Azure AI + 机器学习内置角色
本文列出了“AI + 机器学习”类别的 Azure 内置角色。
Azure AI 企业网络连接审批者
可以批准与 Azure AI 通用依赖项资源的专用终结点连接
| 操作 | 说明 |
|---|---|
| Microsoft.ContainerRegistry/registries/privateEndpointConnectionsApproval/action | 自动批准专用终结点连接 |
| Microsoft.ContainerRegistry/registries/privateEndpointConnections/read | 获取专用终结点连接的属性,或列出指定容器注册表的所有专用终结点连接 |
| Microsoft.ContainerRegistry/registries/privateEndpointConnections/write | 批准/拒绝专用终结点连接 |
| Microsoft.Cache/redis/read | 在管理门户中查看 Redis 缓存的设置和配置 |
| Microsoft.Cache/redis/privateEndpointConnections/read | 读取专用终结点连接 |
| Microsoft.Cache/redis/privateEndpointConnections/write | 写入专用终结点连接 |
| Microsoft.Cache/redis/privateLinkResources/read | 读取专用链接可以连接到的 Redis 子资源的“groupId” |
| Microsoft.Cache/redis/privateEndpointConnectionsApproval/action | 审批专用终结点连接 |
| Microsoft.Cache/redisEnterprise/read | 在管理门户中查看 Redis Enterprise 缓存的设置和配置 |
| Microsoft.Cache/redisEnterprise/privateEndpointConnections/read | 读取专用终结点连接 |
| Microsoft.Cache/redisEnterprise/privateEndpointConnections/write | 写入专用终结点连接 |
| Microsoft.Cache/redisEnterprise/privateLinkResources/read | 读取专用链接可以连接到的 Redis 子资源的“groupId” |
| Microsoft.Cache/redisEnterprise/privateEndpointConnectionsApproval/action | 审批专用终结点连接 |
| Microsoft.CognitiveServices/accounts/read | 读取 API 帐户。 |
| Microsoft.CognitiveServices/accounts/privateEndpointConnections/read | 读取专用终结点连接。 |
| Microsoft.CognitiveServices/accounts/privateEndpointConnections/write | 写入专用终结点连接。 |
| Microsoft.CognitiveServices/accounts/privateLinkResources/read | 读取帐户的专用链接资源。 |
| Microsoft.DocumentDB/databaseAccounts/privateEndpointConnectionsApproval/action | 管理数据库帐户的专用终结点连接 |
| Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read | 读取专用终结点连接,或列出数据库帐户的所有专用终结点连接 |
| Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/write | 创建或更新数据库帐户的专用终结点连接 |
| Microsoft.DocumentDB/databaseAccounts/privateLinkResources/read | 读取专用链接资源,或列出数据库帐户的所有专用链接资源 |
| Microsoft.DocumentDB/databaseAccounts/read | 读取数据库帐户。 |
| Microsoft.KeyVault/vaults/privateEndpointConnectionsApproval/action | 批准或拒绝到 Microsoft.Network 提供程序的专用终结点资源的连接 |
| Microsoft.KeyVault/vaults/privateEndpointConnections/read | 查看到 Microsoft.Network 提供程序的专用终结点资源的连接状态 |
| Microsoft.KeyVault/vaults/privateEndpointConnections/write | 更改到 Microsoft.Network 提供程序的专用终结点资源的连接状态 |
| Microsoft.KeyVault/vaults/privateLinkResources/read | 获取密钥保管库的指定实例的可用专用链接资源 |
| Microsoft.KeyVault/vaults/read | 查看密钥保管库的属性 |
| Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionsApproval/action | 批准或拒绝到 Microsoft.Network 提供程序的专用终结点资源的连接 |
| Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read | 查看到 Microsoft.Network 提供程序的专用终结点资源的连接状态 |
| Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write | 更改到 Microsoft.Network 提供程序的专用终结点资源的连接状态 |
| Microsoft.MachineLearningServices/workspaces/privateLinkResources/read | 获取机器学习服务工作区的指定实例的可用专用链接资源 |
| Microsoft.MachineLearningServices/workspaces/read | 获取机器学习服务工作区 |
| Microsoft.Storage/storageAccounts/privateEndpointConnections/read | 获取专用终结点连接 |
| Microsoft.Storage/storageAccounts/privateEndpointConnections/write | 放置专用终结点连接 |
| Microsoft.Storage/storageAccounts/privateLinkResources/read | 获取 StorageAccount groupids |
| Microsoft.Storage/storageAccounts/read | 返回存储帐户的列表,或获取指定存储帐户的属性。 |
| Microsoft.Sql/servers/privateEndpointConnectionsApproval/action | 确定是否允许用户批准专用终结点连接 |
| Microsoft.Sql/servers/privateEndpointConnections/read | 返回专用终结点连接列表,或获取指定专用终结点连接的属性。 |
| Microsoft.Sql/servers/privateEndpointConnections/write | 批准或拒绝现有的专用终结点连接 |
| Microsoft.Sql/servers/privateLinkResources/read | 获取相应 SQL Server 的专用链接资源 |
| Microsoft.Sql/servers/read | 返回服务器列表,或获取指定服务器的属性。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Can approve private endpoint connections to Azure AI common dependency resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b556d68e-0be0-4f35-a333-ad7ee1ce17ea",
"name": "b556d68e-0be0-4f35-a333-ad7ee1ce17ea",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/privateEndpointConnectionsApproval/action",
"Microsoft.ContainerRegistry/registries/privateEndpointConnections/read",
"Microsoft.ContainerRegistry/registries/privateEndpointConnections/write",
"Microsoft.Cache/redis/read",
"Microsoft.Cache/redis/privateEndpointConnections/read",
"Microsoft.Cache/redis/privateEndpointConnections/write",
"Microsoft.Cache/redis/privateLinkResources/read",
"Microsoft.Cache/redis/privateEndpointConnectionsApproval/action",
"Microsoft.Cache/redisEnterprise/read",
"Microsoft.Cache/redisEnterprise/privateEndpointConnections/read",
"Microsoft.Cache/redisEnterprise/privateEndpointConnections/write",
"Microsoft.Cache/redisEnterprise/privateLinkResources/read",
"Microsoft.Cache/redisEnterprise/privateEndpointConnectionsApproval/action",
"Microsoft.CognitiveServices/accounts/read",
"Microsoft.CognitiveServices/accounts/privateEndpointConnections/read",
"Microsoft.CognitiveServices/accounts/privateEndpointConnections/write",
"Microsoft.CognitiveServices/accounts/privateLinkResources/read",
"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnectionsApproval/action",
"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read",
"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/write",
"Microsoft.DocumentDB/databaseAccounts/privateLinkResources/read",
"Microsoft.DocumentDB/databaseAccounts/read",
"Microsoft.KeyVault/vaults/privateEndpointConnectionsApproval/action",
"Microsoft.KeyVault/vaults/privateEndpointConnections/read",
"Microsoft.KeyVault/vaults/privateEndpointConnections/write",
"Microsoft.KeyVault/vaults/privateLinkResources/read",
"Microsoft.KeyVault/vaults/read",
"Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionsApproval/action",
"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read",
"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write",
"Microsoft.MachineLearningServices/workspaces/privateLinkResources/read",
"Microsoft.MachineLearningServices/workspaces/read",
"Microsoft.Storage/storageAccounts/privateEndpointConnections/read",
"Microsoft.Storage/storageAccounts/privateEndpointConnections/write",
"Microsoft.Storage/storageAccounts/privateLinkResources/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Sql/servers/privateEndpointConnectionsApproval/action",
"Microsoft.Sql/servers/privateEndpointConnections/read",
"Microsoft.Sql/servers/privateEndpointConnections/write",
"Microsoft.Sql/servers/privateLinkResources/read",
"Microsoft.Sql/servers/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure AI Enterprise Network Connection Approver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AzureML 计算操作员
可以在机器学习服务托管计算资源(包括笔记本 VM)上访问和执行 CRUD 操作。
| 操作 | 说明 |
|---|---|
| Microsoft.MachineLearningServices/workspaces/computes/* | |
| Microsoft.MachineLearningServices/workspaces/notebooks/vm/* | |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Can access and perform CRUD operations on Machine Learning Services managed compute resources (including Notebook VMs).",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e503ece1-11d0-4e8e-8e2c-7a6c3bf38815",
"name": "e503ece1-11d0-4e8e-8e2c-7a6c3bf38815",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/workspaces/computes/*",
"Microsoft.MachineLearningServices/workspaces/notebooks/vm/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AzureML Compute Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AzureML 数据科学家
可以在 Azure 机器学习工作区中执行所有操作,但创建或删除计算资源及修改工作区本身除外。
| 操作 | 说明 |
|---|---|
| Microsoft.MachineLearningServices/workspaces/*/read | |
| Microsoft.MachineLearningServices/workspaces/*/action | |
| Microsoft.MachineLearningServices/workspaces/*/delete | |
| Microsoft.MachineLearningServices/workspaces/*/write | |
| 不操作 | |
| Microsoft.MachineLearningServices/workspaces/delete | 删除机器学习服务工作区 |
| Microsoft.MachineLearningServices/workspaces/write | 创建或更新机器学习服务工作区 |
| Microsoft.MachineLearningServices/workspaces/computes/*/write | |
| Microsoft.MachineLearningServices/workspaces/computes/*/delete | |
| Microsoft.MachineLearningServices/workspaces/computes/listKeys/action | 列出机器学习服务工作区中的计算资源的机密 |
| Microsoft.MachineLearningServices/workspaces/listKeys/action | 列出机器学习服务工作区的机密 |
| Microsoft.MachineLearningServices/workspaces/hubs/write | 创建或更新机器学习服务中心工作区 |
| Microsoft.MachineLearningServices/workspaces/hubs/delete | 删除机器学习服务中心工作区 |
| Microsoft.MachineLearningServices/workspaces/featurestores/write | 创建或更新机器学习服务特征存储 |
| Microsoft.MachineLearningServices/workspaces/featurestores/delete | 删除机器学习服务特征存储 |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f6c7c914-8db3-469d-8ca1-694a8f32e121",
"name": "f6c7c914-8db3-469d-8ca1-694a8f32e121",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/workspaces/*/read",
"Microsoft.MachineLearningServices/workspaces/*/action",
"Microsoft.MachineLearningServices/workspaces/*/delete",
"Microsoft.MachineLearningServices/workspaces/*/write"
],
"notActions": [
"Microsoft.MachineLearningServices/workspaces/delete",
"Microsoft.MachineLearningServices/workspaces/write",
"Microsoft.MachineLearningServices/workspaces/computes/*/write",
"Microsoft.MachineLearningServices/workspaces/computes/*/delete",
"Microsoft.MachineLearningServices/workspaces/computes/listKeys/action",
"Microsoft.MachineLearningServices/workspaces/listKeys/action",
"Microsoft.MachineLearningServices/workspaces/hubs/write",
"Microsoft.MachineLearningServices/workspaces/hubs/delete",
"Microsoft.MachineLearningServices/workspaces/featurestores/write",
"Microsoft.MachineLearningServices/workspaces/featurestores/delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AzureML Data Scientist",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AzureML 指标编写器(预览版)
允许将指标写入 AzureML 工作区
| 操作 | 说明 |
|---|---|
| Microsoft.MachineLearningServices/workspaces/metrics/*/write | |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you write metrics to AzureML workspace",
"id": "/providers/Microsoft.Authorization/roleDefinitions/635dd51f-9968-44d3-b7fb-6d9a6bd613ae",
"name": "635dd51f-9968-44d3-b7fb-6d9a6bd613ae",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/workspaces/metrics/*/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AzureML Metrics Writer (preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AzureML 注册表用户
可对机器学习服务注册表资产执行所有操作,并获取注册表资源。
| 操作 | 说明 |
|---|---|
| Microsoft.MachineLearningServices/registries/read | 获取机器学习服务注册表 |
| Microsoft.MachineLearningServices/registries/assets/* | |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Can perform all actions on Machine Learning Services Registry assets as well as get Registry resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1823dd4f-9b8c-4ab6-ab4e-7397a3684615",
"name": "1823dd4f-9b8c-4ab6-ab4e-7397a3684615",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/registries/read",
"Microsoft.MachineLearningServices/registries/assets/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AzureML Registry User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务参与者
允许创建、读取、更新、删除和管理认知服务的密钥。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.CognitiveServices/* | |
| Microsoft.Features/features/read | 获取订阅的功能。 |
| Microsoft.Features/providers/features/read | 获取给定资源提供程序中某个订阅的功能。 |
| Microsoft.Features/providers/features/register/action | 在给定的资源提供程序中注册某个订阅的功能。 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.Insights/diagnosticSettings/* | 创建、更新或读取 Analysis Server 的诊断设置 |
| Microsoft.Insights/logDefinitions/read | 读取日志定义 |
| Microsoft.Insights/metricdefinitions/read | 读取指标定义 |
| Microsoft.Insights/metrics/read | 添加指标 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/deployments/operations/read | 获取或列出部署操作。 |
| Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
| Microsoft.Resources/subscriptions/read | 获取订阅的列表。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.CognitiveServices/*",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Features/providers/features/register/action",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cognitive Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉参与者
对项目的完全访问权限,包括可以查看、创建、编辑或删除项目。
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/CustomVision/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Full access to the project, including the ability to view, create, edit, or delete projects.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
"name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Custom Vision Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉部署
发布、取消发布或导出模型。 部署可以查看项目,但不能更新项目。
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/CustomVision/*/read | |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/* | |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/* | |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/* | |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/* | |
| Microsoft.CognitiveServices/accounts/CustomVision/classify/* | |
| Microsoft.CognitiveServices/accounts/CustomVision/detect/* | |
| NotDataActions | |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 导出项目。 |
{
"assignableScopes": [
"/"
],
"description": "Publish, unpublish or export models. Deployment can view the project but can't update.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f",
"name": "5c4089e1-6d96-4d2f-b296-c1bc7137275f",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*",
"Microsoft.CognitiveServices/accounts/CustomVision/classify/*",
"Microsoft.CognitiveServices/accounts/CustomVision/detect/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Deployment",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉标记者
查看、编辑训练图像,创建、添加、移除或删除图像标记。 标记者可以查看项目,但不能更新除训练图像和标记以外的任何内容。
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/CustomVision/*/read | |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action | 获取已发送到预测终结点的图像。 |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/images/* | |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/* | |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/* | |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action | 此 API 获取未标记图像数组/批的建议标记和区域,以及标记的置信度。 如果未找到标记,则返回空数组。 |
| NotDataActions | |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 导出项目。 |
{
"assignableScopes": [
"/"
],
"description": "View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c",
"name": "88424f51-ebe7-446f-bc41-7fa16989e96c",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Labeler",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉读取者
只读项目中的操作。 读取者不能创建或更新项目。
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/CustomVision/*/read | |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action | 获取已发送到预测终结点的图像。 |
| NotDataActions | |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 导出项目。 |
{
"assignableScopes": [
"/"
],
"description": "Read-only actions in the project. Readers can't create or update the project.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/93586559-c37d-4a6b-ba08-b9f0940c2d73",
"name": "93586559-c37d-4a6b-ba08-b9f0940c2d73",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉训练者
查看、编辑项目和训练模型,包括可以发布、取消发布、导出模型。 训练者不能创建或删除项目。
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/CustomVision/* | |
| NotDataActions | |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/action | 创建项目。 |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/delete | 删除特定的项目。 |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action | 导入项目。 |
| Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 导出项目。 |
{
"assignableScopes": [
"/"
],
"description": "View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can't create or delete the project.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
"name": "0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/delete",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Trainer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务数据读取者(预览版)
允许读取认知服务数据。
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/*/read | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you read Cognitive Services data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
"name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Data Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务人脸识别者
让你可以在人脸 API 上执行“检测”、“验证”、“识别”、“分组”和“查找相似”等操作。 此角色不允许创建或删除操作,因此非常适合只需要对功能进行推理、遵循“最小特权”最佳做法的终结点。
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/Face/detect/action | 检测图像中的人脸,返回人脸矩形以及可选的 faceId、地标和属性。 |
| Microsoft.CognitiveServices/accounts/Face/verify/action | 验证两张人脸是否属于同一个人,或者一张人脸是否属于某一个人。 |
| Microsoft.CognitiveServices/accounts/Face/identify/action | 一对多的识别,用于在人员组或大型人员组中查找与特定查询人脸最接近的匹配项。 |
| Microsoft.CognitiveServices/accounts/Face/group/action | 根据人脸相似性将候选人脸划分为组。 |
| Microsoft.CognitiveServices/accounts/Face/findsimilars/action | 给定查询人脸的 faceId,用于在 faceId 数组、人脸列表或大型人脸列表中搜索类似的人脸。 faceId |
| Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action | 在一个红外、颜色和/或深度的图像序列中对目标人脸执行活动检测,并将目标人脸的活动分类返回为“真实人脸”、“假冒人脸”或“不确定”(如果无法使用给定输入进行分类)。 |
| Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action | 在相同模态(例如颜色或红外)的图像序列中对目标人脸执行活动检测,并将目标人脸的活动分类返回为“真实人脸”、“假冒人脸”或“不确定”(如果无法使用给定输入进行分类)。 |
| Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action | 在一系列相同流类型(如颜色)的图像中检测目标人脸的活动,然后与 VerifyImage 进行比较以返回标识方案的置信度得分。 |
| Microsoft.CognitiveServices/accounts/Face/*/sessions/action | |
| Microsoft.CognitiveServices/accounts/Face/*/sessions/delete | |
| Microsoft.CognitiveServices/accounts/Face/*/sessions/read | |
| Microsoft.CognitiveServices/accounts/Face/*/sessions/audit/read | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/9894cab4-e18a-44aa-828b-cb588cd6f2d7",
"name": "9894cab4-e18a-44aa-828b-cb588cd6f2d7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/Face/detect/action",
"Microsoft.CognitiveServices/accounts/Face/verify/action",
"Microsoft.CognitiveServices/accounts/Face/identify/action",
"Microsoft.CognitiveServices/accounts/Face/group/action",
"Microsoft.CognitiveServices/accounts/Face/findsimilars/action",
"Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action",
"Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action",
"Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/action",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/delete",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/read",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/audit/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Face Recognizer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务沉浸式阅读器用户
提供对于创建沉浸式阅读器会话和调用 API 的访问权限
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/ImmersiveReader/getcontentmodelforreader/action | 创建沉浸式阅读器会话 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Provides access to create Immersive Reader sessions and call APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b2de6794-95db-4659-8781-7e080d3f2b9d",
"name": "b2de6794-95db-4659-8781-7e080d3f2b9d",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/ImmersiveReader/getcontentmodelforreader/action"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Immersive Reader User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务语言所有者
有权访问语言门户下的所有读取、测试、写入、部署和删除功能
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| Microsoft.CognitiveServices/accounts/listkeys/action | 列出密钥 |
| Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
| Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/LanguageAuthoring/* | |
| Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/* | |
| Microsoft.CognitiveServices/accounts/Language/* | |
| Microsoft.CognitiveServices/accounts/TextAnalytics/* | |
| NotDataActions | |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/* |
{
"assignableScopes": [
"/"
],
"description": "Has access to all Read, Test, Write, Deploy and Delete functions under Language portal",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f07febfe-79bc-46b1-8b37-790e26e6e498",
"name": "f07febfe-79bc-46b1-8b37-790e26e6e498",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/listkeys/action",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/LanguageAuthoring/*",
"Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*",
"Microsoft.CognitiveServices/accounts/Language/*",
"Microsoft.CognitiveServices/accounts/TextAnalytics/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*"
]
}
],
"roleName": "Cognitive Services Language Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务语言读取者
有权访问语言门户下的读取和测试函数
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
| Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/LanguageAuthoring/*/read | |
| Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*/read | |
| Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/export/action | 触发作业以采用 JSON 格式导出项目数据。 |
| Microsoft.CognitiveServices/accounts/Language/*/read | |
| Microsoft.CognitiveServices/accounts/Language/*/projects/export/action | |
| Microsoft.CognitiveServices/accounts/Language/query-text/action | 答案文本。 |
| Microsoft.CognitiveServices/accounts/Language/query-dataverse/action | 查询 Dataverse。 |
| Microsoft.CognitiveServices/accounts/Language/analyze-text/jobs/action | 提交用于分析的文本文档的集合。 指定一个或多个要执行的唯一任务。 |
| Microsoft.CognitiveServices/accounts/Language/analyze-text/action | 提交用于分析的文本文档的集合。 指定要立即执行的单个唯一任务。 |
| Microsoft.CognitiveServices/accounts/Language/analyze-text/jobscancel/action | 取消长时间运行的文本分析作业。 |
| Microsoft.CognitiveServices/accounts/Language/analyze-conversations/action | 分析输入对话。 |
| Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobscancel/action | 取消对话中长时间运行的分析作业。 |
| Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobs/action | 提交长时间对话进行分析。 指定要作为长时间运行的操作执行的一个或多个唯一任务。 |
| Microsoft.CognitiveServices/accounts/Language/query-knowledgebases/action | 答案知识库。 |
| Microsoft.CognitiveServices/accounts/Language/generate/action | 语言生成。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/* | |
| NotDataActions | |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/* |
{
"assignableScopes": [
"/"
],
"description": "Has access to Read and Test functions under Language portal",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7628b7b8-a8b2-4cdc-b46f-e9b35248918e",
"name": "7628b7b8-a8b2-4cdc-b46f-e9b35248918e",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/LanguageAuthoring/*/read",
"Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*/read",
"Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/export/action",
"Microsoft.CognitiveServices/accounts/Language/*/read",
"Microsoft.CognitiveServices/accounts/Language/*/projects/export/action",
"Microsoft.CognitiveServices/accounts/Language/query-text/action",
"Microsoft.CognitiveServices/accounts/Language/query-dataverse/action",
"Microsoft.CognitiveServices/accounts/Language/analyze-text/jobs/action",
"Microsoft.CognitiveServices/accounts/Language/analyze-text/action",
"Microsoft.CognitiveServices/accounts/Language/analyze-text/jobscancel/action",
"Microsoft.CognitiveServices/accounts/Language/analyze-conversations/action",
"Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobscancel/action",
"Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobs/action",
"Microsoft.CognitiveServices/accounts/Language/query-knowledgebases/action",
"Microsoft.CognitiveServices/accounts/Language/generate/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*"
]
}
],
"roleName": "Cognitive Services Language Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务语言写入者
有权访问语言门户下的所有读取、测试和写入功能
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
| Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/LanguageAuthoring/* | |
| Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/* | |
| Microsoft.CognitiveServices/accounts/Language/* | |
| Microsoft.CognitiveServices/accounts/TextAnalytics/* | |
| NotDataActions | |
| Microsoft.CognitiveServices/accounts/LanguageAuthoring/projects/publish/action | 触发发布作业。 |
| Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/deployments/write | 触发作业以创建新部署或替换现有部署。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/* | |
| Microsoft.CognitiveServices/accounts/Language/*/projects/delete | |
| Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/write | |
| Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/delete | |
| Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/swap/action |
{
"assignableScopes": [
"/"
],
"description": " Has access to all Read, Test, and Write functions under Language Portal",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f2310ca1-dc64-4889-bb49-c8e0fa3d47a8",
"name": "f2310ca1-dc64-4889-bb49-c8e0fa3d47a8",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/LanguageAuthoring/*",
"Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*",
"Microsoft.CognitiveServices/accounts/Language/*",
"Microsoft.CognitiveServices/accounts/TextAnalytics/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/LanguageAuthoring/projects/publish/action",
"Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/deployments/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*",
"Microsoft.CognitiveServices/accounts/Language/*/projects/delete",
"Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/write",
"Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/delete",
"Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/swap/action"
]
}
],
"roleName": "Cognitive Services Language Writer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 LUIS 所有者
有权访问 LUIS 下的所有读取、测试、写入、部署和删除功能
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| Microsoft.CognitiveServices/accounts/listkeys/action | 列出密钥 |
| Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
| Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/LUIS/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": " Has access to all Read, Test, Write, Deploy and Delete functions under LUIS",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f72c8140-2111-481c-87ff-72b910f6e3f8",
"name": "f72c8140-2111-481c-87ff-72b910f6e3f8",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/listkeys/action",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/LUIS/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services LUIS Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 LUIS 读者
有权访问 LUIS 下的读取和测试功能。
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
| Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/LUIS/*/read | |
| Microsoft.CognitiveServices/accounts/LUIS/apps/testdatasets/write | 更新给定应用程序的现有批处理测试数据集最近完成的测试结果。 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Has access to Read and Test functions under LUIS.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/18e81cdc-4e98-4e29-a639-e7d10c5a6226",
"name": "18e81cdc-4e98-4e29-a639-e7d10c5a6226",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/LUIS/*/read",
"Microsoft.CognitiveServices/accounts/LUIS/apps/testdatasets/write"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services LUIS Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 LUIS 写入者
有权访问 LUIS 下的所有读取、测试和写入功能
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
| Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/LUIS/* | |
| NotDataActions | |
| Microsoft.CognitiveServices/accounts/LUIS/apps/delete | 删除应用程序。 |
| Microsoft.CognitiveServices/accounts/LUIS/apps/move/action | 将应用移到其他 LUIS 创作 Azure 资源。 |
| Microsoft.CognitiveServices/accounts/LUIS/apps/publish/action | 发布应用程序的特定版本。 |
| Microsoft.CognitiveServices/accounts/LUIS/apps/settings/write | 更新应用程序设置 |
| Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/action | 为应用程序分配一个 Azure 帐户。 |
| Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/delete | 使用用户的 Azure 资源管理器令牌获取该用户的 LUIS Azure 帐户。 |
{
"assignableScopes": [
"/"
],
"description": "Has access to all Read, Test, and Write functions under LUIS",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6322a993-d5c9-4bed-b113-e49bbea25b27",
"name": "6322a993-d5c9-4bed-b113-e49bbea25b27",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/LUIS/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/LUIS/apps/delete",
"Microsoft.CognitiveServices/accounts/LUIS/apps/move/action",
"Microsoft.CognitiveServices/accounts/LUIS/apps/publish/action",
"Microsoft.CognitiveServices/accounts/LUIS/apps/settings/write",
"Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/action",
"Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/delete"
]
}
],
"roleName": "Cognitive Services LUIS Writer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务指标顾问管理员
拥有对项目的完全访问权限,包括系统级配置。
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/MetricsAdvisor/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Full access to the project, including the system level configuration.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cb43c632-a144-4ec5-977c-e80c4affc34a",
"name": "cb43c632-a144-4ec5-977c-e80c4affc34a",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/MetricsAdvisor/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Metrics Advisor Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务指标顾问用户
对项目的访问权限。
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/MetricsAdvisor/* | |
| NotDataActions | |
| Microsoft.CognitiveServices/accounts/MetricsAdvisor/stats/* |
{
"assignableScopes": [
"/"
],
"description": "Access to the project.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3b20f47b-3825-43cb-8114-4bd2201156a8",
"name": "3b20f47b-3825-43cb-8114-4bd2201156a8",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/MetricsAdvisor/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/MetricsAdvisor/stats/*"
]
}
],
"roleName": "Cognitive Services Metrics Advisor User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 OpenAI 参与者
完全访问权限,包括微调、部署和生成文本的功能
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| Microsoft.CognitiveServices/accounts/deployments/write | 写入部署。 |
| Microsoft.CognitiveServices/accounts/deployments/delete | 删除部署。 |
| Microsoft.CognitiveServices/accounts/raiPolicies/read | 获取帐户下的所有适用策略,包括默认策略。 |
| Microsoft.CognitiveServices/accounts/raiPolicies/write | 创建或更新自定义负责任 AI 策略。 |
| Microsoft.CognitiveServices/accounts/raiPolicies/delete | 删除现有部署未引用的自定义负责任 AI 策略。 |
| Microsoft.CognitiveServices/accounts/commitmentplans/read | 读取承诺计划。 |
| Microsoft.CognitiveServices/accounts/commitmentplans/write | 写入承诺计划。 |
| Microsoft.CognitiveServices/accounts/commitmentplans/delete | 删除承诺计划。 |
| Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
| Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/OpenAI/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Full access including the ability to fine-tune, deploy and generate text",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a001fd3d-188f-4b5d-821b-7da978bf7442",
"name": "a001fd3d-188f-4b5d-821b-7da978bf7442",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/deployments/write",
"Microsoft.CognitiveServices/accounts/deployments/delete",
"Microsoft.CognitiveServices/accounts/raiPolicies/read",
"Microsoft.CognitiveServices/accounts/raiPolicies/write",
"Microsoft.CognitiveServices/accounts/raiPolicies/delete",
"Microsoft.CognitiveServices/accounts/commitmentplans/read",
"Microsoft.CognitiveServices/accounts/commitmentplans/write",
"Microsoft.CognitiveServices/accounts/commitmentplans/delete",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services OpenAI Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 OpenAI 用户
查看文件、模型、部署的读取访问权限。 创建完成操作和嵌入调用的功能。
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
| Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/OpenAI/*/read | |
| Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action | 从所选模型创建完成 |
| Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action | 使用当前引擎搜索最相关的文档。 |
| Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action | (仅适用于浏览器。)通过 GET 请求从模型流式传输生成的文本。 之所以提供此方法,是因为浏览器原生 EventSource 方法只能发送 GET 请求。 它支持比 POST 变体更有限的一组配置选项。 |
| Microsoft.CognitiveServices/accounts/OpenAI/deployments/audio/action | 返回给定音频文件的脚本或翻译。 |
| Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action | 使用当前引擎搜索最相关的文档。 |
| Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action | 从所选模型创建完成操作。 |
| Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action | 为聊天消息创建完成操作 |
| Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action | 使用扩展为聊天消息创建完成操作 |
| Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action | 返回给定提示的嵌入。 |
| Microsoft.CognitiveServices/accounts/OpenAI/images/generations/action | 创建映像代系。 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Ability to view files, models, deployments. Readers can't make any changes They can inference and create images",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5e0bd9bd-7b93-4f28-af87-19fc36ad61bd",
"name": "5e0bd9bd-7b93-4f28-af87-19fc36ad61bd",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*/read",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/audio/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action",
"Microsoft.CognitiveServices/accounts/OpenAI/images/generations/action"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services OpenAI User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 QnA Maker 编辑者
允许你创建、编辑、导入和导出知识库。 但不能发布或删除知识库。
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
| Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
| Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read | 下载知识库。 |
| Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write | 用于创建新知识库的异步操作。 |
| Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write | 用于修改知识库或替换知识库内容的异步操作。 |
| Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
| Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action | 用于将建议添加到知识库的 Train 调用。 |
| Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read | 从运行时下载更改。 |
| Microsoft.CognitiveServices/accounts/QnAMaker/alterations/write | 替换更改数据。 |
| Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read | 获取终结点的终结点密钥 |
| Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action | 重新生成终结点密钥。 |
| Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read | 获取终结点的终结点设置 |
| Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write | 更新终结点的终结点设置。 |
| Microsoft.CognitiveServices/accounts/QnAMaker/operations/read | 获取特定的长时间运行的操作的详细信息。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read | 下载知识库。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write | 用于创建新知识库的异步操作。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write | 用于修改知识库或替换知识库内容的异步操作。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action | 用于将建议添加到知识库的 Train 调用。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read | 从运行时下载更改。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/write | 替换更改数据。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read | 获取终结点的终结点密钥 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action | 重新生成终结点密钥。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read | 获取终结点的终结点设置 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write | 更新终结点的终结点设置。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read | 获取特定的长时间运行的操作的详细信息。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read | 下载知识库。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write | 用于创建新知识库的异步操作。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write | 用于修改知识库或替换知识库内容的异步操作。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action | 用于将建议添加到知识库的 Train 调用。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read | 从运行时下载更改。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/write | 替换更改数据。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read | 获取终结点的终结点密钥 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action | 重新生成终结点密钥。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read | 获取终结点的终结点设置 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write | 更新终结点的终结点设置。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read | 获取特定的长时间运行的操作的详细信息。 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Let's you create, edit, import and export a KB. You cannot publish or delete a KB.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f4cc2bf9-21be-47a1-bdf1-5c5804381025",
"name": "f4cc2bf9-21be-47a1-bdf1-5c5804381025",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/operations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services QnA Maker Editor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 QnA Maker 读取者
只能读取和测试知识库。
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
| Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
| Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read | 下载知识库。 |
| Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
| Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read | 从运行时下载更改。 |
| Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read | 获取终结点的终结点密钥 |
| Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read | 获取终结点的终结点设置 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read | 下载知识库。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read | 从运行时下载更改。 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read | 获取终结点的终结点密钥 |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read | 获取终结点的终结点设置 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read | 下载知识库。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read | 从运行时下载更改。 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read | 获取终结点的终结点密钥 |
| Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read | 获取终结点的终结点设置 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Let's you read and test a KB only.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/466ccd10-b268-4a11-b098-b4849f024126",
"name": "466ccd10-b268-4a11-b098-b4849f024126",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services QnA Maker Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务语音参与者
针对实时语音识别和批量听录任务、实时语音合成和长音频任务、自定义语音和自定义语音的语音项目(包括读取、写入和删除所有实体)的完全访问权限。
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
| Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/SpeechServices/* | |
| Microsoft.CognitiveServices/accounts/CustomVoice/* | |
| Microsoft.CognitiveServices/accounts/AudioContentCreation/* | |
| Microsoft.CognitiveServices/accounts/VideoTranslation/* | |
| Microsoft.CognitiveServices/accounts/CustomAvatar/* | |
| Microsoft.CognitiveServices/accounts/BatchAvatar/* | |
| Microsoft.CognitiveServices/accounts/BatchTextToSpeech/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0e75ca1e-0464-4b4d-8b93-68208a576181",
"name": "0e75ca1e-0464-4b4d-8b93-68208a576181",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/SpeechServices/*",
"Microsoft.CognitiveServices/accounts/CustomVoice/*",
"Microsoft.CognitiveServices/accounts/AudioContentCreation/*",
"Microsoft.CognitiveServices/accounts/VideoTranslation/*",
"Microsoft.CognitiveServices/accounts/CustomAvatar/*",
"Microsoft.CognitiveServices/accounts/BatchAvatar/*",
"Microsoft.CognitiveServices/accounts/BatchTextToSpeech/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Speech Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务语音用户
访问实时语音识别和批量听录 API、实时语音合成和长音频 API,以及读取自定义模型的数据/测试/模型/终结点,但无法创建、删除或修改自定义模型的数据/测试/模型/终结点。
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
| Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/SpeechServices/*/read | |
| Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/read | |
| Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/write | |
| Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/delete | |
| Microsoft.CognitiveServices/accounts/SpeechServices/*/frontend/action | |
| Microsoft.CognitiveServices/accounts/SpeechServices/text-dependent/*/action | |
| Microsoft.CognitiveServices/accounts/SpeechServices/text-independent/*/action | |
| Microsoft.CognitiveServices/accounts/CustomVoice/*/read | |
| Microsoft.CognitiveServices/accounts/CustomVoice/evaluations/* | |
| Microsoft.CognitiveServices/accounts/CustomVoice/longaudiosynthesis/* | |
| Microsoft.CognitiveServices/accounts/AudioContentCreation/* | |
| Microsoft.CognitiveServices/accounts/VideoTranslation/* | |
| Microsoft.CognitiveServices/accounts/CustomAvatar/*/read | |
| Microsoft.CognitiveServices/accounts/BatchAvatar/* | |
| Microsoft.CognitiveServices/accounts/BatchTextToSpeech/* | |
| NotDataActions | |
| Microsoft.CognitiveServices/accounts/CustomVoice/datasets/files/read | 获取由指定的 ID 标识的数据集的列表。 |
| Microsoft.CognitiveServices/accounts/CustomVoice/datasets/utterances/read | 获取指定训练集的言语。 |
{
"assignableScopes": [
"/"
],
"description": "Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f2dc8367-1007-4938-bd23-fe263f013447",
"name": "f2dc8367-1007-4938-bd23-fe263f013447",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/SpeechServices/*/read",
"Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/read",
"Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/write",
"Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/delete",
"Microsoft.CognitiveServices/accounts/SpeechServices/*/frontend/action",
"Microsoft.CognitiveServices/accounts/SpeechServices/text-dependent/*/action",
"Microsoft.CognitiveServices/accounts/SpeechServices/text-independent/*/action",
"Microsoft.CognitiveServices/accounts/CustomVoice/*/read",
"Microsoft.CognitiveServices/accounts/CustomVoice/evaluations/*",
"Microsoft.CognitiveServices/accounts/CustomVoice/longaudiosynthesis/*",
"Microsoft.CognitiveServices/accounts/AudioContentCreation/*",
"Microsoft.CognitiveServices/accounts/VideoTranslation/*",
"Microsoft.CognitiveServices/accounts/CustomAvatar/*/read",
"Microsoft.CognitiveServices/accounts/BatchAvatar/*",
"Microsoft.CognitiveServices/accounts/BatchTextToSpeech/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVoice/datasets/files/read",
"Microsoft.CognitiveServices/accounts/CustomVoice/datasets/utterances/read"
]
}
],
"roleName": "Cognitive Services Speech User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务使用情况读取者
查看认知服务使用情况的最小权限。
| 操作 | 说明 |
|---|---|
| Microsoft.CognitiveServices/locations/usages/read | 读取所有使用情况数据 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Minimal permission to view Cognitive Services usages.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/bba48692-92b0-4667-a9ad-c31c7b334ac2",
"name": "bba48692-92b0-4667-a9ad-c31c7b334ac2",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/locations/usages/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cognitive Services Usages Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务用户
允许读取和列出认知服务的密钥。
| 操作 | 描述 |
|---|---|
| Microsoft.CognitiveServices/*/read | |
| Microsoft.CognitiveServices/accounts/listkeys/action | 列出密钥 |
| Microsoft.Insights/alertRules/read | 读取经典指标警报 |
| Microsoft.Insights/diagnosticSettings/read | 读取资源诊断设置 |
| Microsoft.Insights/logDefinitions/read | 读取日志定义 |
| Microsoft.Insights/metricdefinitions/read | 读取指标定义 |
| Microsoft.Insights/metrics/read | 添加指标 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
| Microsoft.Resources/deployments/operations/read | 获取或列出部署操作。 |
| Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
| Microsoft.Resources/subscriptions/read | 获取订阅的列表。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.CognitiveServices/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and list keys of Cognitive Services.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
"name": "a97b65f3-24c7-4388-baec-2e87135dc908",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/listkeys/action",
"Microsoft.Insights/alertRules/read",
"Microsoft.Insights/diagnosticSettings/read",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
搜索索引数据参与者
授予对 Azure 认知搜索索引数据的完全访问权限。
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Search/searchServices/indexes/documents/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to Azure Cognitive Search index data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7",
"name": "8ebe5a00-799e-43f5-93ac-243d3dce84a7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Search/searchServices/indexes/documents/*"
],
"notDataActions": []
}
],
"roleName": "Search Index Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
搜索索引数据读取者
授予对 Azure 认知搜索索引数据的读取访问权限。
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Search/searchServices/indexes/documents/read | 从索引中读取文档或建议的查询词。 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Grants read access to Azure Cognitive Search index data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f",
"name": "1407120a-92aa-4202-b7e9-c0e197c71c8f",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Search/searchServices/indexes/documents/read"
],
"notDataActions": []
}
],
"roleName": "Search Index Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
搜索服务参与者
允许管理搜索服务,但不允许访问这些服务。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Search/searchServices/* | 创建和管理搜索服务 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Search services, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Search/searchServices/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Search Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}