPolicyCompliance/actionMicrosoft.PolicyInsights/checkDataPolicyCompliance/action | 参照数据策略检查给定组件的合规性状态。Check the compliance status of a given component against data policies. |
| Microsoft.PolicyInsights/policyEvents/logDataEvents/actionMicrosoft.PolicyInsights/policyEvents/logDataEvents/action | 记录资源组件策略事件。Log the resource component policy events. |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to resource policies and write access to resource component policy events.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84",
"name": "66bb4e9e-b016-4a94-8249-4c0511c2be84",
"permissions": [
{
"actions": [
"Microsoft.Authorization/policyassignments/read",
"Microsoft.Authorization/policydefinitions/read",
"Microsoft.Authorization/policysetdefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.PolicyInsights/checkDataPolicyCompliance/action",
"Microsoft.PolicyInsights/policyEvents/logDataEvents/action"
],
"notDataActions": []
}
],
"roleName": "Policy Insights Data Writer (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
资源策略参与者Resource Policy Contributor
有权创建/修改资源策略、创建支持票证和读取资源/层次结构的用户。Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.
| 操作Actions | |
| */read*/read | 读取除密码外的所有类型的资源。Read resources of all types, except secrets. |
| Microsoft.Authorization/policyassignments/*Microsoft.Authorization/policyassignments/* | 创建和管理策略分配Create and manage policy assignments |
| Microsoft.Authorization/policydefinitions/*Microsoft.Authorization/policydefinitions/* | 创建和管理策略定义Create and manage policy definitions |
| Microsoft.Authorization/policysetdefinitions/*Microsoft.Authorization/policysetdefinitions/* | 创建和管理策略集Create and manage policy sets |
| Microsoft.PolicyInsights/*Microsoft.PolicyInsights/* | |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608",
"name": "36243c78-bf99-498c-9df9-86d9f8d28608",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/policyassignments/*",
"Microsoft.Authorization/policydefinitions/*",
"Microsoft.Authorization/policysetdefinitions/*",
"Microsoft.PolicyInsights/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Resource Policy Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
计划程序作业集合参与者Scheduler Job Collections Contributor
允许管理计划程序作业集合,但不允许访问这些集合。Lets you manage Scheduler job collections, but not access to them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Scheduler/jobcollections/*Microsoft.Scheduler/jobcollections/* | 创建和管理作业集合Create and manage job collections |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Scheduler job collections, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/188a0f2f-5c9e-469b-ae67-2aa5ce574b94",
"name": "188a0f2f-5c9e-469b-ae67-2aa5ce574b94",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Scheduler/jobcollections/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Scheduler Job Collections Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery 参与者Site Recovery Contributor
允许管理除保管库创建和角色分配外的 Site Recovery 服务Lets you manage Site Recovery service except vault creation and role assignment
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 获取虚拟网络定义Get the virtual network definition |
| Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service |
| Microsoft.RecoveryServices/locations/allocateStamp/actionMicrosoft.RecoveryServices/locations/allocateStamp/action | AllocateStamp 是服务使用的内部操作AllocateStamp is internal operation used by service |
| Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write | “更新资源证书”操作更新资源/保管库凭据证书。The Update Resource Certificate operation updates the resource/vault credential certificate. |
| Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* | 创建和管理与保管库相关的扩展信息Create and manage extended info related to vault |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* | 创建和管理已注册标识Create and manage registered identities |
| Microsoft.RecoveryServices/vaults/replicationAlertSettings/*Microsoft.RecoveryServices/vaults/replicationAlertSettings/* | 创建或更新复制警报设置Create or Update replication alert settings |
| Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read | 读取任何事件Read any Events |
| Microsoft.RecoveryServices/vaults/replicationFabrics/*Microsoft.RecoveryServices/vaults/replicationFabrics/* | 创建和管理复制结构Create and manage replication fabrics |
| Microsoft.RecoveryServices/vaults/replicationJobs/*Microsoft.RecoveryServices/vaults/replicationJobs/* | 创建和管理复制作业Create and manage replication jobs |
| Microsoft.RecoveryServices/vaults/replicationPolicies/*Microsoft.RecoveryServices/vaults/replicationPolicies/* | 创建和管理复制策略Create and manage replication policies |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/* | 创建和管理恢复计划Create and manage recovery plans |
| Microsoft.RecoveryServices/Vaults/storageConfig/*Microsoft.RecoveryServices/Vaults/storageConfig/* | 创建和管理恢复服务保管库的存储配置Create and manage storage configuration of Recovery Services vault |
| Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read | |
| Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read | “保管库令牌”操作可用于获取保管库级后端操作的保管库令牌。The Vault Token operation can be used to get Vault Token for vault level backend operations. |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/*Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | 读取恢复服务保管库的警报Read alerts for the Recovery services vault |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.RecoveryServices/vaults/replicationOperationStatus/readMicrosoft.RecoveryServices/vaults/replicationOperationStatus/read | 读取任何保管库复制操作状态Read any Vault Replication Operation Status |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Site Recovery service except vault creation and role assignment",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"name": "6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/*",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/*",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/*",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*",
"Microsoft.RecoveryServices/Vaults/storageConfig/*",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/vaults/replicationOperationStatus/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery 操作员Site Recovery Operator
允许进行故障转移和故障回复,但不允许执行其他 Site Recovery 管理操作Lets you failover and failback but not perform other Site Recovery management operations
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 获取虚拟网络定义Get the virtual network definition |
| Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service |
| Microsoft.RecoveryServices/locations/allocateStamp/actionMicrosoft.RecoveryServices/locations/allocateStamp/action | AllocateStamp 是服务使用的内部操作AllocateStamp is internal operation used by service |
| Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read | “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | “获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read | “获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource. |
| Microsoft.RecoveryServices/vaults/replicationAlertSettings/readMicrosoft.RecoveryServices/vaults/replicationAlertSettings/read | 读取任何警报设置Read any Alerts Settings |
| Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read | 读取任何事件Read any Events |
| Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action | 检查结构的一致性Checks Consistency of the Fabric |
| Microsoft.RecoveryServices/vaults/replicationFabrics/readMicrosoft.RecoveryServices/vaults/replicationFabrics/read | 读取任何结构Read any Fabrics |
| Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action | 重新关联网关Reassociate Gateway |
| Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action | 续订 Fabric 的证书Renew Certificate for Fabric |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read | 读取任何网络Read any Networks |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read | 读取任何网络映射Read any Network Mappings |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read | 读取任何保护容器Read any Protection Containers |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read | 读取任何可保护项Read any Protectable Items |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action | 应用还原点Apply Recovery Point |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action | 故障转移提交Failover Commit |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action | 计划内故障转移Planned Failover |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read | 读取任何受保护项Read any Protected Items |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read | 读取任何复制恢复点Read any Replication Recovery Points |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action | 修复复制Repair replication |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action | 重新保护受保护的项ReProtect Protected Item |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action | 交换保护容器Switch Protection Container |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action | 测试故障转移Test Failover |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action | 测试故障转移清理Test Failover Cleanup |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action | 故障转移Failover |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action | 更新移动服务Update Mobility Service |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read | 读取任何保护容器映射Read any Protection Container Mappings |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read | 读取任何恢复服务提供程序Read any Recovery Services Providers |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action | 刷新提供程序Refresh Provider |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read | 读取任何存储分类Read any Storage Classifications |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read | 读取任何存储分类映射Read any Storage Classification Mappings |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read | 读取任何 vCenterRead any vCenters |
| Microsoft.RecoveryServices/vaults/replicationJobs/*Microsoft.RecoveryServices/vaults/replicationJobs/* | 创建和管理复制作业Create and manage replication jobs |
| Microsoft.RecoveryServices/vaults/replicationPolicies/readMicrosoft.RecoveryServices/vaults/replicationPolicies/read | 读取任何策略Read any Policies |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action | 故障转移提交恢复计划Failover Commit Recovery Plan |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action | 计划内故障转移恢复计划Planned Failover Recovery Plan |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/readMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/read | 读取任何恢复计划Read any Recovery Plans |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action | 重新保护恢复计划ReProtect Recovery Plan |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action | 测试故障转移恢复计划Test Failover Recovery Plan |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action | 测试故障转移清理恢复计划Test Failover Cleanup Recovery Plan |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action | 故障转移恢复计划Failover Recovery Plan |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/*Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | 读取恢复服务保管库的警报Read alerts for the Recovery services vault |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
| Microsoft.RecoveryServices/Vaults/storageConfig/readMicrosoft.RecoveryServices/Vaults/storageConfig/read | |
| Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read | |
| Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read | “保管库令牌”操作可用于获取保管库级后端操作的保管库令牌。The Vault Token operation can be used to get Vault Token for vault level backend operations. |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you failover and failback but not perform other Site Recovery management operations",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca",
"name": "494ae006-db33-4328-bf46-533a6560a3ca",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery 读取者Site Recovery Reader
允许查看 Site Recovery 状态,但不允许执行其他管理操作Lets you view Site Recovery status but not perform other management operations
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service |
| Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read | “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read | 获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | “获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read | “获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource. |
| Microsoft.RecoveryServices/vaults/replicationAlertSettings/readMicrosoft.RecoveryServices/vaults/replicationAlertSettings/read | 读取任何警报设置Read any Alerts Settings |
| Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read | 读取任何事件Read any Events |
| Microsoft.RecoveryServices/vaults/replicationFabrics/readMicrosoft.RecoveryServices/vaults/replicationFabrics/read | 读取任何结构Read any Fabrics |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read | 读取任何网络Read any Networks |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read | 读取任何网络映射Read any Network Mappings |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read | 读取任何保护容器Read any Protection Containers |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read | 读取任何可保护项Read any Protectable Items |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read | 读取任何受保护项Read any Protected Items |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read | 读取任何复制恢复点Read any Replication Recovery Points |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read | 读取任何保护容器映射Read any Protection Container Mappings |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read | 读取任何恢复服务提供程序Read any Recovery Services Providers |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read | 读取任何存储分类Read any Storage Classifications |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read | 读取任何存储分类映射Read any Storage Classification Mappings |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read | 读取任何 vCenterRead any vCenters |
| Microsoft.RecoveryServices/vaults/replicationJobs/readMicrosoft.RecoveryServices/vaults/replicationJobs/read | 读取任何作业Read any Jobs |
| Microsoft.RecoveryServices/vaults/replicationPolicies/readMicrosoft.RecoveryServices/vaults/replicationPolicies/read | 读取任何策略Read any Policies |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/readMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/read | 读取任何恢复计划Read any Recovery Plans |
| Microsoft.RecoveryServices/Vaults/storageConfig/readMicrosoft.RecoveryServices/Vaults/storageConfig/read | |
| Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read | |
| Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read | “保管库令牌”操作可用于获取保管库级后端操作的保管库令牌。The Vault Token operation can be used to get Vault Token for vault level backend operations. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you view Site Recovery status but not perform other management operations",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/dbaa88c4-0c30-4179-9fb3-46319faa6149",
"name": "dbaa88c4-0c30-4179-9fb3-46319faa6149",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/read",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
支持请求参与者Support Request Contributor
允许创建和管理支持请求Lets you create and manage Support requests
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you create and manage Support requests",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"name": "cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Support Request Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
工作簿参与者Workbook Contributor
可以保存共享的工作簿。Can save shared workbooks.
| 操作Actions | |
| Microsoft.Insights/workbooks/writeMicrosoft.Insights/workbooks/write | 创建或更新工作簿Create or update a workbook |
| Microsoft.Insights/workbooks/deleteMicrosoft.Insights/workbooks/delete | 删除工作簿Delete a workbook |
| Microsoft.Insights/workbooks/readMicrosoft.Insights/workbooks/read | 读取工作簿Read a workbook |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can save shared workbooks.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad",
"name": "e8ddcd69-c73f-4f9f-9844-4100522f16ad",
"permissions": [
{
"actions": [
"Microsoft.Insights/workbooks/write",
"Microsoft.Insights/workbooks/delete",
"Microsoft.Insights/workbooks/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Workbook Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
工作簿读者Workbook Reader
可以读取工作簿。Can read workbooks.
| 操作Actions | |
| microsoft.insights/workbooks/readmicrosoft.insights/workbooks/read | 读取工作簿Read a workbook |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can read workbooks.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d",
"name": "b279062a-9be3-42a0-92ae-8b3cf002ec4d",
"permissions": [
{
"actions": [
"microsoft.insights/workbooks/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Workbook Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
混合现实Mixed reality
空间定位点帐户参与者Spatial Anchors Account Contributor
允许管理帐户中的空间定位点,但不能删除它们Lets you manage spatial anchors in your account, but not delete them
| 操作Actions | |
| 无none | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action | 创建空间定位点Create spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read | 发现附近的空间定位点Discover nearby spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read | 获取空间定位点的属性Get properties of spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read | 找到空间定位点Locate spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read | 提交诊断数据以帮助提高 Azure 空间定位点服务的质量Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service |
| Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write | 更新空间定位点属性Update spatial anchors properties |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage spatial anchors in your account, but not delete them",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
"name": "8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
"Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/write"
],
"notDataActions": []
}
],
"roleName": "Spatial Anchors Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
空间定位点帐户所有者Spatial Anchors Account Owner
允许管理帐户中的空间定位点,包括删除它们Lets you manage spatial anchors in your account, including deleting them
| 操作Actions | |
| 无none | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action | 创建空间定位点Create spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/deleteMicrosoft.MixedReality/SpatialAnchorsAccounts/delete | 删除空间定位点Delete spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read | 发现附近的空间定位点Discover nearby spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read | 获取空间定位点的属性Get properties of spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read | 找到空间定位点Locate spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read | 提交诊断数据以帮助提高 Azure 空间定位点服务的质量Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service |
| Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write | 更新空间定位点属性Update spatial anchors properties |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage spatial anchors in your account, including deleting them",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/70bbe301-9835-447d-afdd-19eb3167307c",
"name": "70bbe301-9835-447d-afdd-19eb3167307c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
"Microsoft.MixedReality/SpatialAnchorsAccounts/delete",
"Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/write"
],
"notDataActions": []
}
],
"roleName": "Spatial Anchors Account Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
空间定位点帐户读者Spatial Anchors Account Reader
允许在帐户中查找和读取空间定位点的属性Lets you locate and read properties of spatial anchors in your account
| 操作Actions | |
| 无none | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read | 发现附近的空间定位点Discover nearby spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read | 获取空间定位点的属性Get properties of spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read | 找到空间定位点Locate spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read | 提交诊断数据以帮助提高 Azure 空间定位点服务的质量Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you locate and read properties of spatial anchors in your account",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d51204f-eb77-4b1c-b86a-2ec626c49413",
"name": "5d51204f-eb77-4b1c-b86a-2ec626c49413",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read"
],
"notDataActions": []
}
],
"roleName": "Spatial Anchors Account Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
网络Networking
CDN 终结点参与者CDN Endpoint Contributor
可以管理 CDN 终结点,但不能向其他用户授予访问权限。Can manage CDN endpoints, but can't grant access to other users.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
| Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profiles/endpoints/*Microsoft.Cdn/profiles/endpoints/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can manage CDN endpoints, but can't grant access to other users.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
"name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/endpoints/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Endpoint Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CDN 终结点读者CDN Endpoint Reader
可以查看 CDN 终结点,但不能进行更改。Can view CDN endpoints, but can't make changes.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
| Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profiles/endpoints/*/readMicrosoft.Cdn/profiles/endpoints/*/read | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can view CDN endpoints, but can't make changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
"name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/endpoints/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Endpoint Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CDN 配置文件参与者CDN Profile Contributor
可以管理 CDN 配置文件及其终结点,但不能向其他用户授予访问权限。Can manage CDN profiles and their endpoints, but can't grant access to other users.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
| Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profiles/*Microsoft.Cdn/profiles/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
"name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Profile Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CDN 配置文件读者CDN Profile Reader
可以查看 CDN 配置文件及其终结点,但不能进行更改。Can view CDN profiles and their endpoints, but can't make changes.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
| Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profiles/*/readMicrosoft.Cdn/profiles/*/read | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can view CDN profiles and their endpoints, but can't make changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
"name": "8f96442b-4075-438f-813d-ad51ab4019af",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Profile Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
经典网络参与者Classic Network Contributor
允许管理经典网络,但不允许访问这些网络。Lets you manage classic networks, but not access to them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.ClassicNetwork/*Microsoft.ClassicNetwork/* | 创建和管理经典网络Create and manage classic networks |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic networks, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
"name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicNetwork/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Network Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DNS 区域参与者DNS Zone Contributor
允许管理 Azure DNS 中的 DNS 区域和记录集,但不允许控制对其访问的人员。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Network/dnsZones/*Microsoft.Network/dnsZones/* | 创建和管理 DNS 区域和记录Create and manage DNS zones and records |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
"name": "befefa01-2a29-4197-83a8-272ff33ce314",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/dnsZones/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DNS Zone Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
网络参与者Network Contributor
允许管理网络,但不允许访问这些网络。Lets you manage networks, but not access to them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Network/*Microsoft.Network/* | 创建并管理网络Create and manage networks |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage networks, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
"name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Network Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
流量管理器参与者Traffic Manager Contributor
允许管理流量管理器配置文件,但不允许控制谁可以访问它们。Lets you manage Traffic Manager profiles, but does not let you control who has access to them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/* | |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
"name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/trafficManagerProfiles/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Traffic Manager Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
安全性Security
Azure Sentinel 参与者Azure Sentinel Contributor
Azure Sentinel 参与者Azure Sentinel Contributor
| 操作Actions | |
| Microsoft.SecurityInsights/*Microsoft.SecurityInsights/* | |
| Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action | 使用新引擎进行搜索。Search using new engine. |
| Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read | 查看日志分析数据View log analytics data |
| Microsoft.OperationalInsights/workspaces/savedSearches/*Microsoft.OperationalInsights/workspaces/savedSearches/* | |
| Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read | 获取现有的 OMS 解决方案Get exiting OMS solution |
| Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read | 对工作区中的数据运行查询Run queries over the data in the workspace |
| Microsoft.OperationalInsights/workspaces/query/*/readMicrosoft.OperationalInsights/workspaces/query/*/read | |
| Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read | 获取工作区下面的数据源。Get datasources under a workspace. |
| Microsoft.Insights/workbooks/*Microsoft.Insights/workbooks/* | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Azure Sentinel Contributor",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade",
"name": "ab8e14d6-4a74-4a29-9ba8-549422addade",
"permissions": [
{
"actions": [
"Microsoft.SecurityInsights/*",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/savedSearches/*",
"Microsoft.OperationsManagement/solutions/read",
"Microsoft.OperationalInsights/workspaces/query/read",
"Microsoft.OperationalInsights/workspaces/query/*/read",
"Microsoft.OperationalInsights/workspaces/dataSources/read",
"Microsoft.Insights/workbooks/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Sentinel Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Sentinel 读取者Azure Sentinel Reader
Azure Sentinel 读取者Azure Sentinel Reader
| 操作Actions | |
| Microsoft.SecurityInsights/*/readMicrosoft.SecurityInsights/*/read | |
| Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action | 使用新引擎进行搜索。Search using new engine. |
| Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read | 查看日志分析数据View log analytics data |
| Microsoft.OperationalInsights/workspaces/LinkedServices/readMicrosoft.OperationalInsights/workspaces/LinkedServices/read | 获取给定工作区下的链接服务。Get linked services under given workspace. |
| Microsoft.OperationalInsights/workspaces/savedSearches/readMicrosoft.OperationalInsights/workspaces/savedSearches/read | 获取保存的搜索查询Gets a saved search query |
| Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read | 获取现有的 OMS 解决方案Get exiting OMS solution |
| Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read | 对工作区中的数据运行查询Run queries over the data in the workspace |
| Microsoft.OperationalInsights/workspaces/query/*/readMicrosoft.OperationalInsights/workspaces/query/*/read | |
| Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read | 获取工作区下面的数据源。Get datasources under a workspace. |
| Microsoft.Insights/workbooks/readMicrosoft.Insights/workbooks/read | 读取工作簿Read a workbook |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Azure Sentinel Reader",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d289c81-5878-46d4-8554-54e1e3d8b5cb",
"name": "8d289c81-5878-46d4-8554-54e1e3d8b5cb",
"permissions": [
{
"actions": [
"Microsoft.SecurityInsights/*/read",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/LinkedServices/read",
"Microsoft.OperationalInsights/workspaces/savedSearches/read",
"Microsoft.OperationsManagement/solutions/read",
"Microsoft.OperationalInsights/workspaces/query/read",
"Microsoft.OperationalInsights/workspaces/query/*/read",
"Microsoft.OperationalInsights/workspaces/dataSources/read",
"Microsoft.Insights/workbooks/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Sentinel Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Sentinel 响应方Azure Sentinel Responder
Azure Sentinel 响应方Azure Sentinel Responder
| 操作Actions | |
| Microsoft.SecurityInsights/*/readMicrosoft.SecurityInsights/*/read | |
| Microsoft.SecurityInsights/cases/*Microsoft.SecurityInsights/cases/* | |
| Microsoft.SecurityInsights/incidents/*Microsoft.SecurityInsights/incidents/* | |
| Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action | 使用新引擎进行搜索。Search using new engine. |
| Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read | 查看日志分析数据View log analytics data |
| Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read | 获取工作区下面的数据源。Get datasources under a workspace. |
| Microsoft.OperationalInsights/workspaces/savedSearches/readMicrosoft.OperationalInsights/workspaces/savedSearches/read | 获取保存的搜索查询Gets a saved search query |
| Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read | 获取现有的 OMS 解决方案Get exiting OMS solution |
| Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read | 对工作区中的数据运行查询Run queries over the data in the workspace |
| Microsoft.OperationalInsights/workspaces/query/*/readMicrosoft.OperationalInsights/workspaces/query/*/read | |
| Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read | 获取工作区下面的数据源。Get datasources under a workspace. |
| Microsoft.Insights/workbooks/readMicrosoft.Insights/workbooks/read | 读取工作簿Read a workbook |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Azure Sentinel Responder",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3e150937-b8fe-4cfb-8069-0eaf05ecd056",
"name": "3e150937-b8fe-4cfb-8069-0eaf05ecd056",
"permissions": [
{
"actions": [
"Microsoft.SecurityInsights/*/read",
"Microsoft.SecurityInsights/cases/*",
"Microsoft.SecurityInsights/incidents/*",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/dataSources/read",
"Microsoft.OperationalInsights/workspaces/savedSearches/read",
"Microsoft.OperationsManagement/solutions/read",
"Microsoft.OperationalInsights/workspaces/query/read",
"Microsoft.OperationalInsights/workspaces/query/*/read",
"Microsoft.OperationalInsights/workspaces/dataSources/read",
"Microsoft.Insights/workbooks/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Sentinel Responder",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
密钥保管库参与者Key Vault Contributor
允许管理密钥保管库,但不允许对其进行访问。Lets you manage key vaults, but not access to them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.KeyVault/*Microsoft.KeyVault/* | |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| Microsoft.KeyVault/locations/deletedVaults/purge/actionMicrosoft.KeyVault/locations/deletedVaults/purge/action | 清除软删除的密钥保管库Purge a soft deleted key vault |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage key vaults, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395",
"name": "f25e0fa2-a7c8-4377-a976-54943a77a395",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.KeyVault/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.KeyVault/locations/deletedVaults/purge/action"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Key Vault Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
安全管理员Security Admin
可以查看安全策略、查看安全状态、编辑安全策略、查看警报和建议、关闭警报和建议。Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Authorization/policyAssignments/*Microsoft.Authorization/policyAssignments/* | 创建和管理策略分配Create and manage policy assignments |
| Microsoft.Authorization/policyDefinitions/*Microsoft.Authorization/policyDefinitions/* | 创建和管理策略定义Create and manage policy definitions |
| Microsoft.Authorization/policySetDefinitions/*Microsoft.Authorization/policySetDefinitions/* | 创建和管理策略集Create and manage policy sets |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read | 列出已通过身份验证的用户的管理组。List management groups for the authenticated user. |
| Microsoft.operationalInsights/workspaces/*/readMicrosoft.operationalInsights/workspaces/*/read | 查看日志分析数据View log analytics data |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Security/*Microsoft.Security/* | 创建和管理安全组件和策略Create and manage security components and policies |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Security Admin Role",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd",
"name": "fb1c8493-542b-48eb-b624-b4c8fea62acd",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/policyAssignments/*",
"Microsoft.Authorization/policyDefinitions/*",
"Microsoft.Authorization/policySetDefinitions/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Management/managementGroups/read",
"Microsoft.operationalInsights/workspaces/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Security/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Security Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
安全评估参与者Security Assessment Contributor
允许你将评估推送到安全中心Lets you push assessments to Security Center
| 操作Actions | |
| Microsoft.Security/assessments/writeMicrosoft.Security/assessments/write | 创建或更新订阅的安全评估Create or update security assessments on your subscription |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you push assessments to Security Center",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/612c2aa1-cb24-443b-ac28-3ab7272de6f5",
"name": "612c2aa1-cb24-443b-ac28-3ab7272de6f5",
"permissions": [
{
"actions": [
"Microsoft.Security/assessments/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Security Assessment Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
安全管理器(旧版)Security Manager (Legacy)
这是旧角色。This is a legacy role. 请改用安全管理员。Please use Security Admin instead.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.ClassicCompute/*/readMicrosoft.ClassicCompute/*/read | 读取经典虚拟机的配置信息Read configuration information classic virtual machines |
| Microsoft.ClassicCompute/virtualMachines/*/writeMicrosoft.ClassicCompute/virtualMachines/*/write | 写入经典虚拟机的配置Write configuration for classic virtual machines |
| Microsoft.ClassicNetwork/*/readMicrosoft.ClassicNetwork/*/read | 读取有关经典网络的配置信息Read configuration information about classic network |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Security/*Microsoft.Security/* | 创建和管理安全组件和策略Create and manage security components and policies |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "This is a legacy role. Please use Security Administrator instead",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e3d13bf0-dd5a-482e-ba6b-9b8433878d10",
"name": "e3d13bf0-dd5a-482e-ba6b-9b8433878d10",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicCompute/*/read",
"Microsoft.ClassicCompute/virtualMachines/*/write",
"Microsoft.ClassicNetwork/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Security/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Security Manager (Legacy)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
安全读取者Security Reader
可以查看建议和警报、查看安全策略、查看安全状态,但不能进行更改。Can view recommendations and alerts, view security policies, view security states, but cannot make changes.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.operationalInsights/workspaces/*/readMicrosoft.operationalInsights/workspaces/*/read | 查看日志分析数据View log analytics data |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Security/*/readMicrosoft.Security/*/read | 读取安全组件和策略Read security components and policies |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read | 列出已通过身份验证的用户的管理组。List management groups for the authenticated user. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Security Reader Role",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/39bc4728-0917-49c7-9d2c-d95423bc2eb4",
"name": "39bc4728-0917-49c7-9d2c-d95423bc2eb4",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.operationalInsights/workspaces/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Security/*/read",
"Microsoft.Support/*",
"Microsoft.Management/managementGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Security Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
存储Storage
Avere 参与者Avere Contributor
可以创建和管理 Avere vFXT 群集。Can create and manage an Avere vFXT cluster.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Compute/*/readMicrosoft.Compute/*/read | |
| Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* | |
| Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* | |
| Microsoft.Compute/disks/*Microsoft.Compute/disks/* | |
| Microsoft.Network/*/readMicrosoft.Network/*/read | |
| Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* | |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 获取虚拟网络定义Get the virtual network definition |
| Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read | 获取虚拟网络子网定义Gets a virtual network subnet definition |
| Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action | 加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable. |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | 将存储帐户或 SQL 数据库等资源加入到子网。Joins resource such as storage account or SQL database to a subnet. 不可发出警报。Not alertable. |
| Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action | 加入网络安全组。Joins a network security group. 不可发出警报。Not Alertable. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Storage/*/readMicrosoft.Storage/*/read | |
| Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* | 创建和管理存储帐户Create and manage storage accounts |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.Resources/subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read | 获取资源组的资源。Gets the resources for the resource group. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete | 返回删除 blob 的结果Returns the result of deleting a blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | 返回 blob 或 blob 列表Returns a blob or a list of blobs |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write | 返回写入 blob 的结果Returns the result of writing a blob |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can create and manage an Avere vFXT cluster.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/disks/*",
"Microsoft.Network/*/read",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/*/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*",
"Microsoft.Resources/subscriptions/resourceGroups/resources/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Avere 操作员Avere Operator
由 Avere vFXT 群集用来管理群集Used by the Avere vFXT cluster to manage the cluster
| 操作Actions | |
| Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read | 获取虚拟机的属性Get the properties of a virtual machine |
| Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read | 获取网络接口定义。Gets a network interface definition. |
| Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write | 创建网络接口,或更新现有的网络接口。Creates a network interface or updates an existing network interface. |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 获取虚拟网络定义Get the virtual network definition |
| Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read | 获取虚拟网络子网定义Gets a virtual network subnet definition |
| Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action | 加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable. |
| Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action | 加入网络安全组。Joins a network security group. 不可发出警报。Not Alertable. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete | 返回删除容器的结果Returns the result of deleting a container |
| Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read | 返回容器列表Returns list of containers |
| Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write | 返回放置 blob 容器的结果Returns the result of put blob container |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete | 返回删除 blob 的结果Returns the result of deleting a blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | 返回 blob 或 blob 列表Returns a blob or a list of blobs |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write | 返回写入 blob 的结果Returns the result of writing a blob |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Used by the Avere vFXT cluster to manage the cluster",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"permissions": [
{
"actions": [
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
备份参与者Backup Contributor
允许管理备份服务,但不允许创建保管库以及授予其他人访问权限Lets you manage backup service, but can't create vaults and give access to others
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 获取虚拟网络定义Get the virtual network definition |
| Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* | 管理备份管理操作的结果Manage results of operation on backup management |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* | 在恢复服务保管库的备份结构内创建和管理备份容器Create and manage backup containers inside backup fabrics of Recovery Services vault |
| Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action | 刷新容器列表Refreshes the container list |
| Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* | 创建和管理备份作业Create and manage backup jobs |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action | 导出作业Export Jobs |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* | 创建和管理备份管理操作的结果Create and manage Results of backup management operations |
| Microsoft.RecoveryServices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* | 创建和管理备份策略Create and manage backup policies |
| Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | 创建和管理可以备份的项Create and manage items which can be backed up |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* | 创建和管理备份项Create and manage backed up items |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* | 创建和管理保存备份项的容器Create and manage containers holding backup items |
| Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/* | |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read | 返回恢复服务的受保护项和受保护服务器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services . |
| Microsoft.RecoveryServices/Vaults/certificates/*Microsoft.RecoveryServices/Vaults/certificates/* | 创建和管理与恢复服务保管库中的备份相关的证书Create and manage certificates related to backup in Recovery Services vault |
| Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* | 创建和管理与保管库相关的扩展信息Create and manage extended info related to vault |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read | 获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* | 创建和管理已注册标识Create and manage registered identities |
| Microsoft.RecoveryServices/Vaults/usages/*Microsoft.RecoveryServices/Vaults/usages/* | 创建和管理恢复服务保管库的使用情况Create and manage usage of Recovery Services vault |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupconfig/*Microsoft.RecoveryServices/Vaults/backupconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action | 验证对受保护项的操作Validate Operation on Protected Item |
| Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write | “创建保管库”操作创建“vault”类型的 Azure 资源Create Vault operation creates an Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read | 返回恢复服务保管库的备份操作状态。Returns Backup Operation Status for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read | 返回使用保管库注册的所有备份管理服务器。Returns all the backup management servers registered with vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read | 获取所有可保护的容器Get all protectable containers |
| Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action | 检查恢复服务保管库的备份状态Check Backup Status for Recovery Services Vaults |
| Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action | |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action | 验证功能Validate Features |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write | 解决警报。Resolves the alert. |
| Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read | 操作返回资源提供程序的操作列表Operation returns the list of Operations for a Resource Provider |
| Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read | 获取给定操作的操作状态Gets Operation Status for a given Operation |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read | 列出所有备份保护意向List all backup Protection Intents |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backup service,but can't create vaults and give access to others",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
"name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/*",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/*",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/Vaults/usages/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
备份操作员Backup Operator
允许管理备份服务,但删除备份、创建保管库以及授予其他人访问权限除外Lets you manage backup services, except removal of backup, vault creation and giving access to others
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 获取虚拟网络定义Get the virtual network definition |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read | 返回操作状态Returns status of the operation |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read | 获取对保护容器执行的操作的结果。Gets result of Operation performed on Protection Container. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action | 对受保护的项执行备份。Performs Backup for Protected Item. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read | 获取对受保护项执行的操作的结果。Gets Result of Operation Performed on Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read | 返回对受保护项执行的操作的状态。Returns the status of Operation performed on Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | 返回受保护项的对象详细信息Returns object details of the Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action | 预配受保护项的即时项恢复Provision Instant Item Recovery for Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | 获取受保护项的恢复点。Get Recovery Points for Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action | 还原受保护项的恢复点。Restore Recovery Points for Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action | 吊销受保护项的即时项恢复Revoke Instant Item Recovery for Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write | 创建备份受保护项Create a backup Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read | 返回所有已注册的容器Returns all registered containers |
| Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action | 刷新容器列表Refreshes the container list |
| Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* | 创建和管理备份作业Create and manage backup jobs |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action | 导出作业Export Jobs |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* | 创建和管理备份管理操作的结果Create and manage Results of backup management operations |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read | 获取策略操作的结果。Get Results of Policy Operation. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read | 返回所有保护策略Returns all Protection Policies |
| Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | 创建和管理可以备份的项Create and manage items which can be backed up |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read | 返回所有受保护项的列表。Returns the list of all Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read | 返回属于订阅的所有容器Returns all containers belonging to the subscription |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read | 返回恢复服务的受保护项和受保护服务器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services . |
| Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write | “更新资源证书”操作更新资源/保管库凭据证书。The Update Resource Certificate operation updates the resource/vault credential certificate. |
| Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read | “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
| Microsoft.RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write | “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read | 获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | “获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read | “获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource. |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write | “注册服务容器”操作可用于向恢复服务注册容器。The Register Service Container operation can be used to register a container with Recovery Service. |
| Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action | 验证对受保护项的操作Validate Operation on Protected Item |
| Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read | 返回恢复服务保管库的备份操作状态。Returns Backup Operation Status for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read | 获取策略操作的状态。Get Status of Policy Operation. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write | 创建已注册的容器Creates a registered container |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action | 在容器内进行工作负载的查询Do inquiry for workloads within a container |
| Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read | 返回使用保管库注册的所有备份管理服务器。Returns all the backup management servers registered with vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write | 创建备份保护意向Create a backup Protection Intent |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read | 获取备份保护意向Get a backup Protection Intent |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read | 获取所有可保护的容器Get all protectable containers |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read | 获取容器中的所有项Get all items in a container |
| Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action | 检查恢复服务保管库的备份状态Check Backup Status for Recovery Services Vaults |
| Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action | |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action | 验证功能Validate Features |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write | 解决警报。Resolves the alert. |
| Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read | 操作返回资源提供程序的操作列表Operation returns the list of Operations for a Resource Provider |
| Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read | 获取给定操作的操作状态Gets Operation Status for a given Operation |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read | 列出所有备份保护意向List all backup Protection Intents |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
"name": "00c29273-979b-4161-815c-10b084fb9324",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/write",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
备份读取器Backup Reader
可以查看备份服务,但是不能进行更改Can view backup services, but can't make changes
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read | 返回操作状态Returns status of the operation |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read | 获取对保护容器执行的操作的结果。Gets result of Operation performed on Protection Container. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read | 获取对受保护项执行的操作的结果。Gets Result of Operation Performed on Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read | 返回对受保护项执行的操作的状态。Returns the status of Operation performed on Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | 返回受保护项的对象详细信息Returns object details of the Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | 获取受保护项的恢复点。Get Recovery Points for Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read | 返回所有已注册的容器Returns all registered containers |
| Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read | 返回作业操作的结果。Returns the Result of Job Operation. |
| Microsoft.RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read | 返回所有作业对象Returns all Job Objects |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action | 导出作业Export Jobs |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read | 返回恢复服务保管库的备份操作结果。Returns Backup Operation Result for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read | 获取策略操作的结果。Get Results of Policy Operation. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read | 返回所有保护策略Returns all Protection Policies |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read | 返回所有受保护项的列表。Returns the list of all Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read | 返回属于订阅的所有容器Returns all containers belonging to the subscription |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read | 返回恢复服务的受保护项和受保护服务器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services . |
| Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read | “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read | 获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault. |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | “获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read | “获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read | 返回恢复服务保管库的存储配置。Returns Storage Configuration for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read | 返回恢复服务保管库的配置。Returns Configuration for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read | 返回恢复服务保管库的备份操作状态。Returns Backup Operation Status for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read | 获取策略操作的状态。Get Status of Policy Operation. |
| Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read | 返回使用保管库注册的所有备份管理服务器。Returns all the backup management servers registered with vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read | 获取备份保护意向Get a backup Protection Intent |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read | 获取容器中的所有项Get all items in a container |
| Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action | 检查恢复服务保管库的备份状态Check Backup Status for Recovery Services Vaults |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write | 解决警报。Resolves the alert. |
| Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read | 操作返回资源提供程序的操作列表Operation returns the list of Operations for a Resource Provider |
| Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read | 获取给定操作的操作状态Gets Operation Status for a given Operation |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read | 列出所有备份保护意向List all backup Protection Intents |
| Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault. |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action | 验证功能Validate Features |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Can view backup services, but can't make changes",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
"name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/read",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
"Microsoft.RecoveryServices/Vaults/backupconfig/read",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
经典存储帐户参与者Classic Storage Account Contributor
允许管理经典存储帐户,但不允许对其进行访问。Lets you manage classic storage accounts, but not access to them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.ClassicStorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* | 创建和管理存储帐户Create and manage storage accounts |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic storage accounts, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicStorage/storageAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
经典存储帐户密钥操作员服务角色Classic Storage Account Key Operator Service Role
允许经典存储帐户密钥操作员在经典存储帐户上列出和再生成密钥Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts
| 操作Actions | |
| Microsoft.ClassicStorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action | 列出存储帐户的访问密钥。Lists the access keys for the storage accounts. |
| Microsoft.ClassicStorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action | 再生成存储帐户的现有访问密钥。Regenerates the existing access keys for the storage account. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"permissions": [
{
"actions": [
"Microsoft.ClassicStorage/storageAccounts/listkeys/action",
"Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Box 参与者Data Box Contributor
可让你管理 Data Box 服务下的所有内容,但不能向其他人授予访问权限。Lets you manage everything under Data Box Service except giving access to others.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| Microsoft.Databox/*Microsoft.Databox/* | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage everything under Data Box Service except giving access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
"name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Databox/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Box 读者Data Box Reader
可让你管理 Data Box 服务,但不能创建订单或编辑订单详细信息,以及向其他人授予访问权限。Lets you manage Data Box Service except creating order or editing order details and giving access to others.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Databox/*/readMicrosoft.Databox/*/read | |
| Microsoft.Databox/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action | |
| Microsoft.Databox/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action | 列出与订单相关的未加密凭据。Lists the unencrypted credentials related to the order. |
| Microsoft.Databox/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action | 此方法返回可用 SKU 列表。This method returns the list of available skus. |
| Microsoft.Databox/locations/validateInputs/actionMicrosoft.Databox/locations/validateInputs/action | 此方法执行所有类型的验证。This method does all type of validations. |
| Microsoft.Databox/locations/regionConfiguration/actionMicrosoft.Databox/locations/regionConfiguration/action | 此方法返回区域的配置。This method returns the configurations for the region. |
| Microsoft.Databox/locations/validateAddress/actionMicrosoft.Databox/locations/validateAddress/action | 验证送货地址,并提供备用地址(如有)。Validates the shipping address and provides alternate addresses if any. |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Databox/*/read",
"Microsoft.Databox/jobs/listsecrets/action",
"Microsoft.Databox/jobs/listcredentials/action",
"Microsoft.Databox/locations/availableSkus/action",
"Microsoft.Databox/locations/validateInputs/action",
"Microsoft.Databox/locations/regionConfiguration/action",
"Microsoft.Databox/locations/validateAddress/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Lake Analytics 开发人员Data Lake Analytics Developer
允许提交、监视和管理自己的作业,但是不允许创建或删除 Data Lake Analytics 帐户。Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.BigAnalytics/accounts/*Microsoft.BigAnalytics/accounts/* | |
| Microsoft.DataLakeAnalytics/accounts/*Microsoft.DataLakeAnalytics/accounts/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| Microsoft.BigAnalytics/accounts/DeleteMicrosoft.BigAnalytics/accounts/Delete | |
| Microsoft.BigAnalytics/accounts/TakeOwnership/actionMicrosoft.BigAnalytics/accounts/TakeOwnership/action | |
| Microsoft.BigAnalytics/accounts/WriteMicrosoft.BigAnalytics/accounts/Write | |
| Microsoft.DataLakeAnalytics/accounts/DeleteMicrosoft.DataLakeAnalytics/accounts/Delete | 删除 DataLakeAnalytics 帐户。Delete a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/TakeOwnership/actionMicrosoft.DataLakeAnalytics/accounts/TakeOwnership/action | 授予取消由其他用户提交的作业的权限。Grant permissions to cancel jobs submitted by other users. |
| Microsoft.DataLakeAnalytics/accounts/WriteMicrosoft.DataLakeAnalytics/accounts/Write | 创建或更新 DataLakeAnalytics 帐户。Create or update a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write | 获取或更新 DataLakeAnalytics 帐户的链接 DataLakeStore 帐户。Create or update a linked DataLakeStore account of a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete | 从 DataLakeAnalytics 帐户取消链接 DataLakeStore 帐户。Unlink a DataLakeStore account from a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/storageAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Write | 创建或更新 DataLakeAnalytics 帐户的链接存储帐户。Create or update a linked Storage account of a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/storageAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Delete | 从 DataLakeAnalytics 帐户取消链接存储帐户。Unlink a Storage account from a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/firewallRules/WriteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Write | 创建或更新防火墙规则。Create or update a firewall rule. |
| Microsoft.DataLakeAnalytics/accounts/firewallRules/DeleteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Delete | 删除防火墙规则。Delete a firewall rule. |
| Microsoft.DataLakeAnalytics/accounts/computePolicies/WriteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Write | 创建或更新计算策略。Create or update a compute policy. |
| Microsoft.DataLakeAnalytics/accounts/computePolicies/DeleteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Delete | 删除计算策略。Delete a compute policy. |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
"name": "47b7735b-770e-4598-a7da-8b91488b4c88",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.BigAnalytics/accounts/*",
"Microsoft.DataLakeAnalytics/accounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.BigAnalytics/accounts/Delete",
"Microsoft.BigAnalytics/accounts/TakeOwnership/action",
"Microsoft.BigAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
"Microsoft.DataLakeAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Lake Analytics Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
读取器和数据访问Reader and Data Access
允许查看所有内容,但不允许删除或创建存储帐户或包含的资源。Lets you view everything but will not let you delete or create a storage account or contained resource. 它还允许使用存储帐户密钥对存储帐户中包含的所有数据进行读/写访问。It will also allow read/write access to all data contained in a storage account via access to storage account keys.
| 操作Actions | |
| Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action | 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account. |
| Microsoft.Storage/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action | 返回指定存储帐户的帐户 SAS 令牌。Returns the Account SAS token for the specified storage account. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
"name": "c12c1c16-33a1-487b-954d-41c89c60f349",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/ListAccountSas/action",
"Microsoft.Storage/storageAccounts/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reader and Data Access",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
存储帐户参与者Storage Account Contributor
允许管理存储帐户。Permits management of storage accounts. 提供对帐户密钥的访问权限,而帐户密钥可以用来通过共享密钥授权对数据进行访问。Provides access to the account key, which can be used to access data via Shared Key authorization.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* | 创建、更新或读取 Analysis Server 的诊断设置Creates, updates, or reads the diagnostic setting for Analysis Server |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | 将存储帐户或 SQL 数据库等资源加入到子网。Joins resource such as storage account or SQL database to a subnet. 不可发出警报。Not alertable. |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* | 创建和管理存储帐户Create and manage storage accounts |
| Microsoft.Support/*Microsoft.Support/* | 创建和管理支持票证Create and manage support tickets |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
"name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
存储帐户密钥操作员服务角色Storage Account Key Operator Service Role
允许列出和重新生成存储帐户访问密钥。Permits listing and regenerating storage account access keys.
| 操作Actions | |
| Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action | 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account. |
| Microsoft.Storage/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action | 再生成指定存储帐户的访问密钥。Regenerates the access keys for the specified storage account. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
"name": "81a9662b-bebf-436f-a333-f67b29880f12",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
存储 Blob 数据参与者Storage Blob Data Contributor
读取、写入和删除 Azure 存储容器与 Blob。Read, write, and delete Azure Storage containers and blobs. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
| 操作Actions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete | 删除容器。Delete a container. |
| Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read | 返回容器或容器列表。Return a container or a list of containers. |
| Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write | 修改容器的元数据或属性。Modify a container's metadata or properties. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | 返回 Blob 服务的用户委托密钥。Returns a user delegation key for the Blob service. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete | 删除 Blob。Delete a blob. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | 返回 Blob 或 Blob 列表。Return a blob or a list of blobs. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write | 写入到 Blob。Write to a blob. |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write and delete access to Azure Storage blob containers and data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
存储 Blob 数据所有者Storage Blob Data Owner
提供对 Azure 存储 blob 容器和数据的完全访问权限,包括分配 POSIX 访问控制。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
| 操作Actions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* | 对容器的完全权限。Full permissions on containers. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | 返回 Blob 服务的用户委托密钥。Returns a user delegation key for the Blob service. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* | 对 Blob 的完全权限。Full permissions on blobs. |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/*",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
存储 Blob 数据读取者Storage Blob Data Reader
读取和列出 Azure 存储容器与 Blob。Read and list Azure Storage containers and blobs. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
| 操作Actions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read | 返回容器或容器列表。Return a container or a list of containers. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | 返回 Blob 服务的用户委托密钥。Returns a user delegation key for the Blob service. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | 返回 Blob 或 Blob 列表。Return a blob or a list of blobs. |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage blob containers and data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
存储 Blob 代理Storage Blob Delegator
获取用户委托密钥,该密钥随后可用来为通过 Azure AD 凭据签名的容器或 Blob 创建共享访问签名。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 有关详细信息,请参阅创建用户委托 SAS。For more information, see Create a user delegation SAS.
| 操作Actions | |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | 返回 Blob 服务的用户委托密钥。Returns a user delegation key for the Blob service. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| 无none | |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Blob Delegator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
存储文件数据 SMB 共享参与者Storage File Data SMB Share Contributor
允许对 Azure 文件共享中的文件/目录进行读取、写入和删除访问。Allows for read, write, and delete access on files/directories in Azure file shares. 此角色在 Windows 文件服务器上没有内置的等效角色。This role has no built-in equivalent on Windows file servers.
| 操作Actions | |
| 无none | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read | 返回某个文件/文件夹,或文件/文件夹列表。Returns a file/folder or a list of files/folders. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write | 返回写入文件或创建文件夹的结果。Returns the result of writing a file or creating a folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete | 返回删除文件/文件夹的结果。Returns the result of deleting a file/folder. |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
存储文件数据 SMB 共享的权限提升参与者Storage File Data SMB Share Elevated Contributor
允许读取、写入、删除和修改 Azure 文件共享中文件/目录上的 ACL。Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. 此角色等效于 Windows 文件服务器上的文件共享更改 ACL。This role is equivalent to a file share ACL of change on Windows file servers.
| 操作Actions | |
| 无none | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read | 返回某个文件/文件夹,或文件/文件夹列表。Returns a file/folder or a list of files/folders. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write | 返回写入文件或创建文件夹的结果。Returns the result of writing a file or creating a folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete | 返回删除文件/文件夹的结果。Returns the result of deleting a file/folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/actionMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action | 返回修改文件/文件夹权限的结果。Returns the result of modifying permission on a file/folder. |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
"name": "a7264617-510b-434b-a828-9731dc254ea7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Elevated Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
存储文件数据 SMB 共享读取者Storage File Data SMB Share Reader
允许对 Azure 文件共享中的文件/目录进行读取访问。Allows for read access on files/directories in Azure file shares. 此角色等效于 Windows 文件服务器上的文件共享读取 ACL。This role is equivalent to a file share ACL of read on Windows file servers.
| 操作Actions | |
| 无none | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read | 返回某个文件/文件夹,或文件/文件夹列表。Returns a file/folder or a list of files/folders. |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure File Share over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
"name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
存储队列数据参与者Storage Queue Data Contributor
读取、写入和删除 Azure 存储队列与队列消息。Read, write, and delete Azure Storage queues and queue messages. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
| 操作Actions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete | 删除队列。Delete a queue. |
| Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read | 返回队列或队列列表。Return a queue or a list of queues. |
| Microsoft.Storage/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write | 修改队列元数据或属性。Modify queue metadata or properties. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete | 从队列中删除一个或多个消息。Delete one or more messages from a queue. |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read | 扫视或检索队列中的一个或多个消息。Peek or retrieve one or more messages from a queue. |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write | 向队列添加消息。Add a message to a queue. |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/write"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
存储队列数据消息处理者Storage Queue Data Message Processor
在 Azure 存储队列中扫视、检索和删除消息。Peek, retrieve, and delete a message from an Azure Storage queue. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
| 操作Actions | |
| 无none | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read | 扫视消息。Peek a message. |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action | 检索和删除消息。Retrieve and delete a message. |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
"name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Processor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
存储队列数据消息发送者Storage Queue Data Message Sender
向 Azure 存储队列添加消息。Add messages to an Azure Storage queue. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
| 操作Actions | |
| 无none | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action | 向队列添加消息。Add a message to a queue. |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for sending of Azure Storage queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
存储队列数据读取者Storage Queue Data Reader
读取和列出 Azure 存储队列与队列消息。Read and list Azure Storage queues and queue messages. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
| 操作Actions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read | 返回队列或队列列表。Returns a queue or a list of queues. |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read | 扫视或检索队列中的一个或多个消息。Peek or retrieve one or more messages from a queue. |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage queues and queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
"name": "19e7f393-937e-4f77-808e-94535e297925",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
WebWeb
Azure Maps 数据读取器(预览版)Azure Maps Data Reader (Preview)
授予从 Azure Maps 帐户中读取相关数据的权限。Grants access to read map related data from an Azure maps account.
| 操作Actions | |
| 无none | |
| 不操作NotActions | |
| 无none | |
| DataActionsDataActions | |
| Microsoft.Maps/accounts/data/readMicrosoft.Maps/accounts/data/read | 授予对映射帐户的数据读权限。Grants data read access to a maps account. |
| NotDataActionsNotDataActions | |
| 无none |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read map related data from an Azure maps account.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
"name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Maps/accounts/data/read"
],
"notDataActions": []
}
],
"roleName": "Azure Maps Data Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
搜索服务参与者Search Service Contributor
允许管理搜索服务,但不允许访问这些服务。Lets you manage Search services, but not access to them.
| 操作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 读取角色和角色分配Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 创建和管理 Insights 警报规则Create and manage Insights alert rules |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 创建和管理资源组部署Create and manage resource group deployments |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。Gets or lists resource groups. |
| Microsoft.Search/searchServices/*Microsoft.Search/searchServices/* | 创建和管理搜索服务Create and manage search services |
| Microsoft.Support/*Microsoft.Support/* |