用于计算的 Azure 内置角色
本文列出了计算类别的 Azure 内置角色。
经典虚拟机参与者
允许管理经典虚拟机,但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.ClassicCompute/domainNames/* | 创建和管理经典计算域名 |
| Microsoft.ClassicCompute/virtualMachines/* | 创建和管理虚拟机 |
| Microsoft.ClassicNetwork/networkSecurityGroups/join/action | |
| Microsoft.ClassicNetwork/reservedIps/link/action | 链接保留 IP |
| Microsoft.ClassicNetwork/reservedIps/read | 获取保留 IP |
| Microsoft.ClassicNetwork/virtualNetworks/join/action | 加入虚拟网络。 |
| Microsoft.ClassicNetwork/virtualNetworks/read | 获取虚拟网络。 |
| Microsoft.ClassicStorage/storageAccounts/disks/read | 返回存储帐户磁盘。 |
| Microsoft.ClassicStorage/storageAccounts/images/read | 返回存储帐户映像。 (已弃用。请使用“Microsoft.ClassicStorage/storageAccounts/vmImages”) |
| Microsoft.ClassicStorage/storageAccounts/listKeys/action | 列出存储帐户的访问密钥。 |
| Microsoft.ClassicStorage/storageAccounts/read | 返回包含给定帐户的存储帐户。 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicCompute/domainNames/*",
"Microsoft.ClassicCompute/virtualMachines/*",
"Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
"Microsoft.ClassicNetwork/reservedIps/link/action",
"Microsoft.ClassicNetwork/reservedIps/read",
"Microsoft.ClassicNetwork/virtualNetworks/join/action",
"Microsoft.ClassicNetwork/virtualNetworks/read",
"Microsoft.ClassicStorage/storageAccounts/disks/read",
"Microsoft.ClassicStorage/storageAccounts/images/read",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.ClassicStorage/storageAccounts/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
托管磁盘的数据操作员
提供使用 SAS URI 和 Azure AD 身份验证将数据上传到空托管磁盘、读取或导出托管磁盘(未附加到正在运行的 VM)的数据和快照的权限。
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Compute/disks/download/action | 对磁盘 SAS URI 执行读取数据操作 |
| Microsoft.Compute/disks/upload/action | 对磁盘 SAS URI 执行写入数据操作 |
| Microsoft.Compute/snapshots/download/action | 对快照 SAS URI 执行读取数据操作 |
| Microsoft.Compute/snapshots/upload/action | 对快照 SAS URI 执行写入数据操作 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/959f8984-c045-4866-89c7-12bf9737be2e",
"name": "959f8984-c045-4866-89c7-12bf9737be2e",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Compute/disks/download/action",
"Microsoft.Compute/disks/upload/action",
"Microsoft.Compute/snapshots/download/action",
"Microsoft.Compute/snapshots/upload/action"
],
"notDataActions": []
}
],
"roleName": "Data Operator for Managed Disks",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虚拟化应用程序组参与者
桌面虚拟化应用程序组参与者。
| 操作 | 说明 |
|---|---|
| Microsoft.DesktopVirtualization/applicationgroups/* | |
| Microsoft.DesktopVirtualization/hostpools/read | 读取 hostpools |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/read | 读取 hostpools/sessionhosts |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Contributor of the Desktop Virtualization Application Group.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/86240b0e-9422-4c43-887b-b61143f32ba8",
"name": "86240b0e-9422-4c43-887b-b61143f32ba8",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/applicationgroups/*",
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Application Group Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虚拟化应用程序组读取者
桌面虚拟化应用程序组读取者。
| 操作 | 说明 |
|---|---|
| Microsoft.DesktopVirtualization/applicationgroups/*/read | |
| Microsoft.DesktopVirtualization/applicationgroups/read | 读取 applicationgroups |
| Microsoft.DesktopVirtualization/hostpools/read | 读取 hostpools |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/read | 读取 hostpools/sessionhosts |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Resources/deployments/read | 获取或列出部署。 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/read | 读取经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Reader of the Desktop Virtualization Application Group.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/aebf23d0-b568-4e86-b8f9-fe83a2c6ab55",
"name": "aebf23d0-b568-4e86-b8f9-fe83a2c6ab55",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/applicationgroups/*/read",
"Microsoft.DesktopVirtualization/applicationgroups/read",
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Application Group Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虚拟化参与者
桌面虚拟化参与者。
| 操作 | 说明 |
|---|---|
| Microsoft.DesktopVirtualization/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Contributor of Desktop Virtualization.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/082f0a83-3be5-4ba1-904c-961cca79b387",
"name": "082f0a83-3be5-4ba1-904c-961cca79b387",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虚拟化主机池参与者
桌面虚拟化主机池参与者。
| 操作 | 说明 |
|---|---|
| Microsoft.DesktopVirtualization/hostpools/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Contributor of the Desktop Virtualization Host Pool.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e307426c-f9b6-4e81-87de-d99efb3c32bc",
"name": "e307426c-f9b6-4e81-87de-d99efb3c32bc",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/hostpools/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Host Pool Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虚拟化主机池读取者
桌面虚拟化主机池读取者。
| 操作 | 说明 |
|---|---|
| Microsoft.DesktopVirtualization/hostpools/*/read | |
| Microsoft.DesktopVirtualization/hostpools/read | 读取 hostpools |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Resources/deployments/read | 获取或列出部署。 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/read | 读取经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Reader of the Desktop Virtualization Host Pool.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ceadfde2-b300-400a-ab7b-6143895aa822",
"name": "ceadfde2-b300-400a-ab7b-6143895aa822",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/hostpools/*/read",
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Host Pool Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虚拟化读取者
桌面虚拟化读取者。
| 操作 | 说明 |
|---|---|
| Microsoft.DesktopVirtualization/*/read | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Resources/deployments/read | 获取或列出部署。 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/read | 读取经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Reader of Desktop Virtualization.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/49a72310-ab8d-41df-bbb0-79b649203868",
"name": "49a72310-ab8d-41df-bbb0-79b649203868",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虚拟化会话主机操作员
桌面虚拟化会话主机操作员。
| 操作 | 说明 |
|---|---|
| Microsoft.DesktopVirtualization/hostpools/read | 读取 hostpools |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Operator of the Desktop Virtualization Session Host.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2ad6aaab-ead9-4eaa-8ac5-da422f562408",
"name": "2ad6aaab-ead9-4eaa-8ac5-da422f562408",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Session Host Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虚拟化用户
允许用户使用应用程序组中的应用程序。
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.DesktopVirtualization/applicationGroups/useApplications/action | 使用 ApplicationGroup |
| Microsoft.DesktopVirtualization/appAttachPackages/useApplications/action | 允许用户对应用程序组中的应用附加包授予权限 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows user to use the applications in an application group.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63",
"name": "1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.DesktopVirtualization/applicationGroups/useApplications/action",
"Microsoft.DesktopVirtualization/appAttachPackages/useApplications/action"
],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虚拟化用户会话操作员
桌面虚拟化用户会话操作员。
| 操作 | 说明 |
|---|---|
| Microsoft.DesktopVirtualization/hostpools/read | 读取 hostpools |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/read | 读取 hostpools/sessionhosts |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Operator of the Desktop Virtualization Uesr Session.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6",
"name": "ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization User Session Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虚拟化工作区参与者
桌面虚拟化工作区参与者。
| 操作 | 说明 |
|---|---|
| Microsoft.DesktopVirtualization/workspaces/* | |
| Microsoft.DesktopVirtualization/applicationgroups/read | 读取 applicationgroups |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Contributor of the Desktop Virtualization Workspace.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/21efdde3-836f-432b-bf3d-3e8e734d4b2b",
"name": "21efdde3-836f-432b-bf3d-3e8e734d4b2b",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/workspaces/*",
"Microsoft.DesktopVirtualization/applicationgroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Workspace Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
桌面虚拟化工作区读取者
桌面虚拟化工作区读取者。
| 操作 | 说明 |
|---|---|
| Microsoft.DesktopVirtualization/workspaces/read | 读取工作区 |
| Microsoft.DesktopVirtualization/applicationgroups/read | 读取 applicationgroups |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Resources/deployments/read | 获取或列出部署。 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/read | 读取经典指标警报 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Reader of the Desktop Virtualization Workspace.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0fa44ee9-7a7d-466b-9bb2-2bf446b1204d",
"name": "0fa44ee9-7a7d-466b-9bb2-2bf446b1204d",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/workspaces/read",
"Microsoft.DesktopVirtualization/applicationgroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Workspace Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
磁盘备份读取者
向备份保管库提供执行磁盘备份的权限。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Compute/disks/read | 获取磁盘的属性 |
| Microsoft.Compute/disks/beginGetAccess/action | 获取用于 Blob 访问的磁盘 SAS URI |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Provides permission to backup vault to perform disk backup.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3e5e47e6-65f7-47ef-90b5-e5dd4d455f24",
"name": "3e5e47e6-65f7-47ef-90b5-e5dd4d455f24",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/beginGetAccess/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Backup Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
磁盘池操作员
向 StoragePool 资源提供程序提供管理添加到磁盘池的磁盘的权限。
| 操作 | 说明 |
|---|---|
| Microsoft.Compute/disks/write | 创建新的磁盘,或更新现有的磁盘 |
| Microsoft.Compute/disks/read | 获取磁盘的属性 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840",
"name": "60fc6e62-5479-42d4-8bf4-67625fcc2840",
"permissions": [
{
"actions": [
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Pool Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
磁盘还原操作员
向备份保管库提供执行磁盘还原的权限。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Compute/disks/write | 创建新的磁盘,或更新现有的磁盘 |
| Microsoft.Compute/disks/read | 获取磁盘的属性 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Provides permission to backup vault to perform disk restore.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b50d9833-a0cb-478e-945f-707fcc997c13",
"name": "b50d9833-a0cb-478e-945f-707fcc997c13",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Restore Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
磁盘快照参与者
向备份保管库提供管理磁盘快照的权限。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Compute/snapshots/delete | 删除快照 |
| Microsoft.Compute/snapshots/write | 创建新的快照,或更新现有的快照 |
| Microsoft.Compute/snapshots/read | 获取快照的属性 |
| Microsoft.Compute/snapshots/beginGetAccess/action | 获取用于 blob 访问的快照 SAS URI |
| Microsoft.Compute/snapshots/endGetAccess/action | 撤销快照的 SAS URI |
| Microsoft.Compute/disks/beginGetAccess/action | 获取用于 Blob 访问的磁盘 SAS URI |
| Microsoft.Storage/storageAccounts/listkeys/action | 返回指定存储帐户的访问密钥。 |
| Microsoft.Storage/storageAccounts/write | 使用指定的参数创建存储帐户、更新指定存储帐户的属性或标记,或者为其添加自定义域。 |
| Microsoft.Storage/storageAccounts/read | 返回存储帐户的列表,或获取指定存储帐户的属性。 |
| Microsoft.Storage/storageAccounts/delete | 删除现有的存储帐户。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Provides permission to backup vault to manage disk snapshots.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7efff54f-a5b4-42b5-a1c5-5411624893ce",
"name": "7efff54f-a5b4-42b5-a1c5-5411624893ce",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Compute/snapshots/delete",
"Microsoft.Compute/snapshots/write",
"Microsoft.Compute/snapshots/read",
"Microsoft.Compute/snapshots/beginGetAccess/action",
"Microsoft.Compute/snapshots/endGetAccess/action",
"Microsoft.Compute/disks/beginGetAccess/action",
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/write",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Snapshot Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虚拟机管理员登录
在门户中查看虚拟机并以管理员身份登录
| 操作 | 描述 |
|---|---|
| Microsoft.Network/publicIPAddresses/read | 获取公共 IP 地址定义。 |
| Microsoft.Network/virtualNetworks/read | 获取虚拟网络定义 |
| Microsoft.Network/loadBalancers/read | 获取负载均衡器定义 |
| Microsoft.Network/networkInterfaces/read | 获取网络接口定义。 |
| Microsoft.Compute/virtualMachines/*/read | |
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.HybridConnectivity/endpoints/listCredentials/action | 获取资源的终结点访问凭据。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Compute/virtualMachines/login/action | 以普通用户身份登录虚拟机 |
| Microsoft.Compute/virtualMachines/loginAsAdmin/action | 以 Windows 管理员身份或 Linux 根用户权限登录虚拟机 |
| Microsoft.HybridCompute/machines/login/action | 以常规用户身份登录 Azure Arc 计算机 |
| Microsoft.HybridCompute/machines/loginAsAdmin/action | 使用 Windows 管理员或 Linux 根用户权限登录 Azure Arc 计算机 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as administrator",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
"name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridConnectivity/endpoints/listCredentials/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action",
"Microsoft.Compute/virtualMachines/loginAsAdmin/action",
"Microsoft.HybridCompute/machines/login/action",
"Microsoft.HybridCompute/machines/loginAsAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine Administrator Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虚拟机参与者
创建并管理虚拟机、管理磁盘、安装并运行软件、使用 VM 扩展重置虚拟机根用户的密码,以及使用 VM 扩展管理本地用户帐户。 此角色不会授予你对虚拟机连接到的虚拟网络或存储帐户的管理访问权限。 此角色不允许在 Azure RBAC 中分配角色。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Compute/availabilitySets/* | 创建和管理计算可用性集 |
| Microsoft.Compute/locations/* | 创建和管理计算位置 |
| Microsoft.Compute/virtualMachines/* | 执行所有虚拟机操作,包括创建、更新、删除、启动、重新启动和关闭虚拟机。 在虚拟机上执行脚本。 |
| Microsoft.Compute/virtualMachineScaleSets/* | 创建和管理虚拟机规模集 |
| Microsoft.Compute/cloudServices/* | |
| Microsoft.Compute/disks/write | 创建新的磁盘,或更新现有的磁盘 |
| Microsoft.Compute/disks/read | 获取磁盘的属性 |
| Microsoft.Compute/disks/delete | 删除磁盘 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.Network/applicationGateways/backendAddressPools/join/action | 加入应用程序网关后端地址池。 不可发出警报。 |
| Microsoft.Network/loadBalancers/backendAddressPools/join/action | 加入负载均衡器后端地址池。 不可发出警报。 |
| Microsoft.Network/loadBalancers/inboundNatPools/join/action | 加入负载均衡器入站 NAT 池。 不可发出警报。 |
| Microsoft.Network/loadBalancers/inboundNatRules/join/action | 加入负载均衡器入站 NAT 规则。 不可发出警报。 |
| Microsoft.Network/loadBalancers/probes/join/action | 允许使用负载均衡器的探测。 例如,使用此权限,VM 规模集的 healthProbe 属性可以引用探测。 不可发出警报。 |
| Microsoft.Network/loadBalancers/read | 获取负载均衡器定义 |
| Microsoft.Network/locations/* | 创建和管理网络位置 |
| Microsoft.Network/networkInterfaces/* | 创建和管理网络接口 |
| Microsoft.Network/networkSecurityGroups/join/action | 加入网络安全组。 不可发出警报。 |
| Microsoft.Network/networkSecurityGroups/read | 获取网络安全组定义 |
| Microsoft.Network/publicIPAddresses/join/action | 加入公共 IP 地址。 不可发出警报。 |
| Microsoft.Network/publicIPAddresses/read | 获取公共 IP 地址定义。 |
| Microsoft.Network/virtualNetworks/read | 获取虚拟网络定义 |
| Microsoft.Network/virtualNetworks/subnets/join/action | 加入虚拟网络。 不可发出警报。 |
| Microsoft.RecoveryServices/locations/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write | 创建备份保护意向 |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | 返回受保护项的对象详细信息 |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write | 创建备份受保护项 |
| Microsoft.RecoveryServices/Vaults/backupPolicies/read | 返回所有保护策略 |
| Microsoft.RecoveryServices/Vaults/backupPolicies/write | 创建保护策略 |
| Microsoft.RecoveryServices/Vaults/read | “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象 |
| Microsoft.RecoveryServices/Vaults/usages/read | 返回恢复服务保管库的使用情况详细信息。 |
| Microsoft.RecoveryServices/Vaults/write | “创建保管库”操作创建“vault”类型的 Azure 资源 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.SerialConsole/serialPorts/connect/action | 连接到串行端口 |
| Microsoft.SqlVirtualMachine/* | |
| Microsoft.Storage/storageAccounts/listKeys/action | 返回指定存储帐户的访问密钥。 |
| Microsoft.Storage/storageAccounts/read | 返回存储帐户的列表,或获取指定存储帐户的属性。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/locations/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/virtualMachineScaleSets/*",
"Microsoft.Compute/cloudServices/*",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/delete",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/applicationGateways/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/loadBalancers/probes/join/action",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/locations/*",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/write",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SerialConsole/serialPorts/connect/action",
"Microsoft.SqlVirtualMachine/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虚拟机数据访问管理员(预览版)
通过添加或删除“虚拟机管理员登录名”角色和“虚拟机用户登录名”角色的角色分配来管理对虚拟机的访问。 包括用于约束角色分配的 ABAC 条件。
| 操作 | 说明 |
|---|---|
| Microsoft.Authorization/roleAssignments/write | 创建指定范围的角色分配。 |
| Microsoft.Authorization/roleAssignments/delete | 删除指定范围的角色分配。 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Resources/subscriptions/read | 获取订阅的列表。 |
| Microsoft.Management/managementGroups/read | 列出已通过身份验证的用户的管理组。 |
| Microsoft.Network/publicIPAddresses/read | 获取公共 IP 地址定义。 |
| Microsoft.Network/virtualNetworks/read | 获取虚拟网络定义 |
| Microsoft.Network/loadBalancers/read | 获取负载均衡器定义 |
| Microsoft.Network/networkInterfaces/read | 获取网络接口定义。 |
| Microsoft.Compute/virtualMachines/*/read | |
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 | |
| 条件 | |
| ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) 或 (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{1c0163c0-47e6-4577-8991-ea5c82e286e4, fb879df8-f326-4884-b1cf-06f3ad86be52})) 和 ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) 或 (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{1c0163c0-47e6-4577-8991-ea5c82e286e4, fb879df8-f326-4884-b1cf-06f3ad86be52})) | 添加或移除以下角色的角色分配: 虚拟机管理员登录 虚拟机用户登录 |
{
"assignableScopes": [
"/"
],
"description": "Manage access to Virtual Machines by adding or removing role assignments for the Virtual Machine Administrator Login and Virtual Machine User Login roles. Includes an ABAC condition to constrain role assignments.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/66f75aeb-eabe-4b70-9f1e-c350c4c9ad04",
"name": "66f75aeb-eabe-4b70-9f1e-c350c4c9ad04",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"conditionVersion": "2.0",
"condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{1c0163c0-47e6-4577-8991-ea5c82e286e4, fb879df8-f326-4884-b1cf-06f3ad86be52})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{1c0163c0-47e6-4577-8991-ea5c82e286e4, fb879df8-f326-4884-b1cf-06f3ad86be52}))"
}
],
"roleName": "Virtual Machine Data Access Administrator (preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虚拟机本地用户登录
在门户中查看虚拟机,并以在 Arc 服务器上配置的本地用户身份登录
| 操作 | 说明 |
|---|---|
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.HybridConnectivity/endpoints/listCredentials/action | 获取资源的终结点访问凭据。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as a local user configured on the arc server",
"id": "/providers/Microsoft.Authorization/roleDefinitions/602da2ba-a5c2-41da-b01d-5360126ab525",
"name": "602da2ba-a5c2-41da-b01d-5360126ab525",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridConnectivity/endpoints/listCredentials/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Virtual Machine Local User Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虚拟机用户登录
在门户中查看虚拟机并以普通用户身份登录。
| 操作 | 描述 |
|---|---|
| Microsoft.Network/publicIPAddresses/read | 获取公共 IP 地址定义。 |
| Microsoft.Network/virtualNetworks/read | 获取虚拟网络定义 |
| Microsoft.Network/loadBalancers/read | 获取负载均衡器定义 |
| Microsoft.Network/networkInterfaces/read | 获取网络接口定义。 |
| Microsoft.Compute/virtualMachines/*/read | |
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.HybridConnectivity/endpoints/listCredentials/action | 获取资源的终结点访问凭据。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Compute/virtualMachines/login/action | 以普通用户身份登录虚拟机 |
| Microsoft.HybridCompute/machines/login/action | 以常规用户身份登录 Azure Arc 计算机 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as a regular user.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
"name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridConnectivity/endpoints/listCredentials/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action",
"Microsoft.HybridCompute/machines/login/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine User Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Windows Admin Center 管理员登录
允许以管理员身份通过 Windows Admin Center 管理资源的 OS。
| 操作 | 说明 |
|---|---|
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.HybridCompute/machines/extensions/* | |
| Microsoft.HybridCompute/machines/upgradeExtensions/action | 升级 Azure Arc 计算机上的扩展 |
| Microsoft.HybridCompute/operations/read | 读取适用于服务器的 Azure Arc 的所有操作 |
| Microsoft.Network/networkInterfaces/read | 获取网络接口定义。 |
| Microsoft.Network/loadBalancers/read | 获取负载均衡器定义 |
| Microsoft.Network/publicIPAddresses/read | 获取公共 IP 地址定义。 |
| Microsoft.Network/virtualNetworks/read | 获取虚拟网络定义 |
| Microsoft.Network/networkSecurityGroups/read | 获取网络安全组定义 |
| Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read | 获取默认的安全规则定义 |
| Microsoft.Network/networkWatchers/securityGroupView/action | 查看 VM 上应用的已配置和有效的网络安全组规则。 |
| Microsoft.Network/networkSecurityGroups/securityRules/read | 获取安全规则定义 |
| Microsoft.Network/networkSecurityGroups/securityRules/write | 创建安全规则,或更新现有的安全规则 |
| Microsoft.HybridConnectivity/endpoints/write | 更新目标资源的终结点。 |
| Microsoft.HybridConnectivity/endpoints/read | 获取资源的终结点。 |
| Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write | 更新目标资源服务配置中的服务详细信息。 |
| Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read | 获取有关资源服务的详细信息。 |
| Microsoft.HybridConnectivity/endpoints/listManagedProxyDetails/action | 提取托管代理详细信息 |
| Microsoft.Compute/virtualMachines/read | 获取虚拟机的属性 |
| Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/read | 检索最新补丁评估操作的摘要 |
| Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/softwarePatches/read | 检索上次补丁评估操作期间评估的补丁列表 |
| Microsoft.Compute/virtualMachines/patchInstallationResults/read | 检索最新补丁安装操作的摘要 |
| Microsoft.Compute/virtualMachines/patchInstallationResults/softwarePatches/read | 检索上次补丁安装操作期间尝试安装的补丁列表 |
| Microsoft.Compute/virtualMachines/extensions/read | 获取虚拟机扩展的属性 |
| Microsoft.Compute/virtualMachines/instanceView/read | 获取虚拟机的详细运行时状态及其资源 |
| Microsoft.Compute/virtualMachines/runCommands/read | 获取虚拟机运行命令的属性 |
| Microsoft.Compute/virtualMachines/vmSizes/read | 列出可将虚拟机更新到的大小 |
| Microsoft.Compute/locations/publishers/artifacttypes/types/read | 获取 VMExtension 类型的属性 |
| Microsoft.Compute/locations/publishers/artifacttypes/types/versions/read | 获取 VMExtension 版本的属性 |
| Microsoft.Compute/diskAccesses/read | 获取 DiskAccess 资源的属性 |
| Microsoft.Compute/galleries/images/read | 获取库映像的属性 |
| Microsoft.Compute/images/read | 获取映像的属性 |
| Microsoft.AzureStackHCI/Clusters/Read | 获取群集 |
| Microsoft.AzureStackHCI/Clusters/ArcSettings/Read | 获取 HCI 群集的 Arc 资源 |
| Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Read | 获取 HCI 群集的扩展资源 |
| Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Write | 创建或更新 HCI 群集的扩展资源 |
| Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Delete | 删除 HCI 群集的扩展资源 |
| Microsoft.AzureStackHCI/Operations/Read | Get 操作 |
| Microsoft.ConnectedVMwarevSphere/VirtualMachines/Read | 读取 virtualmachines |
| Microsoft.ConnectedVMwarevSphere/VirtualMachines/Extensions/Write | 写入扩展资源 |
| Microsoft.ConnectedVMwarevSphere/VirtualMachines/Extensions/Read | 获取扩展资源 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.HybridCompute/machines/WACLoginAsAdmin/action | 允许以管理员身份通过 Windows Admin Center 管理资源的 OS。 |
| Microsoft.Compute/virtualMachines/WACloginAsAdmin/action | 允许以管理员身份通过 Windows Admin Center 管理资源的 OS |
| Microsoft.AzureStackHCI/Clusters/WACloginAsAdmin/Action | 以管理员身份通过 Windows Admin Center 管理 HCI 资源的 OS |
| Microsoft.ConnectedVMwarevSphere/virtualmachines/WACloginAsAdmin/action | 允许以管理员身份通过 Windows Admin Center 管理资源的 OS。 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Let's you manage the OS of your resource via Windows Admin Center as an administrator.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a6333a3e-0164-44c3-b281-7a577aff287f",
"name": "a6333a3e-0164-44c3-b281-7a577aff287f",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridCompute/machines/extensions/*",
"Microsoft.HybridCompute/machines/upgradeExtensions/action",
"Microsoft.HybridCompute/operations/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read",
"Microsoft.Network/networkWatchers/securityGroupView/action",
"Microsoft.Network/networkSecurityGroups/securityRules/read",
"Microsoft.Network/networkSecurityGroups/securityRules/write",
"Microsoft.HybridConnectivity/endpoints/write",
"Microsoft.HybridConnectivity/endpoints/read",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read",
"Microsoft.HybridConnectivity/endpoints/listManagedProxyDetails/action",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/read",
"Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/softwarePatches/read",
"Microsoft.Compute/virtualMachines/patchInstallationResults/read",
"Microsoft.Compute/virtualMachines/patchInstallationResults/softwarePatches/read",
"Microsoft.Compute/virtualMachines/extensions/read",
"Microsoft.Compute/virtualMachines/instanceView/read",
"Microsoft.Compute/virtualMachines/runCommands/read",
"Microsoft.Compute/virtualMachines/vmSizes/read",
"Microsoft.Compute/locations/publishers/artifacttypes/types/read",
"Microsoft.Compute/locations/publishers/artifacttypes/types/versions/read",
"Microsoft.Compute/diskAccesses/read",
"Microsoft.Compute/galleries/images/read",
"Microsoft.Compute/images/read",
"Microsoft.AzureStackHCI/Clusters/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Write",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Delete",
"Microsoft.AzureStackHCI/Operations/Read",
"Microsoft.ConnectedVMwarevSphere/VirtualMachines/Read",
"Microsoft.ConnectedVMwarevSphere/VirtualMachines/Extensions/Write",
"Microsoft.ConnectedVMwarevSphere/VirtualMachines/Extensions/Read"
],
"notActions": [],
"dataActions": [
"Microsoft.HybridCompute/machines/WACLoginAsAdmin/action",
"Microsoft.Compute/virtualMachines/WACloginAsAdmin/action",
"Microsoft.AzureStackHCI/Clusters/WACloginAsAdmin/Action",
"Microsoft.ConnectedVMwarevSphere/virtualmachines/WACloginAsAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Windows Admin Center Administrator Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}