Azure 集成内置角色
本文列出了“集成”类别的 Azure 内置角色。
API 管理开发人员门户内容编辑者
可自定义开发人员门户、编辑和发布其内容。
| 操作 | 说明 |
|---|---|
| Microsoft.ApiManagement/service/portalRevisions/read | 列出开发人员门户修订版实体的集合。 或者获取由标识符指定的开发人员门户版本。 |
| Microsoft.ApiManagement/service/portalRevisions/write | 创建新的开发人员门户修订版。 或者更新指定门户修订版的说明,或将其设为当前版本。 |
| Microsoft.ApiManagement/service/contentTypes/read | 返回内容类型列表或返回内容类型 |
| Microsoft.ApiManagement/service/contentTypes/delete | 删除内容类型。 |
| Microsoft.ApiManagement/service/contentTypes/write | 创建新的内容类型 |
| Microsoft.ApiManagement/service/contentTypes/contentItems/read | 返回内容项的列表或返回内容项详细信息 |
| Microsoft.ApiManagement/service/contentTypes/contentItems/write | 创建新内容项,或更新指定的内容项 |
| Microsoft.ApiManagement/service/contentTypes/contentItems/delete | 删除指定的内容项。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Can customize the developer portal, edit its content, and publish it.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c031e6a8-4391-4de0-8d69-4706a7ed3729",
"name": "c031e6a8-4391-4de0-8d69-4706a7ed3729",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/portalRevisions/read",
"Microsoft.ApiManagement/service/portalRevisions/write",
"Microsoft.ApiManagement/service/contentTypes/read",
"Microsoft.ApiManagement/service/contentTypes/delete",
"Microsoft.ApiManagement/service/contentTypes/write",
"Microsoft.ApiManagement/service/contentTypes/contentItems/read",
"Microsoft.ApiManagement/service/contentTypes/contentItems/write",
"Microsoft.ApiManagement/service/contentTypes/contentItems/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Developer Portal Content Editor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API 管理服务参与者
可以管理服务和 API
| 操作 | 描述 |
|---|---|
| Microsoft.ApiManagement/service/* | 创建和管理 API 管理服务 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Can manage service and the APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c",
"name": "312a565d-c81f-4fd8-895a-4e21e48d571c",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API 管理服务操作员角色
可以管理服务,但不可管理 API
| 操作 | 描述 |
|---|---|
| Microsoft.ApiManagement/service/*/read | 读取 API 管理服务实例 |
| Microsoft.ApiManagement/service/backup/action | 将 API 管理服务备份到用户提供的存储帐户中的指定容器 |
| Microsoft.ApiManagement/service/delete | 删除 API 管理服务实例 |
| Microsoft.ApiManagement/service/managedeployments/action | 更改 API 管理服务的 SKU/单位,以及添加/删除其区域部署 |
| Microsoft.ApiManagement/service/read | 读取 API 管理服务实例的元数据 |
| Microsoft.ApiManagement/service/restore/action | 从用户提供的存储帐户中的指定容器还原 API 管理服务 |
| Microsoft.ApiManagement/service/updatecertificate/action | 上传 API 管理服务的 TLS/SSL 证书 |
| Microsoft.ApiManagement/service/updatehostname/action | 设置、更新或删除 API 管理服务的自定义域名 |
| Microsoft.ApiManagement/service/write | 创建或更新 API 管理服务实例 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| Microsoft.ApiManagement/service/users/keys/read | 获取与用户关联的密钥 |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Can manage service but not the APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61",
"name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*/read",
"Microsoft.ApiManagement/service/backup/action",
"Microsoft.ApiManagement/service/delete",
"Microsoft.ApiManagement/service/managedeployments/action",
"Microsoft.ApiManagement/service/read",
"Microsoft.ApiManagement/service/restore/action",
"Microsoft.ApiManagement/service/updatecertificate/action",
"Microsoft.ApiManagement/service/updatehostname/action",
"Microsoft.ApiManagement/service/write",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [
"Microsoft.ApiManagement/service/users/keys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API 管理服务读者角色
对服务和 API 的只读访问权限
| 操作 | 描述 |
|---|---|
| Microsoft.ApiManagement/service/*/read | 读取 API 管理服务实例 |
| Microsoft.ApiManagement/service/read | 读取 API 管理服务实例的元数据 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| Microsoft.ApiManagement/service/users/keys/read | 获取与用户关联的密钥 |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Read-only access to service and APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d",
"name": "71522526-b88f-4d52-b57f-d31fc3546d0d",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*/read",
"Microsoft.ApiManagement/service/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [
"Microsoft.ApiManagement/service/users/keys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API Management 服务工作区 API 开发人员
对标记和产品拥有读取访问权限,并拥有以下写入访问权限:将 API 分配到产品、将标记分配到产品和 API。 应在服务范围内分配此角色。
| 操作 | 说明 |
|---|---|
| Microsoft.ApiManagement/service/tags/read | 列出服务实例中定义的标记的集合。 或获取按标识符指定的标记的详细信息。 |
| Microsoft.ApiManagement/service/tags/apiLinks/* | |
| Microsoft.ApiManagement/service/tags/operationLinks/* | |
| Microsoft.ApiManagement/service/tags/productLinks/* | |
| Microsoft.ApiManagement/service/products/read | 列出指定服务实例中的产品集合。 或获取按标识符指定的产品的详细信息。 |
| Microsoft.ApiManagement/service/products/apiLinks/* | |
| Microsoft.ApiManagement/service/read | 读取 API 管理服务实例的元数据 |
| Microsoft.ApiManagement/service/authorizationServers/read | 列出服务实例中定义的授权服务器集合。 或者获取授权服务器的详细信息而不获取机密。 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Has read access to tags and products and write access to allow: assigning APIs to products, assigning tags to products and APIs. This role should be assigned on the service scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/9565a273-41b9-4368-97d2-aeb0c976a9b3",
"name": "9565a273-41b9-4368-97d2-aeb0c976a9b3",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/tags/read",
"Microsoft.ApiManagement/service/tags/apiLinks/*",
"Microsoft.ApiManagement/service/tags/operationLinks/*",
"Microsoft.ApiManagement/service/tags/productLinks/*",
"Microsoft.ApiManagement/service/products/read",
"Microsoft.ApiManagement/service/products/apiLinks/*",
"Microsoft.ApiManagement/service/read",
"Microsoft.ApiManagement/service/authorizationServers/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Workspace API Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API 管理服务工作区 API 产品经理
具有与 API 管理服务工作区 API 开发人员相同的访问权限,对用户具有读取访问权限,并且具有写入访问权限,可允许将用户分配给组。 应在服务范围内分配此角色。
| 操作 | 说明 |
|---|---|
| Microsoft.ApiManagement/service/users/read | 列出指定服务实例中已注册用户的集合。 或获取按标识符指定的用户的详细信息。 |
| Microsoft.ApiManagement/service/tags/read | 列出服务实例中定义的标记的集合。 或获取按标识符指定的标记的详细信息。 |
| Microsoft.ApiManagement/service/tags/apiLinks/* | |
| Microsoft.ApiManagement/service/tags/operationLinks/* | |
| Microsoft.ApiManagement/service/tags/productLinks/* | |
| Microsoft.ApiManagement/service/products/read | 列出指定服务实例中的产品集合。 或获取按标识符指定的产品的详细信息。 |
| Microsoft.ApiManagement/service/products/apiLinks/* | |
| Microsoft.ApiManagement/service/groups/read | 列出服务实例中定义的组的集合。 或获取按标识符指定的组的详细信息。 |
| Microsoft.ApiManagement/service/groups/users/* | |
| Microsoft.ApiManagement/service/read | 读取 API 管理服务实例的元数据 |
| Microsoft.ApiManagement/service/authorizationServers/read | 列出服务实例中定义的授权服务器集合。 或者获取授权服务器的详细信息而不获取机密。 |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da",
"name": "d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/users/read",
"Microsoft.ApiManagement/service/tags/read",
"Microsoft.ApiManagement/service/tags/apiLinks/*",
"Microsoft.ApiManagement/service/tags/operationLinks/*",
"Microsoft.ApiManagement/service/tags/productLinks/*",
"Microsoft.ApiManagement/service/products/read",
"Microsoft.ApiManagement/service/products/apiLinks/*",
"Microsoft.ApiManagement/service/groups/read",
"Microsoft.ApiManagement/service/groups/users/*",
"Microsoft.ApiManagement/service/read",
"Microsoft.ApiManagement/service/authorizationServers/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Workspace API Product Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API 管理工作区 API 开发人员
对工作区中的实体具有读取访问权限,并对用于编辑 API 的实体具有读写访问权限。 应在工作区范围内分配此角色。
| 操作 | 说明 |
|---|---|
| Microsoft.ApiManagement/service/workspaces/*/read | |
| Microsoft.ApiManagement/service/workspaces/apis/* | |
| Microsoft.ApiManagement/service/workspaces/apiVersionSets/* | |
| Microsoft.ApiManagement/service/workspaces/policies/* | |
| Microsoft.ApiManagement/service/workspaces/schemas/* | |
| Microsoft.ApiManagement/service/workspaces/products/* | |
| Microsoft.ApiManagement/service/workspaces/policyFragments/* | |
| Microsoft.ApiManagement/service/workspaces/namedValues/* | |
| Microsoft.ApiManagement/service/workspaces/tags/* | |
| Microsoft.ApiManagement/service/workspaces/backends/* | |
| Microsoft.ApiManagement/service/workspaces/certificates/* | |
| Microsoft.ApiManagement/service/workspaces/diagnostics/* | |
| Microsoft.ApiManagement/service/workspaces/loggers/* | |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Has read access to entities in the workspace and read and write access to entities for editing APIs. This role should be assigned on the workspace scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/56328988-075d-4c6a-8766-d93edd6725b6",
"name": "56328988-075d-4c6a-8766-d93edd6725b6",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/workspaces/*/read",
"Microsoft.ApiManagement/service/workspaces/apis/*",
"Microsoft.ApiManagement/service/workspaces/apiVersionSets/*",
"Microsoft.ApiManagement/service/workspaces/policies/*",
"Microsoft.ApiManagement/service/workspaces/schemas/*",
"Microsoft.ApiManagement/service/workspaces/products/*",
"Microsoft.ApiManagement/service/workspaces/policyFragments/*",
"Microsoft.ApiManagement/service/workspaces/namedValues/*",
"Microsoft.ApiManagement/service/workspaces/tags/*",
"Microsoft.ApiManagement/service/workspaces/backends/*",
"Microsoft.ApiManagement/service/workspaces/certificates/*",
"Microsoft.ApiManagement/service/workspaces/diagnostics/*",
"Microsoft.ApiManagement/service/workspaces/loggers/*",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Workspace API Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API 管理工作区 API 产品经理
对工作区中的实体具有读取访问权限,并对用于发布 API 的实体具有读写访问权限。 应在工作区范围内分配此角色。
| 操作 | 说明 |
|---|---|
| Microsoft.ApiManagement/service/workspaces/*/read | |
| Microsoft.ApiManagement/service/workspaces/products/* | |
| Microsoft.ApiManagement/service/workspaces/subscriptions/* | |
| Microsoft.ApiManagement/service/workspaces/groups/* | |
| Microsoft.ApiManagement/service/workspaces/tags/* | |
| Microsoft.ApiManagement/service/workspaces/notifications/* | |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Has read access to entities in the workspace and read and write access to entities for publishing APIs. This role should be assigned on the workspace scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/73c2c328-d004-4c5e-938c-35c6f5679a1f",
"name": "73c2c328-d004-4c5e-938c-35c6f5679a1f",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/workspaces/*/read",
"Microsoft.ApiManagement/service/workspaces/products/*",
"Microsoft.ApiManagement/service/workspaces/subscriptions/*",
"Microsoft.ApiManagement/service/workspaces/groups/*",
"Microsoft.ApiManagement/service/workspaces/tags/*",
"Microsoft.ApiManagement/service/workspaces/notifications/*",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Workspace API Product Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API 管理工作区参与者
可以管理工作区和视图,但不能修改其成员。 应在工作区范围内分配此角色。
| 操作 | 说明 |
|---|---|
| Microsoft.ApiManagement/service/workspaces/* | |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Can manage the workspace and view, but not modify its members. This role should be assigned on the workspace scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0c34c906-8d99-4cb7-8bb7-33f5b0a1a799",
"name": "0c34c906-8d99-4cb7-8bb7-33f5b0a1a799",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/workspaces/*",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Workspace Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API 管理工作区读者
对工作区中的实体具有只读访问权限。 应在工作区范围内分配此角色。
| 操作 | 说明 |
|---|---|
| Microsoft.ApiManagement/service/workspaces/*/read | |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Has read-only access to entities in the workspace. This role should be assigned on the workspace scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2",
"name": "ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/workspaces/*/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Workspace Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
应用配置参与者
为应用配置资源的所有管理操作(清除除外)授予权限。
| 操作 | 说明 |
|---|---|
| Microsoft.AppConfiguration/* | |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| Microsoft.AppConfiguration/locations/deletedConfigurationStores/purge/action | 清除指定的已删除配置存储区。 |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Grants permission for all management operations, except purge, for App Configuration resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fe86443c-f201-4fc4-9d2a-ac61149fbda0",
"name": "fe86443c-f201-4fc4-9d2a-ac61149fbda0",
"permissions": [
{
"actions": [
"Microsoft.AppConfiguration/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [
"Microsoft.AppConfiguration/locations/deletedConfigurationStores/purge/action"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "App Configuration Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
应用程序配置数据所有者
允许对应用程序配置数据进行完全访问。
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.AppConfiguration/configurationStores/*/read | |
| Microsoft.AppConfiguration/configurationStores/*/write | |
| Microsoft.AppConfiguration/configurationStores/*/delete | |
| Microsoft.AppConfiguration/configurationStores/*/action | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows full access to App Configuration data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
"name": "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppConfiguration/configurationStores/*/read",
"Microsoft.AppConfiguration/configurationStores/*/write",
"Microsoft.AppConfiguration/configurationStores/*/delete",
"Microsoft.AppConfiguration/configurationStores/*/action"
],
"notDataActions": []
}
],
"roleName": "App Configuration Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
应用程序配置数据读取者
允许对应用程序配置数据进行读取访问。
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.AppConfiguration/configurationStores/*/read | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to App Configuration data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071",
"name": "516239f1-63e1-4d78-a4de-a74fb236a071",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppConfiguration/configurationStores/*/read"
],
"notDataActions": []
}
],
"roleName": "App Configuration Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
应用配置读取者
授予读取应用配置资源操作的权限。
| 操作 | 说明 |
|---|---|
| Microsoft.AppConfiguration/*/read | |
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/read | 读取经典指标警报 |
| Microsoft.Resources/deployments/read | 获取或列出部署。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Grants permission for read operations for App Configuration resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/175b81b9-6e0d-490a-85e4-0d422273c10c",
"name": "175b81b9-6e0d-490a-85e4-0d422273c10c",
"permissions": [
{
"actions": [
"Microsoft.AppConfiguration/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "App Configuration Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 中继侦听器
允许侦听对 Azure 中继资源的访问。
| 操作 | 说明 |
|---|---|
| Microsoft.Relay/*/wcfRelays/read | |
| Microsoft.Relay/*/hybridConnections/read | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Relay/*/listen/action | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for listen access to Azure Relay resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/26e0b698-aa6d-4085-9386-aadae190014d",
"name": "26e0b698-aa6d-4085-9386-aadae190014d",
"permissions": [
{
"actions": [
"Microsoft.Relay/*/wcfRelays/read",
"Microsoft.Relay/*/hybridConnections/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Relay/*/listen/action"
],
"notDataActions": []
}
],
"roleName": "Azure Relay Listener",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 中继所有者
允许完全访问 Azure 中继资源。
| 操作 | 说明 |
|---|---|
| Microsoft.Relay/* | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Relay/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Relay resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2787bf04-f1f5-4bfe-8383-c8a24483ee38",
"name": "2787bf04-f1f5-4bfe-8383-c8a24483ee38",
"permissions": [
{
"actions": [
"Microsoft.Relay/*"
],
"notActions": [],
"dataActions": [
"Microsoft.Relay/*"
],
"notDataActions": []
}
],
"roleName": "Azure Relay Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 中继发送方
允许发送对 Azure 中继资源的访问权限。
| 操作 | 说明 |
|---|---|
| Microsoft.Relay/*/wcfRelays/read | |
| Microsoft.Relay/*/hybridConnections/read | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.Relay/*/send/action | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for send access to Azure Relay resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/26baccc8-eea7-41f1-98f4-1762cc7f685d",
"name": "26baccc8-eea7-41f1-98f4-1762cc7f685d",
"permissions": [
{
"actions": [
"Microsoft.Relay/*/wcfRelays/read",
"Microsoft.Relay/*/hybridConnections/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Relay/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Relay Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 资源通知系统主题订阅者
可让你在 Azure 资源通知当前和未来公开的所有系统主题上创建系统主题和事件订阅
| 操作 | 说明 |
|---|---|
| Microsoft.ResourceNotifications/systemTopics/subscribeToResources/action | 对资源系统主题执行创建和事件订阅创建的权限 |
| Microsoft.ResourceNotifications/systemTopics/subscribeToHealthResources/action | 对 HealthResources 系统主题执行创建和事件订阅创建的权限 |
| Microsoft.ResourceNotifications/systemTopics/subscribeToMaintenanceResources/action | 对 MaintenanceResources 系统主题执行创建和事件订阅创建的权限 |
| Microsoft.ResourceNotifications/systemTopics/subscribeToComputeResources/action | 对 ComputeResources 系统主题执行创建和事件订阅创建的权限 |
| Microsoft.ResourceNotifications/systemTopics/subscribeToComputeScheduleResources/action | 对 ComputeScheduleResources 系统主题执行创建和事件订阅创建的权限 |
| Microsoft.EventGrid/eventSubscriptions/write | 创建或更新事件订阅 |
| Microsoft.EventGrid/systemTopics/eventSubscriptions/write | 创建或更新 SystemTopic eventSubscription |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you create system topics and event subscriptions on all system topics exposed currently and in the future by Azure Resource Notifications",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0b962ed2-6d56-471c-bd5f-3477d83a7ba4",
"name": "0b962ed2-6d56-471c-bd5f-3477d83a7ba4",
"permissions": [
{
"actions": [
"Microsoft.ResourceNotifications/systemTopics/subscribeToResources/action",
"Microsoft.ResourceNotifications/systemTopics/subscribeToHealthResources/action",
"Microsoft.ResourceNotifications/systemTopics/subscribeToMaintenanceResources/action",
"Microsoft.ResourceNotifications/systemTopics/subscribeToComputeResources/action",
"Microsoft.ResourceNotifications/systemTopics/subscribeToComputeScheduleResources/action",
"Microsoft.EventGrid/eventSubscriptions/write",
"Microsoft.EventGrid/systemTopics/eventSubscriptions/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Resource Notifications System Topics Subscriber",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 服务总线数据所有者
允许完全访问 Azure 服务总线资源。
| 操作 | 说明 |
|---|---|
| Microsoft.ServiceBus/* | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.ServiceBus/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Service Bus resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419",
"name": "090c5cfd-751d-490a-894a-3ce6f1109419",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 服务总线数据接收方
允许对 Azure 服务总线资源进行接收访问。
| 操作 | 描述 |
|---|---|
| Microsoft.ServiceBus/*/queues/read | |
| Microsoft.ServiceBus/*/topics/read | |
| Microsoft.ServiceBus/*/topics/subscriptions/read | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.ServiceBus/*/receive/action | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for receive access to Azure Service Bus resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
"name": "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*/queues/read",
"Microsoft.ServiceBus/*/topics/read",
"Microsoft.ServiceBus/*/topics/subscriptions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 服务总线数据发送方
允许对 Azure 服务总线资源进行发送访问。
| 操作 | 描述 |
|---|---|
| Microsoft.ServiceBus/*/queues/read | |
| Microsoft.ServiceBus/*/topics/read | |
| Microsoft.ServiceBus/*/topics/subscriptions/read | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.ServiceBus/*/send/action | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows for send access to Azure Service Bus resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
"name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*/queues/read",
"Microsoft.ServiceBus/*/topics/read",
"Microsoft.ServiceBus/*/topics/subscriptions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
BizTalk 参与者
允许管理 BizTalk 服务,但不允许访问这些服务。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.BizTalkServices/BizTalk/* | 创建和管理 BizTalk 服务 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage BizTalk services, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5e3c6656-6cfa-4708-81fe-0de47ac73342",
"name": "5e3c6656-6cfa-4708-81fe-0de47ac73342",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.BizTalkServices/BizTalk/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "BizTalk Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DeID 批处理数据所有者
创建和管理 DeID 批处理作业。 此角色处于预览版阶段,可能会有所更改。
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.HealthDataAIServices/DeidServices/Batch/write | 创建批处理 |
| Microsoft.HealthDataAIServices/DeidServices/Batch/delete | 删除批处理 |
| Microsoft.HealthDataAIServices/DeidServices/Batch/read | 读取批处理 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Create and manage DeID batch jobs. This role is in preview and subject to change.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8a90fa6b-6997-4a07-8a95-30633a7c97b9",
"name": "8a90fa6b-6997-4a07-8a95-30633a7c97b9",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthDataAIServices/DeidServices/Batch/write",
"Microsoft.HealthDataAIServices/DeidServices/Batch/delete",
"Microsoft.HealthDataAIServices/DeidServices/Batch/read"
],
"notDataActions": []
}
],
"roleName": "DeID Batch Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DeID 批处理数据读取者
读取 DeID 批处理作业。 此角色处于预览版阶段,可能会有所更改。
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.HealthDataAIServices/DeidServices/Batch/read | 读取批处理 |
| NotDataActions | |
| Microsoft.HealthDataAIServices/DeidServices/Batch/write | 创建批处理 |
| Microsoft.HealthDataAIServices/DeidServices/Batch/delete | 删除批处理 |
{
"assignableScopes": [
"/"
],
"description": "Read DeID batch jobs. This role is in preview and subject to change.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b73a14ee-91f5-41b7-bd81-920e12466be9",
"name": "b73a14ee-91f5-41b7-bd81-920e12466be9",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthDataAIServices/DeidServices/Batch/read"
],
"notDataActions": [
"Microsoft.HealthDataAIServices/DeidServices/Batch/write",
"Microsoft.HealthDataAIServices/DeidServices/Batch/delete"
]
}
],
"roleName": "DeID Batch Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DeID 数据所有者
完全访问 DeID 数据。 此角色处于预览版阶段,可能会有所更改
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.HealthDataAIServices/DeidServices/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Full access to DeID data. This role is in preview and subject to change",
"id": "/providers/Microsoft.Authorization/roleDefinitions/78e4b983-1a0b-472e-8b7d-8d770f7c5890",
"name": "78e4b983-1a0b-472e-8b7d-8d770f7c5890",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthDataAIServices/DeidServices/*"
],
"notDataActions": []
}
],
"roleName": "DeID Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DeID 实时数据用户
针对 DeID 实时终结点执行请求。 此角色处于预览版阶段,可能会有所更改。
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.HealthDataAIServices/DeidServices/Realtime/action | 允许访问实时终结点 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Execute requests against DeID realtime endpoint. This role is in preview and subject to change.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/bb6577c4-ea0a-40b2-8962-ea18cb8ecd4e",
"name": "bb6577c4-ea0a-40b2-8962-ea18cb8ecd4e",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthDataAIServices/DeidServices/Realtime/action"
],
"notDataActions": []
}
],
"roleName": "DeID Realtime Data User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DICOM 数据所有者
DICOM 数据的完全访问权限。
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.HealthcareApis/workspaces/dicomservices/resources/* | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Full access to DICOM data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/58a3b984-7adf-4c20-983a-32417c86fbc8",
"name": "58a3b984-7adf-4c20-983a-32417c86fbc8",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/workspaces/dicomservices/resources/*"
],
"notDataActions": []
}
],
"roleName": "DICOM Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DICOM 数据读取者
读取和搜索 DICOM 数据。
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.HealthcareApis/workspaces/dicomservices/resources/read | 读取 DICOM 资源(包括搜索和更改源)。 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Read and search DICOM data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a",
"name": "e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/workspaces/dicomservices/resources/read"
],
"notDataActions": []
}
],
"roleName": "DICOM Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid 参与者
可以管理 EventGrid 操作。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.EventGrid/* | 创建和管理事件网格资源 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage EventGrid operations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de",
"name": "1e241071-0855-49ea-94dc-649edcd759de",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid 数据发送方
允许发送对事件网格事件的访问权限。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.EventGrid/topics/read | 读取主题 |
| Microsoft.EventGrid/domains/read | 读取域 |
| Microsoft.EventGrid/partnerNamespaces/read | 读取合作伙伴命名空间 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.EventGrid/namespaces/read | 读取命名空间 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.EventGrid/events/send/action | 将事件发送到主题 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows send access to event grid events.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d5a91429-5739-47e2-a06b-3470a27159e7",
"name": "d5a91429-5739-47e2-a06b-3470a27159e7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/topics/read",
"Microsoft.EventGrid/domains/read",
"Microsoft.EventGrid/partnerNamespaces/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.EventGrid/namespaces/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventGrid/events/send/action"
],
"notDataActions": []
}
],
"roleName": "EventGrid Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid EventSubscription 参与者
可以管理 EventGrid 事件订阅操作。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.EventGrid/eventSubscriptions/* | 创建和管理区域事件订阅 |
| Microsoft.EventGrid/topicTypes/eventSubscriptions/read | 按主题类型列出全局事件订阅 |
| Microsoft.EventGrid/locations/eventSubscriptions/read | 列出区域事件订阅 |
| Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read | 按主题类型列出区域事件订阅 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage EventGrid event subscription operations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
"name": "428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/eventSubscriptions/*",
"Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
"Microsoft.EventGrid/locations/eventSubscriptions/read",
"Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid EventSubscription Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid EventSubscription 读者
可以读取 EventGrid 事件订阅。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.EventGrid/eventSubscriptions/read | 读取事件订阅 |
| Microsoft.EventGrid/topicTypes/eventSubscriptions/read | 按主题类型列出全局事件订阅 |
| Microsoft.EventGrid/locations/eventSubscriptions/read | 列出区域事件订阅 |
| Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read | 按主题类型列出区域事件订阅 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you read EventGrid event subscriptions.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405",
"name": "2414bbcf-6497-4faf-8c65-045460748405",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/eventSubscriptions/read",
"Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
"Microsoft.EventGrid/locations/eventSubscriptions/read",
"Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid EventSubscription Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid TopicSpaces Publisher
允许在 Topicspaces 上发布消息。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.EventGrid/*/read | |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.EventGrid/topicSpaces/publish/action | 发布到主题空间 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you publish messages on topicspaces.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a12b0b94-b317-4dcd-84a8-502ce99884c6",
"name": "a12b0b94-b317-4dcd-84a8-502ce99884c6",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventGrid/topicSpaces/publish/action"
],
"notDataActions": []
}
],
"roleName": "EventGrid TopicSpaces Publisher",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid TopicSpaces 订阅者
允许在 Topicspaces 上订阅消息。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.EventGrid/*/read | |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.EventGrid/topicSpaces/subscribe/action | 订阅主题空间 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you subscribe messages on topicspaces.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4b0f2fd7-60b4-4eca-896f-4435034f8bf5",
"name": "4b0f2fd7-60b4-4eca-896f-4435034f8bf5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventGrid/topicSpaces/subscribe/action"
],
"notDataActions": []
}
],
"roleName": "EventGrid TopicSpaces Subscriber",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR 数据参与者
角色允许用户或主体完全访问 FHIR 数据
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.HealthcareApis/services/fhir/resources/* | |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/* | |
| NotDataActions | |
| Microsoft.HealthcareApis/services/fhir/resources/smart/action | 允许用户根据 SMART on FHIR 规范访问 FHIR 服务。 |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/smart/action | 允许用户根据 SMART on FHIR 规范访问 FHIR 服务。 |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal full access to FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5a1fc7df-4bf1-4951-a576-89034ee01acd",
"name": "5a1fc7df-4bf1-4951-a576-89034ee01acd",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/*",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/*"
],
"notDataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/smart/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/smart/action"
]
}
],
"roleName": "FHIR Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR 数据转换者
角色允许用户或主体将数据从旧格式转换为 FHIR
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.HealthcareApis/services/fhir/resources/convertData/action | 数据转换操作 ($convert-data) |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/convertData/action | 数据转换操作 ($convert-data) |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to convert data from legacy format to FHIR",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
"name": "a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/convertData/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/convertData/action"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Converter",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR 数据导出者
角色允许用户或主体读取和导出 FHIR 数据
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.HealthcareApis/services/fhir/resources/read | 读取 FHIR 资源(包括搜索和带有版本的历史记录)。 |
| Microsoft.HealthcareApis/services/fhir/resources/export/action | 导出操作 ($export)。 |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | 读取 FHIR 资源(包括搜索和带有版本的历史记录)。 |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action | 导出操作 ($export)。 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to read and export FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3db33094-8700-4567-8da5-1501d4e7e843",
"name": "3db33094-8700-4567-8da5-1501d4e7e843",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/read",
"Microsoft.HealthcareApis/services/fhir/resources/export/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/read",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Exporter",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR 数据导入者
该角色允许用户或主体读取和导入 FHIR 数据
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | 读取 FHIR 资源(包括搜索和带有版本的历史记录)。 |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action | 批量导入 FHIR 资源。 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to read and import FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4465e953-8ced-4406-a58e-0f6e3f3b530b",
"name": "4465e953-8ced-4406-a58e-0f6e3f3b530b",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/read",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Importer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR 数据读取者
角色允许用户或主体读取 FHIR 数据
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.HealthcareApis/services/fhir/resources/read | 读取 FHIR 资源(包括搜索和带有版本的历史记录)。 |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | 读取 FHIR 资源(包括搜索和带有版本的历史记录)。 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to read FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4c8d0bbc-75d3-4935-991f-5f3c56d81508",
"name": "4c8d0bbc-75d3-4935-991f-5f3c56d81508",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/read",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/read"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR 数据写入者
角色允许用户或主体读取和写入 FHIR 数据
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.HealthcareApis/services/fhir/resources/read | 读取 FHIR 资源(包括搜索和带有版本的历史记录)。 |
| Microsoft.HealthcareApis/services/fhir/resources/write | 写入 FHIR 资源(包括创建和更新)。 |
| Microsoft.HealthcareApis/services/fhir/resources/delete | 删除 FHIR 资源(软删除)。 |
| Microsoft.HealthcareApis/services/fhir/resources/export/action | 导出操作 ($export)。 |
| Microsoft.HealthcareApis/services/fhir/resources/resourceValidate/action | 验证操作 ($validate)。 |
| Microsoft.HealthcareApis/services/fhir/resources/reindex/action | Allows user to run Reindex job to index any search parameters that haven't yet been indexed. |
| Microsoft.HealthcareApis/services/fhir/resources/convertData/action | 数据转换操作 ($convert-data) |
| Microsoft.HealthcareApis/services/fhir/resources/editProfileDefinitions/action | 允许用户对配置文件资源执行“创建更新删除”操作。 |
| Microsoft.HealthcareApis/services/fhir/resources/import/action | 批量导入 FHIR 资源。 |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | 读取 FHIR 资源(包括搜索和带有版本的历史记录)。 |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/write | 写入 FHIR 资源(包括创建和更新)。 |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/delete | 删除 FHIR 资源(软删除)。 |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action | 导出操作 ($export)。 |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/resourceValidate/action | 验证操作 ($validate)。 |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/reindex/action | Allows user to run Reindex job to index any search parameters that haven't yet been indexed. |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/convertData/action | 数据转换操作 ($convert-data) |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/editProfileDefinitions/action | 允许用户对配置文件资源执行“创建更新删除”操作。 |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action | 批量导入 FHIR 资源。 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to read and write FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3f88fce4-5892-4214-ae73-ba5294559913",
"name": "3f88fce4-5892-4214-ae73-ba5294559913",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/read",
"Microsoft.HealthcareApis/services/fhir/resources/write",
"Microsoft.HealthcareApis/services/fhir/resources/delete",
"Microsoft.HealthcareApis/services/fhir/resources/export/action",
"Microsoft.HealthcareApis/services/fhir/resources/resourceValidate/action",
"Microsoft.HealthcareApis/services/fhir/resources/reindex/action",
"Microsoft.HealthcareApis/services/fhir/resources/convertData/action",
"Microsoft.HealthcareApis/services/fhir/resources/editProfileDefinitions/action",
"Microsoft.HealthcareApis/services/fhir/resources/import/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/read",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/write",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/delete",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/resourceValidate/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/reindex/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/convertData/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/editProfileDefinitions/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Writer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR SMART 用户
角色允许用户根据 SMART on FHIR 规范访问 FHIR 服务
| 操作 | 描述 |
|---|---|
| 无 | |
| 不操作 | |
| 无 | |
| DataActions | |
| Microsoft.HealthcareApis/services/fhir/resources/read | 读取 FHIR 资源(包括搜索和带有版本的历史记录)。 |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | 读取 FHIR 资源(包括搜索和带有版本的历史记录)。 |
| Microsoft.HealthcareApis/services/fhir/resources/smart/action | 允许用户根据 SMART on FHIR 规范访问 FHIR 服务。 |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/smart/action | 允许用户根据 SMART on FHIR 规范访问 FHIR 服务。 |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Role allows user to access FHIR Service according to SMART on FHIR specification",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4ba50f17-9666-485c-a643-ff00808643f0",
"name": "4ba50f17-9666-485c-a643-ff00808643f0",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/read",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/read",
"Microsoft.HealthcareApis/services/fhir/resources/smart/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/smart/action"
],
"notDataActions": []
}
],
"roleName": "FHIR SMART User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
集成服务环境参与者
允许管理集成服务环境,但不允许访问这些环境。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Logic/integrationServiceEnvironments/* | |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage integration service environments, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a41e2c5b-bd99-4a07-88f4-9bf657a760b8",
"name": "a41e2c5b-bd99-4a07-88f4-9bf657a760b8",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Logic/integrationServiceEnvironments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Integration Service Environment Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
集成服务环境开发人员
允许开发人员在集成服务环境中创建和更新工作流、集成帐户与 API 连接。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Logic/integrationServiceEnvironments/read | 读取集成服务环境。 |
| Microsoft.Logic/integrationServiceEnvironments/*/join/action | |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Allows developers to create and update workflows, integration accounts and API connections in integration service environments.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c7aa55d3-1abb-444a-a5ca-5e51e485d6ec",
"name": "c7aa55d3-1abb-444a-a5ca-5e51e485d6ec",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Logic/integrationServiceEnvironments/read",
"Microsoft.Logic/integrationServiceEnvironments/*/join/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Integration Service Environment Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Intelligent Systems 帐户参与者
允许管理智能系统帐户,但不允许访问这些帐户。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.IntelligentSystems/accounts/* | 创建和管理智能系统帐户 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Intelligent Systems accounts, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e",
"name": "03a6d094-3444-4b3d-88af-7477090a9e5e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.IntelligentSystems/accounts/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Intelligent Systems Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
逻辑应用参与者
允许管理逻辑应用,但不允许更改其访问权限。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.ClassicStorage/storageAccounts/listKeys/action | 列出存储帐户的访问密钥。 |
| Microsoft.ClassicStorage/storageAccounts/read | 返回包含给定帐户的存储帐户。 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.Insights/metricAlerts/* | |
| Microsoft.Insights/diagnosticSettings/* | 创建、更新或读取 Analysis Server 的诊断设置 |
| Microsoft.Insights/logdefinitions/* | 此权限对于需要通过门户访问活动日志的用户是必需的。 列出活动日志中的日志类别。 |
| Microsoft.Insights/metricDefinitions/* | 读取指标定义(资源的可用指标类型的列表)。 |
| Microsoft.Logic/* | 管理逻辑应用资源。 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Storage/storageAccounts/listkeys/action | 返回指定存储帐户的访问密钥。 |
| Microsoft.Storage/storageAccounts/read | 返回存储帐户的列表,或获取指定存储帐户的属性。 |
| Microsoft.Web/connectionGateways/* | 创建和管理连接网关。 |
| Microsoft.Web/connections/* | 创建和管理连接。 |
| Microsoft.Web/customApis/* | 创建和管理自定义 API。 |
| Microsoft.Web/serverFarms/join/action | 加入应用服务计划 |
| Microsoft.Web/serverFarms/read | 获取应用服务计划的属性 |
| Microsoft.Web/sites/functions/listSecrets/action | 列出函数机密。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage logic app, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e",
"name": "87a39d53-fc1b-424a-814c-f7e04687dc9e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.ClassicStorage/storageAccounts/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/logdefinitions/*",
"Microsoft.Insights/metricDefinitions/*",
"Microsoft.Logic/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Web/connectionGateways/*",
"Microsoft.Web/connections/*",
"Microsoft.Web/customApis/*",
"Microsoft.Web/serverFarms/join/action",
"Microsoft.Web/serverFarms/read",
"Microsoft.Web/sites/functions/listSecrets/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic App Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
逻辑应用运算符
允许读取、启用和禁用逻辑应用,但不允许编辑或更新它们。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/*/read | 读取 Insights 警报规则 |
| Microsoft.Insights/metricAlerts/*/read | |
| Microsoft.Insights/diagnosticSettings/*/read | 获取逻辑应用的诊断设置 |
| Microsoft.Insights/metricDefinitions/*/read | 获取逻辑应用的可用指标。 |
| Microsoft.Logic/*/read | 读取逻辑应用资源。 |
| Microsoft.Logic/workflows/disable/action | 禁用工作流。 |
| Microsoft.Logic/workflows/enable/action | 启用工作流。 |
| Microsoft.Logic/workflows/validate/action | 验证工作流。 |
| Microsoft.Resources/deployments/operations/read | 获取或列出部署操作。 |
| Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Web/connectionGateways/*/read | 读取连接网关。 |
| Microsoft.Web/connections/*/read | 读取连接。 |
| Microsoft.Web/customApis/*/read | 读取自定义 API。 |
| Microsoft.Web/serverFarms/read | 获取应用服务计划的属性 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you read, enable and disable logic app.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
"name": "515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*/read",
"Microsoft.Insights/metricAlerts/*/read",
"Microsoft.Insights/diagnosticSettings/*/read",
"Microsoft.Insights/metricDefinitions/*/read",
"Microsoft.Logic/*/read",
"Microsoft.Logic/workflows/disable/action",
"Microsoft.Logic/workflows/enable/action",
"Microsoft.Logic/workflows/validate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
"Microsoft.Web/connectionGateways/*/read",
"Microsoft.Web/connections/*/read",
"Microsoft.Web/customApis/*/read",
"Microsoft.Web/serverFarms/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic App Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
标准型逻辑应用参与者(预览版)
可以管理标准逻辑应用和工作流的各个方面。 不能更改访问权限或所有权。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.Resources/deployments/operations/read | 获取或列出部署操作。 |
| Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Web/*/read | |
| Microsoft.Web/certificates/* | 创建和管理证书。 |
| Microsoft.Web/connectionGateways/* | 创建和管理连接网关。 |
| Microsoft.Web/connections/* | 创建和管理连接。 |
| Microsoft.Web/customApis/* | 创建和管理自定义 API。 |
| Microsoft.Web/serverFarms/* | 创建和管理应用服务计划。 |
| Microsoft.Web/sites/* | 创建和管理 Web 应用。 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "You can manage all aspects of a Standard logic app and workflows. You can't change access or ownership.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ad710c24-b039-4e85-a019-deb4a06e8570",
"name": "ad710c24-b039-4e85-a019-deb4a06e8570",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Web/*/read",
"Microsoft.Web/certificates/*",
"Microsoft.Web/connectionGateways/*",
"Microsoft.Web/connections/*",
"Microsoft.Web/customApis/*",
"Microsoft.Web/serverFarms/*",
"Microsoft.Web/sites/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic Apps Standard Contributor (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
标准型逻辑应用开发者(预览版)
可以为标准逻辑应用创建和编辑工作流、连接和设置。 不能在工作流范围之外进行更改。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.Resources/deployments/operations/read | 获取或列出部署操作。 |
| Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Web/*/read | |
| Microsoft.Web/connections/* | 创建和管理连接。 |
| Microsoft.Web/customApis/* | 创建和管理自定义 API。 |
| Microsoft.Web/sites/config/list/Action | 列出 Web 应用的安全敏感设置,例如发布凭据、应用设置和连接字符串 |
| microsoft.web/sites/config/Write | 更新 Web 应用的配置设置 |
| microsoft.web/sites/config/web/appsettings/delete | 删除 Web 应用的应用设置 |
| microsoft.web/sites/config/web/appsettings/write | 创建或更新 Web 应用的单个应用设置 |
| microsoft.web/sites/deployWorkflowArtifacts/action | 在逻辑应用中创建项目。 |
| microsoft.web/sites/hostruntime/* | 获取或列出 Web 应用或函数应用的 hostruntime 项目。 |
| microsoft.web/sites/listworkflowsconnections/action | 按逻辑应用中的 ID 列出逻辑应用的连接。 |
| Microsoft.Web/sites/publish/Action | 发布 Web 应用 |
| microsoft.web/sites/slots/config/appsettings/write | 创建或更新 Web 应用槽的单个应用设置 |
| Microsoft.Web/sites/slots/config/list/Action | 列出 Web 应用槽的安全敏感设置,例如发布凭据、应用设置和连接字符串 |
| microsoft.web/sites/slots/config/web/appsettings/delete | 删除 Web 应用槽的应用设置 |
| microsoft.web/sites/slots/deployWorkflowArtifacts/action | 在逻辑应用的部署槽位中创建项目。 |
| microsoft.web/sites/slots/listworkflowsconnections/action | 按逻辑应用部署槽中的 ID 列出逻辑应用的连接。 |
| Microsoft.Web/sites/slots/publish/Action | 发布 Web 应用槽 |
| microsoft.web/sites/workflows/* | |
| microsoft.web/sites/workflowsconfiguration/* | |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "You can create and edit workflows, connections, and settings for a Standard logic app. You can't make changes outside the workflow scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/523776ba-4eb2-4600-a3c8-f2dc93da4bdb",
"name": "523776ba-4eb2-4600-a3c8-f2dc93da4bdb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Web/*/read",
"Microsoft.Web/connections/*",
"Microsoft.Web/customApis/*",
"Microsoft.Web/sites/config/list/Action",
"microsoft.web/sites/config/Write",
"microsoft.web/sites/config/web/appsettings/delete",
"microsoft.web/sites/config/web/appsettings/write",
"microsoft.web/sites/deployWorkflowArtifacts/action",
"microsoft.web/sites/hostruntime/*",
"microsoft.web/sites/listworkflowsconnections/action",
"Microsoft.Web/sites/publish/Action",
"microsoft.web/sites/slots/config/appsettings/write",
"Microsoft.Web/sites/slots/config/list/Action",
"microsoft.web/sites/slots/config/web/appsettings/delete",
"microsoft.web/sites/slots/deployWorkflowArtifacts/action",
"microsoft.web/sites/slots/listworkflowsconnections/action",
"Microsoft.Web/sites/slots/publish/Action",
"microsoft.web/sites/workflows/*",
"microsoft.web/sites/workflowsconfiguration/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic Apps Standard Developer (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
标准型逻辑应用操作者(预览版)
你可以启用和禁用逻辑应用、重新提交工作流运行,以及创建连接。 不能编辑工作流或设置。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.Resources/deployments/operations/read | 获取或列出部署操作。 |
| Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Web/*/read | |
| Microsoft.Web/sites/applySlotConfig/Action | 将目标槽中的 Web 应用槽配置应用到当前 Web 应用 |
| microsoft.web/sites/hostruntime/* | 获取或列出 Web 应用或函数应用的 hostruntime 项目。 |
| Microsoft.Web/sites/restart/Action | 重启 Web 应用 |
| Microsoft.Web/sites/slots/restart/Action | 重启 Web 应用槽 |
| Microsoft.Web/sites/slots/slotsswap/Action | 交换 Web 应用部署槽 |
| Microsoft.Web/sites/slots/start/Action | 启动 Web 应用槽 |
| Microsoft.Web/sites/slots/stop/Action | 停止 Web 应用槽 |
| Microsoft.Web/sites/slotsdiffs/Action | 获取 Web 应用与槽之间的配置差异 |
| Microsoft.Web/sites/slotsswap/Action | 交换 Web 应用部署槽 |
| Microsoft.Web/sites/start/Action | 启动 Web 应用 |
| Microsoft.Web/sites/stop/Action | 停止 Web 应用 |
| Microsoft.Web/sites/write | 创建新的或更新现有的 Web 应用 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "You can enable and disable the logic app, resubmit workflow runs, as well as create connections. You can't edit workflows or settings.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b70c96e9-66fe-4c09-b6e7-c98e69c98555",
"name": "b70c96e9-66fe-4c09-b6e7-c98e69c98555",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Web/*/read",
"Microsoft.Web/sites/applySlotConfig/Action",
"microsoft.web/sites/hostruntime/*",
"Microsoft.Web/sites/restart/Action",
"Microsoft.Web/sites/slots/restart/Action",
"Microsoft.Web/sites/slots/slotsswap/Action",
"Microsoft.Web/sites/slots/start/Action",
"Microsoft.Web/sites/slots/stop/Action",
"Microsoft.Web/sites/slotsdiffs/Action",
"Microsoft.Web/sites/slotsswap/Action",
"Microsoft.Web/sites/start/Action",
"Microsoft.Web/sites/stop/Action",
"Microsoft.Web/sites/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic Apps Standard Operator (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
标准型逻辑应用读取者(预览版)
对标准型逻辑应用和工作流中的所有资源(包括工作流运行及其历史记录)具有只读访问权限。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.Resources/deployments/operations/read | 获取或列出部署操作。 |
| Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Web/*/read | |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "You have read-only access to all resources in a Standard logic app and workflows, including the workflow runs and their history.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4accf36b-2c05-432f-91c8-5c532dff4c73",
"name": "4accf36b-2c05-432f-91c8-5c532dff4c73",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Web/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic Apps Standard Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
计划程序作业集合参与者
允许管理计划程序作业集合,但不允许访问这些集合。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Scheduler/jobcollections/* | 创建和管理作业集合 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Scheduler job collections, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/188a0f2f-5c9e-469b-ae67-2aa5ce574b94",
"name": "188a0f2f-5c9e-469b-ae67-2aa5ce574b94",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Scheduler/jobcollections/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Scheduler Job Collections Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
服务中心操作员
“服务中心操作员”允许你执行与服务中心连接器相关的所有读取、写入和删除操作。
| 操作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 读取角色和角色分配 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
| Microsoft.Resources/deployments/* | 创建和管理部署 |
| Microsoft.ServicesHub/connectors/write | 创建或更新服务中心连接器 |
| Microsoft.ServicesHub/connectors/read | 查看或列出服务中心连接器 |
| Microsoft.ServicesHub/connectors/delete | 删除服务中心连接器 |
| Microsoft.ServicesHub/connectors/checkAssessmentEntitlement/action | 列出给定服务中心工作区的评估权利 |
| Microsoft.ServicesHub/supportOfferingEntitlement/read | 查看给定服务中心工作区的支持产品/服务权利 |
| Microsoft.ServicesHub/workspaces/read | 列出给定用户的服务中心工作区 |
| 不操作 | |
| 无 | |
| DataActions | |
| 无 | |
| NotDataActions | |
| 无 |
{
"assignableScopes": [
"/"
],
"description": "Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/82200a5b-e217-47a5-b665-6d8765ee745b",
"name": "82200a5b-e217-47a5-b665-6d8765ee745b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.ServicesHub/connectors/write",
"Microsoft.ServicesHub/connectors/read",
"Microsoft.ServicesHub/connectors/delete",
"Microsoft.ServicesHub/connectors/checkAssessmentEntitlement/action",
"Microsoft.ServicesHub/supportOfferingEntitlement/read",
"Microsoft.ServicesHub/workspaces/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Services Hub Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}