Azure AI + 机器学习内置角色
本文列出了“AI + 机器学习”类别的 Azure 内置角色。
Azure AI 企业网络连接审批者
可以批准与 Azure AI 通用依赖项资源的专用终结点连接
操作 | 说明 |
---|---|
Microsoft.ContainerRegistry/registries/privateEndpointConnectionsApproval/action | 自动批准专用终结点连接 |
Microsoft.ContainerRegistry/registries/privateEndpointConnections/read | 获取专用终结点连接的属性,或列出指定容器注册表的所有专用终结点连接 |
Microsoft.ContainerRegistry/registries/privateEndpointConnections/write | 批准/拒绝专用终结点连接 |
Microsoft.Cache/redis/read | 在管理门户中查看 Redis 缓存的设置和配置 |
Microsoft.Cache/redis/privateEndpointConnections/read | 读取专用终结点连接 |
Microsoft.Cache/redis/privateEndpointConnections/write | 写入专用终结点连接 |
Microsoft.Cache/redis/privateLinkResources/read | 读取专用链接可以连接到的 Redis 子资源的“groupId” |
Microsoft.Cache/redis/privateEndpointConnectionsApproval/action | 审批专用终结点连接 |
Microsoft.Cache/redisEnterprise/read | 在管理门户中查看 Redis Enterprise 缓存的设置和配置 |
Microsoft.Cache/redisEnterprise/privateEndpointConnections/read | 读取专用终结点连接 |
Microsoft.Cache/redisEnterprise/privateEndpointConnections/write | 写入专用终结点连接 |
Microsoft.Cache/redisEnterprise/privateLinkResources/read | 读取专用链接可以连接到的 Redis 子资源的“groupId” |
Microsoft.Cache/redisEnterprise/privateEndpointConnectionsApproval/action | 审批专用终结点连接 |
Microsoft.CognitiveServices/accounts/read | 读取 API 帐户。 |
Microsoft.CognitiveServices/accounts/privateEndpointConnections/read | 读取专用终结点连接。 |
Microsoft.CognitiveServices/accounts/privateEndpointConnections/write | 写入专用终结点连接。 |
Microsoft.CognitiveServices/accounts/privateLinkResources/read | 读取帐户的专用链接资源。 |
Microsoft.DocumentDB/databaseAccounts/privateEndpointConnectionsApproval/action | 管理数据库帐户的专用终结点连接 |
Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read | 读取专用终结点连接,或列出数据库帐户的所有专用终结点连接 |
Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/write | 创建或更新数据库帐户的专用终结点连接 |
Microsoft.DocumentDB/databaseAccounts/privateLinkResources/read | 读取专用链接资源,或列出数据库帐户的所有专用链接资源 |
Microsoft.DocumentDB/databaseAccounts/read | 读取数据库帐户。 |
Microsoft.KeyVault/vaults/privateEndpointConnectionsApproval/action | 批准或拒绝到 Microsoft.Network 提供程序的专用终结点资源的连接 |
Microsoft.KeyVault/vaults/privateEndpointConnections/read | 查看到 Microsoft.Network 提供程序的专用终结点资源的连接状态 |
Microsoft.KeyVault/vaults/privateEndpointConnections/write | 更改到 Microsoft.Network 提供程序的专用终结点资源的连接状态 |
Microsoft.KeyVault/vaults/privateLinkResources/read | 获取密钥保管库的指定实例的可用专用链接资源 |
Microsoft.KeyVault/vaults/read | 查看密钥保管库的属性 |
Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionsApproval/action | 批准或拒绝到 Microsoft.Network 提供程序的专用终结点资源的连接 |
Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read | 查看到 Microsoft.Network 提供程序的专用终结点资源的连接状态 |
Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write | 更改到 Microsoft.Network 提供程序的专用终结点资源的连接状态 |
Microsoft.MachineLearningServices/workspaces/privateLinkResources/read | 获取机器学习服务工作区的指定实例的可用专用链接资源 |
Microsoft.MachineLearningServices/workspaces/read | 获取机器学习服务工作区 |
Microsoft.Storage/storageAccounts/privateEndpointConnections/read | 获取专用终结点连接 |
Microsoft.Storage/storageAccounts/privateEndpointConnections/write | 放置专用终结点连接 |
Microsoft.Storage/storageAccounts/privateLinkResources/read | 获取 StorageAccount groupids |
Microsoft.Storage/storageAccounts/read | 返回存储帐户的列表,或获取指定存储帐户的属性。 |
Microsoft.Sql/servers/privateEndpointConnectionsApproval/action | 确定是否允许用户批准专用终结点连接 |
Microsoft.Sql/servers/privateEndpointConnections/read | 返回专用终结点连接列表,或获取指定专用终结点连接的属性。 |
Microsoft.Sql/servers/privateEndpointConnections/write | 批准或拒绝现有的专用终结点连接 |
Microsoft.Sql/servers/privateLinkResources/read | 获取相应 SQL Server 的专用链接资源 |
Microsoft.Sql/servers/read | 返回服务器列表,或获取指定服务器的属性。 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Can approve private endpoint connections to Azure AI common dependency resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b556d68e-0be0-4f35-a333-ad7ee1ce17ea",
"name": "b556d68e-0be0-4f35-a333-ad7ee1ce17ea",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/privateEndpointConnectionsApproval/action",
"Microsoft.ContainerRegistry/registries/privateEndpointConnections/read",
"Microsoft.ContainerRegistry/registries/privateEndpointConnections/write",
"Microsoft.Cache/redis/read",
"Microsoft.Cache/redis/privateEndpointConnections/read",
"Microsoft.Cache/redis/privateEndpointConnections/write",
"Microsoft.Cache/redis/privateLinkResources/read",
"Microsoft.Cache/redis/privateEndpointConnectionsApproval/action",
"Microsoft.Cache/redisEnterprise/read",
"Microsoft.Cache/redisEnterprise/privateEndpointConnections/read",
"Microsoft.Cache/redisEnterprise/privateEndpointConnections/write",
"Microsoft.Cache/redisEnterprise/privateLinkResources/read",
"Microsoft.Cache/redisEnterprise/privateEndpointConnectionsApproval/action",
"Microsoft.CognitiveServices/accounts/read",
"Microsoft.CognitiveServices/accounts/privateEndpointConnections/read",
"Microsoft.CognitiveServices/accounts/privateEndpointConnections/write",
"Microsoft.CognitiveServices/accounts/privateLinkResources/read",
"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnectionsApproval/action",
"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read",
"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/write",
"Microsoft.DocumentDB/databaseAccounts/privateLinkResources/read",
"Microsoft.DocumentDB/databaseAccounts/read",
"Microsoft.KeyVault/vaults/privateEndpointConnectionsApproval/action",
"Microsoft.KeyVault/vaults/privateEndpointConnections/read",
"Microsoft.KeyVault/vaults/privateEndpointConnections/write",
"Microsoft.KeyVault/vaults/privateLinkResources/read",
"Microsoft.KeyVault/vaults/read",
"Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionsApproval/action",
"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read",
"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write",
"Microsoft.MachineLearningServices/workspaces/privateLinkResources/read",
"Microsoft.MachineLearningServices/workspaces/read",
"Microsoft.Storage/storageAccounts/privateEndpointConnections/read",
"Microsoft.Storage/storageAccounts/privateEndpointConnections/write",
"Microsoft.Storage/storageAccounts/privateLinkResources/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Sql/servers/privateEndpointConnectionsApproval/action",
"Microsoft.Sql/servers/privateEndpointConnections/read",
"Microsoft.Sql/servers/privateEndpointConnections/write",
"Microsoft.Sql/servers/privateLinkResources/read",
"Microsoft.Sql/servers/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure AI Enterprise Network Connection Approver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AzureML 计算操作员
可以在机器学习服务托管计算资源(包括笔记本 VM)上访问和执行 CRUD 操作。
操作 | 说明 |
---|---|
Microsoft.MachineLearningServices/workspaces/computes/* | |
Microsoft.MachineLearningServices/workspaces/notebooks/vm/* | |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Can access and perform CRUD operations on Machine Learning Services managed compute resources (including Notebook VMs).",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e503ece1-11d0-4e8e-8e2c-7a6c3bf38815",
"name": "e503ece1-11d0-4e8e-8e2c-7a6c3bf38815",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/workspaces/computes/*",
"Microsoft.MachineLearningServices/workspaces/notebooks/vm/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AzureML Compute Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AzureML 数据科学家
可以在 Azure 机器学习工作区中执行所有操作,但创建或删除计算资源及修改工作区本身除外。
操作 | 说明 |
---|---|
Microsoft.MachineLearningServices/workspaces/*/read | |
Microsoft.MachineLearningServices/workspaces/*/action | |
Microsoft.MachineLearningServices/workspaces/*/delete | |
Microsoft.MachineLearningServices/workspaces/*/write | |
不操作 | |
Microsoft.MachineLearningServices/workspaces/delete | 删除机器学习服务工作区 |
Microsoft.MachineLearningServices/workspaces/write | 创建或更新机器学习服务工作区 |
Microsoft.MachineLearningServices/workspaces/computes/*/write | |
Microsoft.MachineLearningServices/workspaces/computes/*/delete | |
Microsoft.MachineLearningServices/workspaces/computes/listKeys/action | 列出机器学习服务工作区中的计算资源的机密 |
Microsoft.MachineLearningServices/workspaces/listKeys/action | 列出机器学习服务工作区的机密 |
Microsoft.MachineLearningServices/workspaces/hubs/write | 创建或更新机器学习服务中心工作区 |
Microsoft.MachineLearningServices/workspaces/hubs/delete | 删除机器学习服务中心工作区 |
Microsoft.MachineLearningServices/workspaces/featurestores/write | 创建或更新机器学习服务特征存储 |
Microsoft.MachineLearningServices/workspaces/featurestores/delete | 删除机器学习服务特征存储 |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f6c7c914-8db3-469d-8ca1-694a8f32e121",
"name": "f6c7c914-8db3-469d-8ca1-694a8f32e121",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/workspaces/*/read",
"Microsoft.MachineLearningServices/workspaces/*/action",
"Microsoft.MachineLearningServices/workspaces/*/delete",
"Microsoft.MachineLearningServices/workspaces/*/write"
],
"notActions": [
"Microsoft.MachineLearningServices/workspaces/delete",
"Microsoft.MachineLearningServices/workspaces/write",
"Microsoft.MachineLearningServices/workspaces/computes/*/write",
"Microsoft.MachineLearningServices/workspaces/computes/*/delete",
"Microsoft.MachineLearningServices/workspaces/computes/listKeys/action",
"Microsoft.MachineLearningServices/workspaces/listKeys/action",
"Microsoft.MachineLearningServices/workspaces/hubs/write",
"Microsoft.MachineLearningServices/workspaces/hubs/delete",
"Microsoft.MachineLearningServices/workspaces/featurestores/write",
"Microsoft.MachineLearningServices/workspaces/featurestores/delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AzureML Data Scientist",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务参与者
允许创建、读取、更新、删除和管理认知服务的密钥。
操作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.CognitiveServices/* | |
Microsoft.Features/features/read | 获取订阅的功能。 |
Microsoft.Features/providers/features/read | 获取给定资源提供程序中某个订阅的功能。 |
Microsoft.Features/providers/features/register/action | 在给定的资源提供程序中注册某个订阅的功能。 |
Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
Microsoft.Insights/diagnosticSettings/* | 创建、更新或读取 Analysis Server 的诊断设置 |
Microsoft.Insights/logDefinitions/read | 读取日志定义 |
Microsoft.Insights/metricdefinitions/read | 读取指标定义 |
Microsoft.Insights/metrics/read | 添加指标 |
Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/deployments/operations/read | 获取或列出部署操作。 |
Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
Microsoft.Resources/subscriptions/read | 获取订阅的列表。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.CognitiveServices/*",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Features/providers/features/register/action",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cognitive Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉参与者
对项目的完全访问权限,包括可以查看、创建、编辑或删除项目。
操作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/* | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Full access to the project, including the ability to view, create, edit, or delete projects.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
"name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Custom Vision Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉部署
发布、取消发布或导出模型。 部署可以查看项目,但不能更新项目。
操作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/*/read | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/* | |
Microsoft.CognitiveServices/accounts/CustomVision/classify/* | |
Microsoft.CognitiveServices/accounts/CustomVision/detect/* | |
NotDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 导出项目。 |
{
"assignableScopes": [
"/"
],
"description": "Publish, unpublish or export models. Deployment can view the project but can't update.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f",
"name": "5c4089e1-6d96-4d2f-b296-c1bc7137275f",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*",
"Microsoft.CognitiveServices/accounts/CustomVision/classify/*",
"Microsoft.CognitiveServices/accounts/CustomVision/detect/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Deployment",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉标记者
查看、编辑训练图像,创建、添加、移除或删除图像标记。 标记者可以查看项目,但不能更新除训练图像和标记以外的任何内容。
操作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/*/read | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action | 获取已发送到预测终结点的图像。 |
Microsoft.CognitiveServices/accounts/CustomVision/projects/images/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action | 此 API 获取未标记图像数组/批的建议标记和区域,以及标记的置信度。 如果未找到标记,则返回空数组。 |
NotDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 导出项目。 |
{
"assignableScopes": [
"/"
],
"description": "View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c",
"name": "88424f51-ebe7-446f-bc41-7fa16989e96c",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Labeler",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉读取者
只读项目中的操作。 读取者不能创建或更新项目。
操作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/*/read | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action | 获取已发送到预测终结点的图像。 |
NotDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 导出项目。 |
{
"assignableScopes": [
"/"
],
"description": "Read-only actions in the project. Readers can't create or update the project.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/93586559-c37d-4a6b-ba08-b9f0940c2d73",
"name": "93586559-c37d-4a6b-ba08-b9f0940c2d73",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉训练者
查看、编辑项目和训练模型,包括可以发布、取消发布、导出模型。 训练者不能创建或删除项目。
操作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/* | |
NotDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/action | 创建项目。 |
Microsoft.CognitiveServices/accounts/CustomVision/projects/delete | 删除特定的项目。 |
Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action | 导入项目。 |
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 导出项目。 |
{
"assignableScopes": [
"/"
],
"description": "View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can't create or delete the project.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
"name": "0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/delete",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Trainer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务数据读取者(预览版)
允许读取认知服务数据。
操作 | 描述 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/*/read | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you read Cognitive Services data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
"name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Data Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务人脸识别者
让你可以在人脸 API 上执行“检测”、“验证”、“识别”、“分组”和“查找相似”等操作。 此角色不允许创建或删除操作,因此非常适合只需要对功能进行推理、遵循“最小特权”最佳做法的终结点。
操作 | 描述 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/Face/detect/action | 检测图像中的人脸,返回人脸矩形以及可选的 faceId、地标和属性。 |
Microsoft.CognitiveServices/accounts/Face/verify/action | 验证两张人脸是否属于同一个人,或者一张人脸是否属于某一个人。 |
Microsoft.CognitiveServices/accounts/Face/identify/action | 一对多的识别,用于在人员组或大型人员组中查找与特定查询人脸最接近的匹配项。 |
Microsoft.CognitiveServices/accounts/Face/group/action | 根据人脸相似性将候选人脸划分为组。 |
Microsoft.CognitiveServices/accounts/Face/findsimilars/action | 给定查询人脸的 faceId,用于在 faceId 数组、人脸列表或大型人脸列表中搜索类似的人脸。 faceId |
Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action | 在一个红外、颜色和/或深度的图像序列中对目标人脸执行活动检测,并将目标人脸的活动分类返回为“真实人脸”、“假冒人脸”或“不确定”(如果无法使用给定输入进行分类)。 |
Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action | 在相同模态(例如颜色或红外)的图像序列中对目标人脸执行活动检测,并将目标人脸的活动分类返回为“真实人脸”、“假冒人脸”或“不确定”(如果无法使用给定输入进行分类)。 |
Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action | 在一系列相同流类型(如颜色)的图像中检测目标人脸的活动,然后与 VerifyImage 进行比较以返回标识方案的置信度得分。 |
Microsoft.CognitiveServices/accounts/Face/*/sessions/action | |
Microsoft.CognitiveServices/accounts/Face/*/sessions/delete | |
Microsoft.CognitiveServices/accounts/Face/*/sessions/read | |
Microsoft.CognitiveServices/accounts/Face/*/sessions/audit/read | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/9894cab4-e18a-44aa-828b-cb588cd6f2d7",
"name": "9894cab4-e18a-44aa-828b-cb588cd6f2d7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/Face/detect/action",
"Microsoft.CognitiveServices/accounts/Face/verify/action",
"Microsoft.CognitiveServices/accounts/Face/identify/action",
"Microsoft.CognitiveServices/accounts/Face/group/action",
"Microsoft.CognitiveServices/accounts/Face/findsimilars/action",
"Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action",
"Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action",
"Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/action",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/delete",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/read",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/audit/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Face Recognizer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务指标顾问管理员
拥有对项目的完全访问权限,包括系统级配置。
操作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/MetricsAdvisor/* | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Full access to the project, including the system level configuration.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cb43c632-a144-4ec5-977c-e80c4affc34a",
"name": "cb43c632-a144-4ec5-977c-e80c4affc34a",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/MetricsAdvisor/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Metrics Advisor Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 OpenAI 参与者
完全访问权限,包括微调、部署和生成文本的功能
操作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.CognitiveServices/accounts/deployments/write | 写入部署。 |
Microsoft.CognitiveServices/accounts/deployments/delete | 删除部署。 |
Microsoft.CognitiveServices/accounts/raiPolicies/read | 获取帐户下的所有适用策略,包括默认策略。 |
Microsoft.CognitiveServices/accounts/raiPolicies/write | 创建或更新自定义负责任 AI 策略。 |
Microsoft.CognitiveServices/accounts/raiPolicies/delete | 删除现有部署未引用的自定义负责任 AI 策略。 |
Microsoft.CognitiveServices/accounts/commitmentplans/read | 读取承诺计划。 |
Microsoft.CognitiveServices/accounts/commitmentplans/write | 写入承诺计划。 |
Microsoft.CognitiveServices/accounts/commitmentplans/delete | 删除承诺计划。 |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/OpenAI/* | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Full access including the ability to fine-tune, deploy and generate text",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a001fd3d-188f-4b5d-821b-7da978bf7442",
"name": "a001fd3d-188f-4b5d-821b-7da978bf7442",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/deployments/write",
"Microsoft.CognitiveServices/accounts/deployments/delete",
"Microsoft.CognitiveServices/accounts/raiPolicies/read",
"Microsoft.CognitiveServices/accounts/raiPolicies/write",
"Microsoft.CognitiveServices/accounts/raiPolicies/delete",
"Microsoft.CognitiveServices/accounts/commitmentplans/read",
"Microsoft.CognitiveServices/accounts/commitmentplans/write",
"Microsoft.CognitiveServices/accounts/commitmentplans/delete",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services OpenAI Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 OpenAI 用户
查看文件、模型、部署的读取访问权限。 创建完成操作和嵌入调用的功能。
操作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/OpenAI/*/read | |
Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action | 从所选模型创建完成 |
Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action | 使用当前引擎搜索最相关的文档。 |
Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action | (仅适用于浏览器。)通过 GET 请求从模型流式传输生成的文本。 之所以提供此方法,是因为浏览器原生 EventSource 方法只能发送 GET 请求。 它支持比 POST 变体更有限的一组配置选项。 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/audio/action | 返回给定音频文件的脚本或翻译。 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action | 使用当前引擎搜索最相关的文档。 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action | 从所选模型创建完成操作。 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action | 为聊天消息创建完成操作 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action | 使用扩展为聊天消息创建完成操作 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action | 返回给定提示的嵌入。 |
Microsoft.CognitiveServices/accounts/OpenAI/images/generations/action | 创建映像代系。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Ability to view files, models, deployments. Readers can't make any changes They can inference and create images",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5e0bd9bd-7b93-4f28-af87-19fc36ad61bd",
"name": "5e0bd9bd-7b93-4f28-af87-19fc36ad61bd",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*/read",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/audio/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action",
"Microsoft.CognitiveServices/accounts/OpenAI/images/generations/action"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services OpenAI User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 QnA Maker 编辑者
允许你创建、编辑、导入和导出知识库。 但不能发布或删除知识库。
操作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read | 下载知识库。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write | 用于创建新知识库的异步操作。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write | 用于修改知识库或替换知识库内容的异步操作。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action | 用于将建议添加到知识库的 Train 调用。 |
Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read | 从运行时下载更改。 |
Microsoft.CognitiveServices/accounts/QnAMaker/alterations/write | 替换更改数据。 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read | 获取终结点的终结点密钥 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action | 重新生成终结点密钥。 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read | 获取终结点的终结点设置 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write | 更新终结点的终结点设置。 |
Microsoft.CognitiveServices/accounts/QnAMaker/operations/read | 获取特定的长时间运行的操作的详细信息。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read | 下载知识库。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write | 用于创建新知识库的异步操作。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write | 用于修改知识库或替换知识库内容的异步操作。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action | 用于将建议添加到知识库的 Train 调用。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read | 从运行时下载更改。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/write | 替换更改数据。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read | 获取终结点的终结点密钥 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action | 重新生成终结点密钥。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read | 获取终结点的终结点设置 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write | 更新终结点的终结点设置。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read | 获取特定的长时间运行的操作的详细信息。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read | 下载知识库。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write | 用于创建新知识库的异步操作。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write | 用于修改知识库或替换知识库内容的异步操作。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action | 用于将建议添加到知识库的 Train 调用。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read | 从运行时下载更改。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/write | 替换更改数据。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read | 获取终结点的终结点密钥 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action | 重新生成终结点密钥。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read | 获取终结点的终结点设置 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write | 更新终结点的终结点设置。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read | 获取特定的长时间运行的操作的详细信息。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Let's you create, edit, import and export a KB. You cannot publish or delete a KB.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f4cc2bf9-21be-47a1-bdf1-5c5804381025",
"name": "f4cc2bf9-21be-47a1-bdf1-5c5804381025",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/operations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services QnA Maker Editor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 QnA Maker 读取者
只能读取和测试知识库。
操作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read | 下载知识库。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read | 从运行时下载更改。 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read | 获取终结点的终结点密钥 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read | 获取终结点的终结点设置 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read | 下载知识库。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read | 从运行时下载更改。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read | 获取终结点的终结点密钥 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read | 获取终结点的终结点设置 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read | 下载知识库。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read | 从运行时下载更改。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read | 获取终结点的终结点密钥 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read | 获取终结点的终结点设置 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Let's you read and test a KB only.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/466ccd10-b268-4a11-b098-b4849f024126",
"name": "466ccd10-b268-4a11-b098-b4849f024126",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services QnA Maker Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务使用情况读取者
查看认知服务使用情况的最小权限。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/locations/usages/read | 读取所有使用情况数据 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Minimal permission to view Cognitive Services usages.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/bba48692-92b0-4667-a9ad-c31c7b334ac2",
"name": "bba48692-92b0-4667-a9ad-c31c7b334ac2",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/locations/usages/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cognitive Services Usages Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务用户
允许读取和列出认知服务的密钥。
操作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.CognitiveServices/accounts/listkeys/action | 列出密钥 |
Microsoft.Insights/alertRules/read | 读取经典指标警报 |
Microsoft.Insights/diagnosticSettings/read | 读取资源诊断设置 |
Microsoft.Insights/logDefinitions/read | 读取日志定义 |
Microsoft.Insights/metricdefinitions/read | 读取指标定义 |
Microsoft.Insights/metrics/read | 添加指标 |
Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
Microsoft.Resources/deployments/operations/read | 获取或列出部署操作。 |
Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
Microsoft.Resources/subscriptions/read | 获取订阅的列表。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/* | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and list keys of Cognitive Services.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
"name": "a97b65f3-24c7-4388-baec-2e87135dc908",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/listkeys/action",
"Microsoft.Insights/alertRules/read",
"Microsoft.Insights/diagnosticSettings/read",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
搜索索引数据参与者
授予对 Azure 认知搜索索引数据的完全访问权限。
操作 | 描述 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.Search/searchServices/indexes/documents/* | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to Azure Cognitive Search index data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7",
"name": "8ebe5a00-799e-43f5-93ac-243d3dce84a7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Search/searchServices/indexes/documents/*"
],
"notDataActions": []
}
],
"roleName": "Search Index Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
搜索索引数据读取者
授予对 Azure 认知搜索索引数据的读取访问权限。
操作 | 描述 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.Search/searchServices/indexes/documents/read | 从索引中读取文档或建议的查询词。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Grants read access to Azure Cognitive Search index data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f",
"name": "1407120a-92aa-4202-b7e9-c0e197c71c8f",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Search/searchServices/indexes/documents/read"
],
"notDataActions": []
}
],
"roleName": "Search Index Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
搜索服务参与者
允许管理搜索服务,但不允许访问这些服务。
操作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.Search/searchServices/* | 创建和管理搜索服务 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Search services, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Search/searchServices/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Search Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}