Roles integrados de Azure para Web y Mobile
En este artículo se enumeran los roles integrados de Azure en la categoría Web y Mobile.
Colaborador de datos de Azure Maps
Conde acceso para leer, escribir y eliminar datos relacionados con mapas desde una cuenta de mapas de Azure.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Maps/accounts/*/read | |
| Microsoft.Maps/accounts/*/write | |
| Microsoft.Maps/accounts/*/delete | |
| Microsoft.Maps/accounts/*/action | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read, write, and delete access to map related data from an Azure maps account.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
"name": "8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Maps/accounts/*/read",
"Microsoft.Maps/accounts/*/write",
"Microsoft.Maps/accounts/*/delete",
"Microsoft.Maps/accounts/*/action"
],
"notDataActions": []
}
],
"roleName": "Azure Maps Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Maps Data Reader
Concede acceso de lectura a los datos de los mapas de una cuenta de Azure Maps.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Maps/accounts/*/read | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read map related data from an Azure maps account.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
"name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Maps/accounts/*/read"
],
"notDataActions": []
}
],
"roleName": "Azure Maps Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de datos de búsqueda y representación de Azure Maps
Concede acceso a un conjunto muy limitado de API de datos para escenarios comunes del SDK web visual. En concreto, represente y busque las API de datos.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Maps/accounts/services/render/read | Permite la lectura de datos para los servicios Render. |
| Microsoft.Maps/accounts/services/search/read | Permite la lectura de datos para los servicios Search. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Grants access to very limited set of data APIs for common visual web SDK scenarios. Specifically, render and search data APIs.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6be48352-4f82-47c9-ad5e-0acacefdb005",
"name": "6be48352-4f82-47c9-ad5e-0acacefdb005",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Maps/accounts/services/render/read",
"Microsoft.Maps/accounts/services/search/read"
],
"notDataActions": []
}
],
"roleName": "Azure Maps Search and Render Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Rol lector de patrones de archivo de configuración del servicio De configuración de aplicaciones de Azure Spring Apps
Lee el contenido del patrón de archivo de configuración del servicio de configuración de aplicaciones en Azure Spring Apps.
| Acciones | Descripción |
|---|---|
| Microsoft.AppPlatform/Spring/read | Obtiene las instancias del servicio Azure Spring Apps. |
| Microsoft.AppPlatform/Spring/configurationServices/read | Obtiene los servicios de configuración de aplicaciones para una instancia específica de servicio de Azure Spring Apps. |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.AppPlatform/Spring/ApplicationConfigurationService/read | Lea el contenido de configuración (por ejemplo, application-prod.yaml) extraído por Application Configuration Service para una instancia de servicio específica de Azure Spring Apps. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read content of config file pattern for Application Configuration Service in Azure Spring Apps",
"id": "/providers/Microsoft.Authorization/roleDefinitions/25211fc6-dc78-40b6-b205-e4ac934fd9fd",
"name": "25211fc6-dc78-40b6-b205-e4ac934fd9fd",
"permissions": [
{
"actions": [
"Microsoft.AppPlatform/Spring/read",
"Microsoft.AppPlatform/Spring/configurationServices/read"
],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/ApplicationConfigurationService/read"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Apps Application Configuration Service Config File Pattern Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Rol lector de registro del servicio de configuración de aplicaciones de Azure Spring Apps
Lee los registros en tiempo real del servicio de configuración de aplicaciones en Azure Spring Apps.
| Acciones | Descripción |
|---|---|
| Microsoft.AppPlatform/Spring/read | Obtiene las instancias del servicio Azure Spring Apps. |
| Microsoft.AppPlatform/Spring/configurationServices/read | Obtiene los servicios de configuración de aplicaciones para una instancia específica de servicio de Azure Spring Apps. |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.AppPlatform/Spring/ApplicationConfigurationService/logstream/action | Lea el registro de streaming de todos los subcomponentes en Application Configuration Service desde una instancia de servicio específica de Azure Spring Apps. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read real-time logs for Application Configuration Service in Azure Spring Apps",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6593e776-2a30-40f9-8a32-4fe28b77655d",
"name": "6593e776-2a30-40f9-8a32-4fe28b77655d",
"permissions": [
{
"actions": [
"Microsoft.AppPlatform/Spring/read",
"Microsoft.AppPlatform/Spring/configurationServices/read"
],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/ApplicationConfigurationService/logstream/action"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Apps Application Configuration Service Log Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Rol de Conexión de Azure Spring Apps
Rol de Conexión de Azure Spring Apps
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.AppPlatform/Spring/apps/deployments/connect/action | Conecta una instancia a una aplicación específica. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Azure Spring Apps Connect Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/80558df3-64f9-4c0f-b32d-e5094b036b0b",
"name": "80558df3-64f9-4c0f-b32d-e5094b036b0b",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/apps/deployments/connect/action"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Apps Connect Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Rol de lector de registros de trabajos de Azure Spring Apps
Lectura de registros en tiempo real para trabajos en Azure Spring Apps
| Acciones | Descripción |
|---|---|
| Microsoft.AppPlatform/Spring/read | Obtiene las instancias del servicio Azure Spring Apps. |
| Microsoft.AppPlatform/Spring/jobs/read | Obtención del trabajo para una instancia de servicio específica de Azure Spring Apps |
| Microsoft.AppPlatform/Spring/jobs/executions/read | Obtención de la ejecución del trabajo para una instancia de servicio específica de Azure Spring Apps |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.AppPlatform/Spring/jobs/executions/logstream/action | Obtención del registro de streaming de ejecuciones de trabajos para una instancia de servicio específica de Azure Spring Apps |
| Microsoft.AppPlatform/Spring/jobs/executions/listInstances/action | Enumeración de instancias de una ejecución de trabajo específica para una instancia de servicio específica de Azure Spring Apps |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read real-time logs for jobs in Azure Spring Apps",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b459aa1d-e3c8-436f-ae21-c0531140f43e",
"name": "b459aa1d-e3c8-436f-ae21-c0531140f43e",
"permissions": [
{
"actions": [
"Microsoft.AppPlatform/Spring/read",
"Microsoft.AppPlatform/Spring/jobs/read",
"Microsoft.AppPlatform/Spring/jobs/executions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/jobs/executions/logstream/action",
"Microsoft.AppPlatform/Spring/jobs/executions/listInstances/action"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Apps Job Log Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Rol de depuración remota de Azure Spring Apps
Rol de depuración remota de Azure Spring Apps
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.AppPlatform/Spring/apps/deployments/remotedebugging/action | Instancia de aplicación de depuración remota para una aplicación específica. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Azure Spring Apps Remote Debugging Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a99b0159-1064-4c22-a57b-c9b3caa1c054",
"name": "a99b0159-1064-4c22-a57b-c9b3caa1c054",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/apps/deployments/remotedebugging/action"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Apps Remote Debugging Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Rol de lector de registros de Spring Cloud Gateway de Azure Spring Apps
Lectura de registros en tiempo real de Spring Cloud Gateway en Azure Spring Apps
| Acciones | Descripción |
|---|---|
| Microsoft.AppPlatform/Spring/read | Obtiene las instancias del servicio Azure Spring Apps. |
| Microsoft.AppPlatform/Spring/gateways/read | Obtiene las puertas de enlace de Spring Cloud para una instancia específica de servicio de Azure Spring Apps. |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.AppPlatform/Spring/SpringCloudGateway/logstream/action | Lea el registro de streaming de Spring Cloud Gateway desde una instancia de servicio específica de Azure Spring Apps. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read real-time logs for Spring Cloud Gateway in Azure Spring Apps",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4301dc2a-25a9-44b0-ae63-3636cf7f2bd2",
"name": "4301dc2a-25a9-44b0-ae63-3636cf7f2bd2",
"permissions": [
{
"actions": [
"Microsoft.AppPlatform/Spring/read",
"Microsoft.AppPlatform/Spring/gateways/read"
],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/SpringCloudGateway/logstream/action"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Apps Spring Cloud Gateway Log Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador en Config Server de Azure Spring Cloud
Permite el acceso de lectura, escritura y eliminación en Config Server en Azure Spring Cloud.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.AppPlatform/Spring/configService/read | Lee el contenido de la configuración (por ejemplo, application.yaml) para una instancia específica de servicio de Azure Spring Apps. |
| Microsoft.AppPlatform/Spring/configService/write | Escribe el contenido del servidor de configuración para una instancia específica de servicio de Azure Spring Apps. |
| Microsoft.AppPlatform/Spring/configService/delete | Elimina el contenido del servidor de configuración para una instancia específica de servicio de Azure Spring Apps. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allow read, write and delete access to Azure Spring Cloud Config Server",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b",
"name": "a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/configService/read",
"Microsoft.AppPlatform/Spring/configService/write",
"Microsoft.AppPlatform/Spring/configService/delete"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Cloud Config Server Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lectura en Config Server de Azure Spring Cloud
Permite el acceso de lectura a Config Server en Azure Spring Cloud.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.AppPlatform/Spring/configService/read | Lee el contenido de la configuración (por ejemplo, application.yaml) para una instancia específica de servicio de Azure Spring Apps. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allow read access to Azure Spring Cloud Config Server",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d04c6db6-4947-4782-9e91-30a88feb7be7",
"name": "d04c6db6-4947-4782-9e91-30a88feb7be7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/configService/read"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Cloud Config Server Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de datos de Azure Spring Cloud
Permite el acceso de lectura a los datos de Azure Spring Cloud.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.AppPlatform/Spring/*/read | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allow read access to Azure Spring Cloud Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b5537268-8956-4941-a8f0-646150406f0c",
"name": "b5537268-8956-4941-a8f0-646150406f0c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/*/read"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Cloud Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador en Service Registry de Azure Spring Cloud
Permite el acceso de lectura, escritura y eliminación en el registro de servicios de Azure Spring Cloud.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.AppPlatform/Spring/eurekaService/read | Lee la información de registro de aplicaciones de usuario para una instancia específica de servicio de Azure Spring Apps. |
| Microsoft.AppPlatform/Spring/eurekaService/write | Escribe la información de registro de aplicaciones de usuario para una instancia específica de servicio de Azure Spring Apps. |
| Microsoft.AppPlatform/Spring/eurekaService/delete | Elimina la información de registro de aplicaciones de usuario para una instancia específica de servicio de Azure Spring Apps. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allow read, write and delete access to Azure Spring Cloud Service Registry",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f5880b48-c26d-48be-b172-7927bfa1c8f1",
"name": "f5880b48-c26d-48be-b172-7927bfa1c8f1",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/eurekaService/read",
"Microsoft.AppPlatform/Spring/eurekaService/write",
"Microsoft.AppPlatform/Spring/eurekaService/delete"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Cloud Service Registry Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lectura en Service Registry de Azure Spring Cloud
Permite el acceso de lectura en el registro de servicios de Azure Spring Cloud.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.AppPlatform/Spring/eurekaService/read | Lee la información de registro de aplicaciones de usuario para una instancia específica de servicio de Azure Spring Apps. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allow read access to Azure Spring Cloud Service Registry",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cff1b556-2399-4e7e-856d-a8f754be7b65",
"name": "cff1b556-2399-4e7e-856d-a8f754be7b65",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/eurekaService/read"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Cloud Service Registry Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrador de cuenta de Media Services
Crear, leer, modificar y eliminar cuentas de Media Services; acceso de solo lectura a otros recursos de Media Services.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.Insights/metrics/read | Lee métricas |
| Microsoft.Insights/metricDefinitions/read | Lee definiciones de métricas |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificado |
| Microsoft.Media/mediaservices/*/read | |
| Microsoft.Media/mediaservices/assets/listStreamingLocators/action | Enumera los localizadores de streaming para el recurso. |
| Microsoft.Media/mediaservices/streamingLocators/listPaths/action | Enumera las rutas |
| Microsoft.Media/mediaservices/write | Crea o actualiza cualquier cuenta de Media Services. |
| Microsoft.Media/mediaservices/delete | Elimina cualquier cuenta de Media Services. |
| Microsoft.Media/mediaservices/privateEndpointConnectionsApproval/action | Aprueba las conexiones de punto de conexión privado. |
| Microsoft.Media/mediaservices/privateEndpointConnections/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Create, read, modify, and delete Media Services accounts; read-only access to other Media Services resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/054126f8-9a2b-4f1c-a9ad-eca461f08466",
"name": "054126f8-9a2b-4f1c-a9ad-eca461f08466",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Media/mediaservices/*/read",
"Microsoft.Media/mediaservices/assets/listStreamingLocators/action",
"Microsoft.Media/mediaservices/streamingLocators/listPaths/action",
"Microsoft.Media/mediaservices/write",
"Microsoft.Media/mediaservices/delete",
"Microsoft.Media/mediaservices/privateEndpointConnectionsApproval/action",
"Microsoft.Media/mediaservices/privateEndpointConnections/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Media Services Account Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrador de eventos en directo de Media Services
Crear, leer, modificar y eliminar eventos en directo, recursos, filtros de recursos y localizadores de streaming; acceso de solo lectura a otros recursos de Media Services.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.Insights/metrics/read | Lee métricas |
| Microsoft.Insights/metricDefinitions/read | Lee definiciones de métricas |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificado |
| Microsoft.Media/mediaservices/*/read | |
| Microsoft.Media/mediaservices/assets/* | |
| Microsoft.Media/mediaservices/assets/assetfilters/* | |
| Microsoft.Media/mediaservices/streamingLocators/* | |
| Microsoft.Media/mediaservices/liveEvents/* | |
| NotActions | |
| Microsoft.Media/mediaservices/assets/getEncryptionKey/action | Obtiene una clave de cifrado de recursos |
| Microsoft.Media/mediaservices/streamingLocators/listContentKeys/action | Enumera las claves de contenido |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Create, read, modify, and delete Live Events, Assets, Asset Filters, and Streaming Locators; read-only access to other Media Services resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/532bc159-b25e-42c0-969e-a1d439f60d77",
"name": "532bc159-b25e-42c0-969e-a1d439f60d77",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Media/mediaservices/*/read",
"Microsoft.Media/mediaservices/assets/*",
"Microsoft.Media/mediaservices/assets/assetfilters/*",
"Microsoft.Media/mediaservices/streamingLocators/*",
"Microsoft.Media/mediaservices/liveEvents/*"
],
"notActions": [
"Microsoft.Media/mediaservices/assets/getEncryptionKey/action",
"Microsoft.Media/mediaservices/streamingLocators/listContentKeys/action"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Media Services Live Events Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operador multimedia de Media Services
Crear, leer, modificar y eliminar recursos, filtros de recursos, localizadores de streaming y trabajos; acceso de solo lectura a otros recursos de Media Services.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.Insights/metrics/read | Lee métricas |
| Microsoft.Insights/metricDefinitions/read | Lee definiciones de métricas |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificado |
| Microsoft.Media/mediaservices/*/read | |
| Microsoft.Media/mediaservices/assets/* | |
| Microsoft.Media/mediaservices/assets/assetfilters/* | |
| Microsoft.Media/mediaservices/streamingLocators/* | |
| Microsoft.Media/mediaservices/transforms/jobs/* | |
| NotActions | |
| Microsoft.Media/mediaservices/assets/getEncryptionKey/action | Obtiene una clave de cifrado de recursos |
| Microsoft.Media/mediaservices/streamingLocators/listContentKeys/action | Enumera las claves de contenido |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Create, read, modify, and delete Assets, Asset Filters, Streaming Locators, and Jobs; read-only access to other Media Services resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e4395492-1534-4db2-bedf-88c14621589c",
"name": "e4395492-1534-4db2-bedf-88c14621589c",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Media/mediaservices/*/read",
"Microsoft.Media/mediaservices/assets/*",
"Microsoft.Media/mediaservices/assets/assetfilters/*",
"Microsoft.Media/mediaservices/streamingLocators/*",
"Microsoft.Media/mediaservices/transforms/jobs/*"
],
"notActions": [
"Microsoft.Media/mediaservices/assets/getEncryptionKey/action",
"Microsoft.Media/mediaservices/streamingLocators/listContentKeys/action"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Media Services Media Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrador de directivas de Media Services
Crear, leer, modificar y eliminar filtros de cuenta, directivas de streaming, directivas de clave de contenido y transformaciones; acceso de solo lectura a otros recursos de Media Services. No puede crear trabajos, recursos o recursos de streaming.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.Insights/metrics/read | Lee métricas |
| Microsoft.Insights/metricDefinitions/read | Lee definiciones de métricas |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificado |
| Microsoft.Media/mediaservices/*/read | |
| Microsoft.Media/mediaservices/assets/listStreamingLocators/action | Enumera los localizadores de streaming para el recurso. |
| Microsoft.Media/mediaservices/streamingLocators/listPaths/action | Enumera las rutas |
| Microsoft.Media/mediaservices/accountFilters/* | |
| Microsoft.Media/mediaservices/streamingPolicies/* | |
| Microsoft.Media/mediaservices/contentKeyPolicies/* | |
| Microsoft.Media/mediaservices/transforms/* | |
| NotActions | |
| Microsoft.Media/mediaservices/contentKeyPolicies/getPolicyPropertiesWithSecrets/action | Obtiene las propiedades de una directiva con secretos |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Create, read, modify, and delete Account Filters, Streaming Policies, Content Key Policies, and Transforms; read-only access to other Media Services resources. Cannot create Jobs, Assets or Streaming resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c4bba371-dacd-4a26-b320-7250bca963ae",
"name": "c4bba371-dacd-4a26-b320-7250bca963ae",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Media/mediaservices/*/read",
"Microsoft.Media/mediaservices/assets/listStreamingLocators/action",
"Microsoft.Media/mediaservices/streamingLocators/listPaths/action",
"Microsoft.Media/mediaservices/accountFilters/*",
"Microsoft.Media/mediaservices/streamingPolicies/*",
"Microsoft.Media/mediaservices/contentKeyPolicies/*",
"Microsoft.Media/mediaservices/transforms/*"
],
"notActions": [
"Microsoft.Media/mediaservices/contentKeyPolicies/getPolicyPropertiesWithSecrets/action"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Media Services Policy Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrador de puntos de conexión de streaming de Media Services
Crear, leer, modificar y eliminar puntos de conexión de streaming; acceso de solo lectura a otros recursos de Media Services.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.Insights/metrics/read | Lee métricas |
| Microsoft.Insights/metricDefinitions/read | Lee definiciones de métricas |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificado |
| Microsoft.Media/mediaservices/*/read | |
| Microsoft.Media/mediaservices/assets/listStreamingLocators/action | Enumera los localizadores de streaming para el recurso. |
| Microsoft.Media/mediaservices/streamingLocators/listPaths/action | Enumera las rutas |
| Microsoft.Media/mediaservices/streamingEndpoints/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Create, read, modify, and delete Streaming Endpoints; read-only access to other Media Services resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/99dba123-b5fe-44d5-874c-ced7199a5804",
"name": "99dba123-b5fe-44d5-874c-ced7199a5804",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Media/mediaservices/*/read",
"Microsoft.Media/mediaservices/assets/listStreamingLocators/action",
"Microsoft.Media/mediaservices/streamingLocators/listPaths/action",
"Microsoft.Media/mediaservices/streamingEndpoints/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Media Services Streaming Endpoints Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector AccessKey de SignalR
Lee las claves de acceso de SignalR Service.
| Acciones | Descripción |
|---|---|
| Microsoft.SignalRService/*/read | |
| Microsoft.SignalRService/SignalR/listkeys/action | Visualiza el valor de las claves de acceso de SignalR en el portal de administración o mediante de la API. |
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read SignalR Service Access Keys",
"id": "/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e",
"name": "04165923-9d83-45d5-8227-78b77b0a687e",
"permissions": [
{
"actions": [
"Microsoft.SignalRService/*/read",
"Microsoft.SignalRService/SignalR/listkeys/action",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SignalR AccessKey Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Servidor de aplicaciones de SignalR
Permite que el servidor de aplicaciones acceda al servicio SignalR con opciones de autenticación de AAD.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.SignalRService/SignalR/auth/accessKey/action | Generación de una clave de acceso para firmar AccessTokens, la clave expirará en 90 minutos de forma predeterminada. |
| Microsoft.SignalRService/SignalR/serverConnection/write | Inicio de una conexión de servidor |
| Microsoft.SignalRService/SignalR/clientConnection/write | Cierre de la conexión de cliente |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets your app server access SignalR Service with AAD auth options.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/420fcaa2-552c-430f-98ca-3264be4806c7",
"name": "420fcaa2-552c-430f-98ca-3264be4806c7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.SignalRService/SignalR/auth/accessKey/action",
"Microsoft.SignalRService/SignalR/serverConnection/write",
"Microsoft.SignalRService/SignalR/clientConnection/write"
],
"notDataActions": []
}
],
"roleName": "SignalR App Server",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Propietario de la API REST de SignalR
Acceso completo a las API REST de Azure SignalR Service.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.SignalRService/SignalR/auth/clientToken/action | Generar un AccessToken para que el cliente se conecte a ASRS, el token expirará en 5 minutos de forma predeterminada. |
| Microsoft.SignalRService/SignalR/hub/* | |
| Microsoft.SignalRService/SignalR/group/* | |
| Microsoft.SignalRService/SignalR/clientConnection/* | |
| Microsoft.SignalRService/SignalR/user/* | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Full access to Azure SignalR Service REST APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fd53cd77-2268-407a-8f46-7e7863d0f521",
"name": "fd53cd77-2268-407a-8f46-7e7863d0f521",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.SignalRService/SignalR/auth/clientToken/action",
"Microsoft.SignalRService/SignalR/hub/*",
"Microsoft.SignalRService/SignalR/group/*",
"Microsoft.SignalRService/SignalR/clientConnection/*",
"Microsoft.SignalRService/SignalR/user/*"
],
"notDataActions": []
}
],
"roleName": "SignalR REST API Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de la API REST de SignalR
Acceso de solo lectura a las API REST de Azure SignalR Service.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.SignalRService/SignalR/group/read | Comprobar la existencia de grupos o la existencia del usuario en el grupo |
| Microsoft.SignalRService/SignalR/clientConnection/read | Comprobación de la existencia de la conexión de cliente |
| Microsoft.SignalRService/SignalR/user/read | Comprobación de la existencia del usuario |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read-only access to Azure SignalR Service REST APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ddde6b66-c0df-4114-a159-3618637b3035",
"name": "ddde6b66-c0df-4114-a159-3618637b3035",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.SignalRService/SignalR/group/read",
"Microsoft.SignalRService/SignalR/clientConnection/read",
"Microsoft.SignalRService/SignalR/user/read"
],
"notDataActions": []
}
],
"roleName": "SignalR REST API Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Propietario de SignalR Service
Acceso completo a las API REST de Azure SignalR Service.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.SignalRService/SignalR/* | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Full access to Azure SignalR Service REST APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
"name": "7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.SignalRService/SignalR/*"
],
"notDataActions": []
}
],
"roleName": "SignalR Service Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador de SignalR y Web PubSub
Crea, lee, actualiza y elimina recursos del servicio SignalR.
| Acciones | Descripción |
|---|---|
| Microsoft.SignalRService/* | |
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Create, Read, Update, and Delete SignalR service resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
"name": "8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
"permissions": [
{
"actions": [
"Microsoft.SignalRService/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SignalR/Web PubSub Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador de plan web
Administra los planes web para los sitios web. No le permite asignar roles en RBAC de Azure.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.ResourceHealth/availabilityStatuses/read | Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificado |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| Microsoft.Web/serverFarms/* | Crear y administrar granjas de servidores |
| Microsoft.Web/hostingEnvironments/Join/Action | Se une a App Service Environment. |
| Microsoft.Insights/autoscalesettings/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage the web plans for websites, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
"name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/serverFarms/*",
"Microsoft.Web/hostingEnvironments/Join/Action",
"Microsoft.Insights/autoscalesettings/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Web Plan Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Propietario del servicio Web PubSub
Acceso total a las API REST del servicio Azure Web PubSub
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.SignalRService/WebPubSub/* | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Full access to Azure Web PubSub Service REST APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/12cf5a90-567b-43ae-8102-96cf46c7d9b4",
"name": "12cf5a90-567b-43ae-8102-96cf46c7d9b4",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.SignalRService/WebPubSub/*"
],
"notDataActions": []
}
],
"roleName": "Web PubSub Service Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector del servicio Web PubSub
Acceso de solo lectura a las API REST del servicio Azure Web PubSub
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.SignalRService/WebPubSub/*/read | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read-only access to Azure Web PubSub Service REST APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf",
"name": "bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.SignalRService/WebPubSub/*/read"
],
"notDataActions": []
}
],
"roleName": "Web PubSub Service Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador de sitio web
Administra sitios web, pero no planes web. No le permite asignar roles en RBAC de Azure.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.Insights/components/* | Crear y administrar componentes de Insights |
| Microsoft.ResourceHealth/availabilityStatuses/read | Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificado |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| Microsoft.Web/certificates/* | Crear y administrar certificados de sitios web |
| Microsoft.Web/listSitesAssignedToHostName/read | Obtiene los nombres de sitios asignados al nombre de host. |
| Microsoft.Web/register/action | Registra el proveedor de recursos de Microsoft.Web de la suscripción. |
| Microsoft.Web/serverFarms/join/action | Unirse a un plan de App Service |
| Microsoft.Web/serverFarms/read | Obtiene las propiedades de un plan de App Service |
| Microsoft.Web/sites/* | Crear y administrar sitios web (la creación de sitios también requiere permisos de escritura para el plan de App Service asociado) |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage websites (not web plans), but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
"name": "de139f84-1756-47ae-9be6-808fbbe84772",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/components/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/certificates/*",
"Microsoft.Web/listSitesAssignedToHostName/read",
"Microsoft.Web/register/action",
"Microsoft.Web/serverFarms/join/action",
"Microsoft.Web/serverFarms/read",
"Microsoft.Web/sites/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Website Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}