Peran bawaan Azure untuk Manajemen dan tata kelola
Artikel ini mencantumkan peran bawaan Azure dalam kategori Manajemen dan tata kelola.
Kontributor Rekomendasi Advisor (Penilaian dan Ulasan)
Lihat rekomendasi penilaian, rekomendasi ulasan yang diterima, dan kelola siklus hidup rekomendasi (tandai rekomendasi sebagai selesai, ditunda, atau diberhentikan, sedang berlangsung, atau belum dimulai).
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Advisor/rekomendasi/baca | Membaca rekomendasi |
| Microsoft.Advisor/recommendations/write | Menulis rekomendasi |
| Microsoft.Advisor/recommendations/available/action | Rekomendasi baru tersedia di Microsoft Advisor |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "View assessment recommendations, accepted review recommendations, and manage the recommendations lifecycle (mark recommendations as completed, postponed or dismissed, in progress, or not started).",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6b534d80-e337-47c4-864f-140f5c7f593d",
"name": "6b534d80-e337-47c4-864f-140f5c7f593d",
"permissions": [
{
"actions": [
"Microsoft.Advisor/recommendations/read",
"Microsoft.Advisor/recommendations/write",
"Microsoft.Advisor/recommendations/available/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Advisor Recommendations Contributor (Assessments and Reviews)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Tinjauan Advisor
Lihat ulasan untuk beban kerja dan rekomendasi triase yang ditautkan ke mereka.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Advisor/resiliencyReviews/read | Membaca resiliencyReviews |
| Microsoft.Advisor/triageRecommendations/read | Membaca triageRecommendations |
| Microsoft.Advisor/triageRecommendations/approve/action | Menyetujui triaseRecommendations |
| Microsoft.Advisor/triageRecommendations/reject/action | Tolak triageRecommendations |
| Microsoft.Advisor/triageRecommendations/reset/action | Reset triageRecommendations |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "View reviews for a workload and triage recommendations linked to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8aac15f0-d885-4138-8afa-bfb5872f7d13",
"name": "8aac15f0-d885-4138-8afa-bfb5872f7d13",
"permissions": [
{
"actions": [
"Microsoft.Advisor/resiliencyReviews/read",
"Microsoft.Advisor/triageRecommendations/read",
"Microsoft.Advisor/triageRecommendations/approve/action",
"Microsoft.Advisor/triageRecommendations/reject/action",
"Microsoft.Advisor/triageRecommendations/reset/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Advisor Reviews Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Ulasan Advisor
Lihat ulasan untuk beban kerja dan rekomendasi yang ditautkan ke beban kerja tersebut.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Advisor/resiliencyReviews/read | Membaca resiliencyReviews |
| Microsoft.Advisor/triageRecommendations/read | Membaca triageRecommendations |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "View reviews for a workload and recommendations linked to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c64499e0-74c3-47ad-921c-13865957895c",
"name": "c64499e0-74c3-47ad-921c-13865957895c",
"permissions": [
{
"actions": [
"Microsoft.Advisor/resiliencyReviews/read",
"Microsoft.Advisor/triageRecommendations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Advisor Reviews Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Automation
Mengelola sumber daya Azure Automation dan sumber daya lainnya menggunakan Azure Automation.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Automation/automationAccounts/* | |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Insights/ActionGroups/* | |
| Microsoft.Insights/ActivityLogAlerts/* | |
| Microsoft.Insights/MetricAlerts/* | |
| Microsoft.Insights/ScheduledQueryRules/* | |
| Microsoft.Insights/diagnosticSettings/* | Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis |
| Microsoft.OperationalInsights/ruang kerja/sharedKeys/tindakan | Mengambil kunci bersama untuk ruang kerja. Kunci ini digunakan untuk menghubungkan agen Microsoft Operational Insights ke ruang kerja. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Manage azure automation resources and other resources using azure automation.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f353d9bd-d4a6-484e-a77a-8050b599b867",
"name": "f353d9bd-d4a6-484e-a77a-8050b599b867",
"permissions": [
{
"actions": [
"Microsoft.Automation/automationAccounts/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/ActionGroups/*",
"Microsoft.Insights/ActivityLogAlerts/*",
"Microsoft.Insights/MetricAlerts/*",
"Microsoft.Insights/ScheduledQueryRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/workspaces/sharedKeys/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Pekerjaan Automation
Membuat dan Mengelola Tugas menggunakan Runbook Automation.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/baca | Membaca Grup Hybrid Runbook Worker |
| Microsoft.Automation/automationAccounts/pekerjaan/baca | Mendapatkan pekerjaan Azure Automation |
| Microsoft.Automation/automationAccounts/pekerjaan/lanjutkan/tindakan | Melanjutkan pekerjaan Azure Automation |
| Microsoft.Automation/automationAccounts/pekerjaan/stop/tindakan | Menghentikan pekerjaan Azure Automation |
| Microsoft.Automation/automationAccounts/pekerjaan/aliran/baca | Mendapatkan aliran pekerjaan Azure Automation |
| Microsoft.Automation/automationAccounts/pekerjaan/tangguhkan/tindakan | Menangguhkan tugas Azure Automation |
| Microsoft.Automation/automationAccounts/pekerjaan/tulis | Membuat tugas Azure Automation |
| Microsoft.Automation/automationAccounts/pekerjaan/output/ba | Mendapatkan output pekerjaan |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Create and Manage Jobs using Automation Runbooks.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f",
"name": "4fe576fe-1146-4730-92eb-48519fa6bf9f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Job Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Automation
Operator Automation dapat memulai, menghentikan, menangguhkan, dan melanjutkan tugas
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/baca | Membaca Grup Hybrid Runbook Worker |
| Microsoft.Automation/automationAccounts/pekerjaan/baca | Mendapatkan pekerjaan Azure Automation |
| Microsoft.Automation/automationAccounts/pekerjaan/lanjutkan/tindakan | Melanjutkan pekerjaan Azure Automation |
| Microsoft.Automation/automationAccounts/pekerjaan/stop/tindakan | Menghentikan pekerjaan Azure Automation |
| Microsoft.Automation/automationAccounts/pekerjaan/aliran/baca | Mendapatkan aliran pekerjaan Azure Automation |
| Microsoft.Automation/automationAccounts/pekerjaan/tangguhkan/tindakan | Menangguhkan tugas Azure Automation |
| Microsoft.Automation/automationAccounts/pekerjaan/tulis | Membuat tugas Azure Automation |
| Microsoft.Automation/automationAccounts/jobSchedules/baca | Mendapatkan jadwal pekerjaan Azure Automation |
| Microsoft.Automation/automationAccounts/jobSchedules/tulis | Membuat jadwal pekerjaan Azure Automation |
| Microsoft.Automation/automationAccounts/linkedWorkspace/baca | Membuat ruang kerja ditautkan ke akun otomatisasi |
| Microsoft.Automation/automationAccounts/baca | Mendapatkan akun Azure Automation |
| Microsoft.Automation/automationAccounts/runbooks/baca | Mendapatkan buku pedoman Azure Automation |
| Microsoft.Automation/automationAccounts/jadwal/baca | Mendapatkan aset jadwal Azure Automation |
| Microsoft.Automation/automationAccounts/jadwal/tulis | Membuat atau memperbarui aset jadwal Azure Automation |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Automation/automationAccounts/pekerjaan/output/ba | Mendapatkan output pekerjaan |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Automation Operators are able to start, stop, suspend, and resume jobs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404",
"name": "d3881f73-407a-4167-8283-e981cbba0404",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobSchedules/read",
"Microsoft.Automation/automationAccounts/jobSchedules/write",
"Microsoft.Automation/automationAccounts/linkedWorkspace/read",
"Microsoft.Automation/automationAccounts/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Automation/automationAccounts/schedules/read",
"Microsoft.Automation/automationAccounts/schedules/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Runbook Automation
Properti baca Runbook - agar dapat membuat Tugas runbook.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Automation/automationAccounts/runbooks/baca | Mendapatkan buku pedoman Azure Automation |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read Runbook properties - to be able to create Jobs of the runbook.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"name": "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Runbook Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Azure Center for SAP solutions
Peran ini menyediakan akses baca dan tulis ke semua kemampuan Azure Center untuk solusi SAP.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Advisor/konfigurasi/baca | Mendapatkan konfigurasi |
| Microsoft.Advisor/rekomendasi/baca | Membaca rekomendasi |
| Microsoft.Workloads/sapvirtualInstances/*/read | |
| Microsoft.Workloads/sapVirtualInstances/*/write | |
| Microsoft.Workloads/sapVirtualInstances/*/delete | |
| Microsoft.Workloads/Locations/*/action | |
| Microsoft.Workloads/Locations/*/read | |
| Microsoft.Workloads/sapVirtualInstances/*/start/action | |
| Microsoft.Workloads/sapVirtualInstances/*/stop/action | |
| Microsoft.Workloads/connectors/*/read | |
| Microsoft.Workloads/connectors/*/write | |
| Microsoft.Workloads/connectors/*/delete | |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/metrik/baca | Membaca metrik |
| Microsoft.Insights/metricDefinitions/baca | Baca definisi metrik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/subscriptions/resourceGroups/write | Membuat atau memperbarui grup sumber daya. |
| Microsoft.Resources/subscriptions/resourcegroups/penyebaran/* | |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read | Mendapatkan metrik yang tersedia untuk PingMesh |
| Microsoft.Network/virtualNetworks/subnets/baca | Mendapatkan definisi subnet jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/write | Membuat subnet jaringan virtual atau memperbarui subnet jaringan virtual yang ada |
| Microsoft.Network/virtualNetworks/subnets/virtualMachines/read | Dapatkan referensi ke semua komputer virtual dalam subnet jaringan virtual |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Network/networkInterfaces/ipconfigurations/read | Mendapatkan definisi konfigurasi IP antarmuka jaringan. |
| Microsoft.Network/networkInterfaces/loadBalancers/read | Mendapatkan semua penyeimbang muatan tempat antarmuka jaringan menjadi bagian dari |
| Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read | Mendapatkan metrik yang tersedia untuk Antarmuka Jaringan |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/loadBalancers/backendAddressPools/read | Mendapatkan definisi kumpulan alamat ujung belakang penyeimbang muatan |
| Microsoft.Network/loadBalancers/frontendIPConfigurations/read | Mendapatkan definisi konfigurasi IP ujung depan penyeimbang muatan |
| Microsoft.Network/loadBalancers/loadBalancingRules/read | Mendapatkan definisi aturan penyeimbangan muatan penyeimbang muatan |
| Microsoft.Network/loadBalancers/inboundNatRules/read | Mendapatkan definisi aturan nat masuk penyeimbang muatan |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read | Mendapatkan acara untuk Load Balancer |
| Microsoft.Network/loadBalancers/networkInterfaces/read | Mendapatkan referensi ke semua antarmuka jaringan di bawah penyeimbang muatan |
| Microsoft.Network/loadBalancers/outboundRules/read | Mendapatkan definisi aturan keluar penyeimbang muatan |
| Microsoft.Network/loadBalancers/virtualMachines/read | Mendapatkan referensi ke semua komputer virtual di bawah penyeimbang muatan |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read | Meninjau metrik yang tersedia untuk Azure Load Balancer Anda |
| Microsoft.Network/privateEndpoints/read | Mendapatkan sumber daya titik akhir privat. |
| Microsoft.Network/networkSecurityGroups/gabung/tindakan | Menggabungkan kelompok keamanan jaringan. Tidak bisa diperingatkan. |
| Microsoft.Network/routeTables/join/action | Menggabungkan tabel rute. Tidak bisa diperingatkan. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/blobServices/read | Mengembalikan properti layanan blob atau statistik |
| Microsoft.Storage/storageAccounts/blobServices/containers/baca | Daftar kontainer yang diperbarui |
| Microsoft.Storage/storageAccounts/fileServices/read | Mendapatkan properti layanan file |
| Microsoft.Storage/storageAccounts/fileServices/shares/read | Mencantumkan berbagi |
| Microsoft.Compute/virtualMachines/baca | Mendapatkan properti mesin virtual |
| Microsoft.Compute/availabilitySets/baca | Mendapatkan properti dari set ketersediaan |
| Microsoft.Compute/sshPublicKeys/read | Mendapatkan properti kunci umum SSH |
| Microsoft.Compute/sshPublicKeys/write | Membuat kunci umum SSH baru atau memperbarui kunci umum SSH yang ada |
| Microsoft.Compute/sshPublicKeys/*/generateKeyPair/action | |
| Microsoft.Compute/virtualMachines/extensions/read | Mendapatkan properti ekstensi komputer virtual |
| Microsoft.Compute/virtualMachines/extensions/delete | Menghapus ekstensi komputer virtual |
| Microsoft.Compute/disks/baca | Dapatkan properti Disk |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan blob atau daftar blob |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "This role provides read and write access to all capabilities of Azure Center for SAP solutions.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7",
"name": "7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7",
"permissions": [
{
"actions": [
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Workloads/sapvirtualInstances/*/read",
"Microsoft.Workloads/sapVirtualInstances/*/write",
"Microsoft.Workloads/sapVirtualInstances/*/delete",
"Microsoft.Workloads/Locations/*/action",
"Microsoft.Workloads/Locations/*/read",
"Microsoft.Workloads/sapVirtualInstances/*/start/action",
"Microsoft.Workloads/sapVirtualInstances/*/stop/action",
"Microsoft.Workloads/connectors/*/read",
"Microsoft.Workloads/connectors/*/write",
"Microsoft.Workloads/connectors/*/delete",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/write",
"Microsoft.Network/virtualNetworks/subnets/virtualMachines/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/ipconfigurations/read",
"Microsoft.Network/networkInterfaces/loadBalancers/read",
"Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/loadBalancers/backendAddressPools/read",
"Microsoft.Network/loadBalancers/frontendIPConfigurations/read",
"Microsoft.Network/loadBalancers/loadBalancingRules/read",
"Microsoft.Network/loadBalancers/inboundNatRules/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read",
"Microsoft.Network/loadBalancers/networkInterfaces/read",
"Microsoft.Network/loadBalancers/outboundRules/read",
"Microsoft.Network/loadBalancers/virtualMachines/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/privateEndpoints/read",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/routeTables/join/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/fileServices/read",
"Microsoft.Storage/storageAccounts/fileServices/shares/read",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/sshPublicKeys/read",
"Microsoft.Compute/sshPublicKeys/write",
"Microsoft.Compute/sshPublicKeys/*/generateKeyPair/action",
"Microsoft.Compute/virtualMachines/extensions/read",
"Microsoft.Compute/virtualMachines/extensions/delete",
"Microsoft.Compute/disks/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
],
"notDataActions": []
}
],
"roleName": "Azure Center for SAP solutions administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca solusi Azure Center for SAP
Peran ini menyediakan akses baca ke semua kemampuan azure Center untuk solusi SAP.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Advisor/konfigurasi/baca | Mendapatkan konfigurasi |
| Microsoft.Advisor/rekomendasi/baca | Membaca rekomendasi |
| Microsoft.Workloads/sapvirtualInstances/*/read | |
| Microsoft.Workloads/Locations/*/read | |
| Microsoft.Workloads/Operations/read | baca Operasi |
| Microsoft.Workloads/Locations/OperationStatuses/read | baca OperationStatuses |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Insights/alertRules/baca | Membaca pemberitahuan metrik klasik |
| Microsoft.Insights/metrik/baca | Membaca metrik |
| Microsoft.Insights/metricDefinitions/baca | Baca definisi metrik |
| Microsoft.Resources/penyebaran/baca | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read | Mendapatkan metrik yang tersedia untuk PingMesh |
| Microsoft.Network/virtualNetworks/subnets/baca | Mendapatkan definisi subnet jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/virtualMachines/read | Dapatkan referensi ke semua komputer virtual dalam subnet jaringan virtual |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Network/networkInterfaces/ipconfigurations/read | Mendapatkan definisi konfigurasi IP antarmuka jaringan. |
| Microsoft.Network/networkInterfaces/loadBalancers/read | Mendapatkan semua penyeimbang muatan tempat antarmuka jaringan menjadi bagian dari |
| Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read | Mendapatkan metrik yang tersedia untuk Antarmuka Jaringan |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/loadBalancers/backendAddressPools/read | Mendapatkan definisi kumpulan alamat ujung belakang penyeimbang muatan |
| Microsoft.Network/loadBalancers/frontendIPConfigurations/read | Mendapatkan definisi konfigurasi IP ujung depan penyeimbang muatan |
| Microsoft.Network/loadBalancers/loadBalancingRules/read | Mendapatkan definisi aturan penyeimbangan muatan penyeimbang muatan |
| Microsoft.Network/loadBalancers/inboundNatRules/read | Mendapatkan definisi aturan nat masuk penyeimbang muatan |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read | Mendapatkan acara untuk Load Balancer |
| Microsoft.Network/loadBalancers/networkInterfaces/read | Mendapatkan referensi ke semua antarmuka jaringan di bawah penyeimbang muatan |
| Microsoft.Network/loadBalancers/outboundRules/read | Mendapatkan definisi aturan keluar penyeimbang muatan |
| Microsoft.Network/loadBalancers/virtualMachines/read | Mendapatkan referensi ke semua komputer virtual di bawah penyeimbang muatan |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read | Meninjau metrik yang tersedia untuk Azure Load Balancer Anda |
| Microsoft.Network/privateEndpoints/read | Mendapatkan sumber daya titik akhir privat. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/blobServices/read | Mengembalikan properti layanan blob atau statistik |
| Microsoft.Storage/storageAccounts/blobServices/containers/baca | Daftar kontainer yang diperbarui |
| Microsoft.Storage/storageAccounts/fileServices/read | Mendapatkan properti layanan file |
| Microsoft.Storage/storageAccounts/fileServices/shares/read | Mencantumkan berbagi |
| Microsoft.Compute/virtualMachines/baca | Mendapatkan properti mesin virtual |
| Microsoft.Compute/availabilitySets/baca | Mendapatkan properti dari set ketersediaan |
| Microsoft.Compute/virtualMachines/extensions/read | Mendapatkan properti ekstensi komputer virtual |
| Microsoft.Compute/disks/baca | Dapatkan properti Disk |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "This role provides read access to all capabilities of Azure Center for SAP solutions.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/05352d14-a920-4328-a0de-4cbe7430e26b",
"name": "05352d14-a920-4328-a0de-4cbe7430e26b",
"permissions": [
{
"actions": [
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Workloads/sapvirtualInstances/*/read",
"Microsoft.Workloads/Locations/*/read",
"Microsoft.Workloads/Operations/read",
"Microsoft.Workloads/Locations/OperationStatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/read",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/virtualMachines/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/ipconfigurations/read",
"Microsoft.Network/networkInterfaces/loadBalancers/read",
"Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/loadBalancers/backendAddressPools/read",
"Microsoft.Network/loadBalancers/frontendIPConfigurations/read",
"Microsoft.Network/loadBalancers/loadBalancingRules/read",
"Microsoft.Network/loadBalancers/inboundNatRules/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read",
"Microsoft.Network/loadBalancers/networkInterfaces/read",
"Microsoft.Network/loadBalancers/outboundRules/read",
"Microsoft.Network/loadBalancers/virtualMachines/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/privateEndpoints/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/fileServices/read",
"Microsoft.Storage/storageAccounts/fileServices/shares/read",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/virtualMachines/extensions/read",
"Microsoft.Compute/disks/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Center for SAP solutions reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran layanan Azure Center for SAP solutions
Peran layanan solusi Azure Center untuk SAP - Peran ini dimaksudkan untuk digunakan untuk memberikan izin kepada identitas terkelola yang ditetapkan pengguna. Solusi Azure Center for SAP akan menggunakan identitas ini untuk menyebarkan dan mengelola sistem SAP.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Resources/subscriptions/resourceGroups/write | Membuat atau memperbarui grup sumber daya. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/subscriptions/resourcegroups/penyebaran/* | |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/loadBalancers/write | Membuat penyeimbang muatan atau memperbarui penyeimbang muatan yang ada |
| Microsoft.Network/loadBalancers/backendAddressPools/read | Mendapatkan definisi kumpulan alamat ujung belakang penyeimbang muatan |
| Microsoft.Network/loadBalancers/backendAddressPools/write | Membuat kumpulan alamat ujung belakang penyeimbang muatan atau memperbarui kumpulan alamat ujung belakang penyeimbang muatan yang ada |
| Microsoft.Network/loadBalancers/frontendIPConfigurations/read | Mendapatkan definisi konfigurasi IP ujung depan penyeimbang muatan |
| Microsoft.Network/loadBalancers/loadBalancingRules/read | Mendapatkan definisi aturan penyeimbangan muatan penyeimbang muatan |
| Microsoft.Network/loadBalancers/inboundNatRules/read | Mendapatkan definisi aturan nat masuk penyeimbang muatan |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read | Mendapatkan acara untuk Load Balancer |
| Microsoft.Network/loadBalancers/networkInterfaces/read | Mendapatkan referensi ke semua antarmuka jaringan di bawah penyeimbang muatan |
| Microsoft.Network/loadBalancers/outboundRules/read | Mendapatkan definisi aturan keluar penyeimbang muatan |
| Microsoft.Network/loadBalancers/virtualMachines/read | Mendapatkan referensi ke semua komputer virtual di bawah penyeimbang muatan |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read | Meninjau metrik yang tersedia untuk Azure Load Balancer Anda |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Network/networkInterfaces/tulis | Membuat antarmuka jaringan atau memperbarui antarmuka jaringan yang ada. |
| Microsoft.Network/networkInterfaces/ipconfigurations/read | Mendapatkan definisi konfigurasi IP antarmuka jaringan. |
| Microsoft.Network/networkInterfaces/loadBalancers/read | Mendapatkan semua penyeimbang muatan tempat antarmuka jaringan menjadi bagian dari |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read | Periksa apakah Alamat IP tersedia di jaringan virtual yang ditentukan |
| Microsoft.Network/virtualNetworks/subnets/baca | Mendapatkan definisi subnet jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/virtualMachines/read | Dapatkan referensi ke semua komputer virtual dalam subnet jaringan virtual |
| Microsoft.Network/virtualNetworks/virtualMachines/read | Dapatkan referensi ke semua komputer virtual dalam jaringan virtual |
| Microsoft.Network/networkInterfaces/ipconfigurations/join/action | Menggabungkan Konfigurasi IP Antarmuka Jaringan. Tidak dapat diberi tahu. |
| Microsoft.Network/privateEndpoints/read | Mendapatkan sumber daya titik akhir privat. |
| Microsoft.Network/privateEndpoints/write | Membuat titik akhir privat baru, atau memperbarui titik akhir privat yang ada. |
| Microsoft.Network/networkInterfaces/gabung/tindakan | Melampirkan antarmuka jaringan ke komputer virtual. Tidak bisa diperingatkan. |
| Microsoft.Network/loadBalancers/backendAddressPools/gabung/tindakan | Menggabungkan kumpulan alamat ujung belakang penyeimbang muatan. Tidak bisa diperingatkan. |
| Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action | Menggabungkan Konfigurasi IP Ujung Depan Azure Load Balancer. Tidak dapat diberi tahu. |
| Microsoft.Network/virtualNetworks/subnets/gabung/tindakan | Bergabung dengan jaringan virtual. Tidak bisa diperingatkan. |
| Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action | Menggabungkan penyeimbang muatan ke subnet jaringan virtual |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/tulis | Membuat akun penyimpanan dengan parameter yang ditentukan atau memperbarui properti atau tag atau menambahkan domain kustom untuk akun penyimpanan yang ditentukan. |
| Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action | Menyetujui Koneksi Titik Akhir Privat |
| Microsoft.Storage/storageAccounts/blobServices/read | Mengembalikan properti layanan blob atau statistik |
| Microsoft.Storage/storageAccounts/blobServices/containers/baca | Daftar kontainer yang diperbarui |
| Microsoft.Storage/storageAccounts/fileServices/read | Mendapatkan properti layanan file |
| Microsoft.Storage/storageAccounts/fileServices/write | Menaruh properti layanan file |
| Microsoft.Storage/storageAccounts/fileServices/shares/read | Mencantumkan berbagi |
| Microsoft.Storage/storageAccounts/fileServices/shares/write | Membuat atau memperbarui berbagi |
| Microsoft.Compute/virtualMachines/baca | Mendapatkan properti mesin virtual |
| Microsoft.Compute/virtualMachines/write | Membuat komputer virtual baru atau memperbarui komputer virtual yang sudah ada |
| Microsoft.Compute/virtualMachines/instanceView/read | Mendapatkan status runtime detail komputer virtual dan sumber dayanya |
| Microsoft.Compute/availabilitySets/baca | Mendapatkan properti dari set ketersediaan |
| Microsoft.Compute/availabilitySets/write | Membuat set ketersediaan baru atau memperbarui yang sudah ada |
| Microsoft.Compute/skus/read | Mendapatkan daftar SKU Microsoft.Compute yang tersedia untuk Langganan Anda |
| Microsoft.Compute/sshPublicKeys/read | Mendapatkan properti kunci umum SSH |
| Microsoft.Compute/virtualMachines/extensions/read | Mendapatkan properti ekstensi komputer virtual |
| Microsoft.Compute/virtualMachines/extensions/write | Membuat ekstensi komputer virtual baru atau memperbarui yang sudah ada |
| Microsoft.Compute/virtualMachines/extensions/delete | Menghapus ekstensi komputer virtual |
| Microsoft.Compute/disks/baca | Dapatkan properti Disk |
| Microsoft.Compute/disks/tulis | Membuat Image baru atau memperbarui Image yang sudah ada |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Azure Center for SAP solutions service role - This role is intended to be used for providing the permissions to user assigned managed identity. Azure Center for SAP solutions will use this identity to deploy and manage SAP systems.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/aabbc5dd-1af0-458b-a942-81af88f9c138",
"name": "aabbc5dd-1af0-458b-a942-81af88f9c138",
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/loadBalancers/write",
"Microsoft.Network/loadBalancers/backendAddressPools/read",
"Microsoft.Network/loadBalancers/backendAddressPools/write",
"Microsoft.Network/loadBalancers/frontendIPConfigurations/read",
"Microsoft.Network/loadBalancers/loadBalancingRules/read",
"Microsoft.Network/loadBalancers/inboundNatRules/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read",
"Microsoft.Network/loadBalancers/networkInterfaces/read",
"Microsoft.Network/loadBalancers/outboundRules/read",
"Microsoft.Network/loadBalancers/virtualMachines/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/networkInterfaces/ipconfigurations/read",
"Microsoft.Network/networkInterfaces/loadBalancers/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/virtualMachines/read",
"Microsoft.Network/virtualNetworks/virtualMachines/read",
"Microsoft.Network/networkInterfaces/ipconfigurations/join/action",
"Microsoft.Network/privateEndpoints/read",
"Microsoft.Network/privateEndpoints/write",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/write",
"Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/fileServices/read",
"Microsoft.Storage/storageAccounts/fileServices/write",
"Microsoft.Storage/storageAccounts/fileServices/shares/read",
"Microsoft.Storage/storageAccounts/fileServices/shares/write",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/write",
"Microsoft.Compute/virtualMachines/instanceView/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/availabilitySets/write",
"Microsoft.Compute/skus/read",
"Microsoft.Compute/sshPublicKeys/read",
"Microsoft.Compute/virtualMachines/extensions/read",
"Microsoft.Compute/virtualMachines/extensions/write",
"Microsoft.Compute/virtualMachines/extensions/delete",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Center for SAP solutions service role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Onboarding Mesin yang Tersambung Azure
Dapat melakukan onboarding Komputer yang Tersambung Azure.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.HybridCompute/mesin/baca | Membaca semua komputer Azure Arc |
| Microsoft.HybridCompute/mesin/tulis | Menulis mesin Azure Arc |
| Microsoft.HybridCompute/privateLinkScopes/baca | Membaca semua privateLinkScopes Azure Arc |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/baca | Mendapatkan penugasan konfigurasi tamu. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can onboard Azure Connected Machines.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"name": "b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/privateLinkScopes/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Onboarding",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Sumber Daya Mesin yang Terhubung Azure
Dapat membaca, menulis, menghapus, dan melakukan onboarding ulang Komputer yang Tersambung Azure.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.HybridCompute/machines/* | |
| Microsoft.HybridCompute/machines/extensions/* | |
| Microsoft.HybridCompute/machines/licenseProfiles/* | |
| Microsoft.HybridCompute/machines/runCommands/* | |
| Microsoft.HybridCompute/machines/UpgradeExtensions/action | Meningkatkan Ekstensi pada komputer Azure Arc |
| Microsoft.HybridCompute/privateLinkScopes/* | |
| Microsoft.HybridCompute/licenses/* | |
| Microsoft.HybridCompute/locations/* | |
| Microsoft.HybridCompute/*/baca | |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can read, write, delete and re-onboard Azure Connected Machines.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302",
"name": "cd570a14-e51a-42ad-bac8-bafd67325302",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/*",
"Microsoft.HybridCompute/machines/extensions/*",
"Microsoft.HybridCompute/machines/licenseProfiles/*",
"Microsoft.HybridCompute/machines/runCommands/*",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/privateLinkScopes/*",
"Microsoft.HybridCompute/licenses/*",
"Microsoft.HybridCompute/locations/*",
"Microsoft.HybridCompute/*/read",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Resource Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Connected Machine Resource Manager
Peran Kustom untuk AzureStackHCI RP untuk mengelola komputer komputasi hibrid dan titik akhir konektivitas hibrid dalam grup sumber daya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read | |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/baca | Mendapatkan penugasan konfigurasi tamu. |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/write | Membuat penugasan konfigurasi tamu baru. |
| Microsoft.HybridCompute/mesin/baca | Membaca semua komputer Azure Arc |
| Microsoft.HybridCompute/mesin/ekstensi/baca | Membaca ekstensi Azure Arc apa pun |
| Microsoft.HybridCompute/*/baca | |
| Microsoft.HybridCompute/mesin/hapus | Menghapus komputer Azure Arc |
| Microsoft.HybridCompute/mesin/ekstensi/hapus | Menghapus ekstensi Azure Arc |
| Microsoft.HybridCompute/mesin/ekstensi/tulis | Menginstal atau Memperbarui ekstensi Azure Arc |
| Microsoft.HybridCompute/machines/licenseProfiles/delete | Menghapus lisensi Azure ArcProfiles |
| Microsoft.HybridCompute/machines/licenseProfiles/read | Membaca lisensi Azure ArcProfiles apa pun |
| Microsoft.HybridCompute/machines/licenseProfiles/write | Menginstal atau Memperbarui lisensi Azure ArcProfiles |
| Microsoft.HybridCompute/machines/UpgradeExtensions/action | Meningkatkan Ekstensi pada komputer Azure Arc |
| Microsoft.HybridCompute/mesin/tulis | Menulis mesin Azure Arc |
| Microsoft.HybridConnectivity/endpoints/read | Dapatkan atau daftar titik akhir ke sumber daya target. |
| Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read | Dapatkan atau daftar serviceConfigurations ke sumber daya titik akhir. |
| Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write | Membuat atau memperbarui serviceConfigurations ke sumber daya titik akhir. |
| Microsoft.HybridConnectivity/endpoints/write | Buat atau perbarui titik akhir ke sumber daya target. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.EdgeMarketplace/locations/operationStatuses/read | baca operationStatuses |
| Microsoft.EdgeMarketPlace/offers/getAccessToken/action | mendapatkan token akses. |
| Microsoft.EdgeMarketPlace/offers/generateAccessToken/action | Tindakan sumber daya yang berjalan lama. |
| Microsoft.EdgeMarketplace/publishers/read | Mendapatkan Publisher |
| Microsoft.EdgeMarketplace/offers/read | Dapatkan Penawaran |
| Microsoft.ExtendedLocation/customLocations/read | Mendapatkan sumber daya Lokasi Kustom |
| Microsoft.Attestation/attestationProviders/write | Menambahkan layanan pengesahan. |
| Microsoft.Attestation/attestationProviders/read | Mendapatkan status layanan pengesahan. |
| Microsoft.Attestation/attestationProviders/delete | Menghapus layanan pengesahan. |
| Microsoft.Attestation/attestationProviders/attestation/read | Mendapatkan status layanan pengesahan. |
| Microsoft.Attestation/attestationProviders/pengesahan/tulis | Menambahkan layanan pengesahan. |
| Microsoft.Attestation/attestationProviders/pengesahan/hapus | Menghapus layanan pengesahan. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f5819b54-e033-4d82-ac66-4fec3cbf3f4c",
"name": "f5819b54-e033-4d82-ac66-4fec3cbf3f4c",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/write",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/*/read",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridConnectivity/endpoints/read",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write",
"Microsoft.HybridConnectivity/endpoints/write",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.EdgeMarketplace/locations/operationStatuses/read",
"Microsoft.EdgeMarketPlace/offers/getAccessToken/action",
"Microsoft.EdgeMarketPlace/offers/generateAccessToken/action",
"Microsoft.EdgeMarketplace/publishers/read",
"Microsoft.EdgeMarketplace/offers/read",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.Attestation/attestationProviders/write",
"Microsoft.Attestation/attestationProviders/read",
"Microsoft.Attestation/attestationProviders/delete",
"Microsoft.Attestation/attestationProviders/attestation/read",
"Microsoft.Attestation/attestationProviders/attestation/write",
"Microsoft.Attestation/attestationProviders/attestation/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Resource Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemberi Izin Azure Customer Lockbox untuk Langganan
Dapat menyetujui permintaan dukungan Microsoft untuk mengakses sumber daya tertentu yang terkandung dalam langganan, atau langganan itu sendiri, saat Customer Lockbox untuk Microsoft Azure diaktifkan pada penyewa tempat langganan berada.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.CustomerLockbox/requests/UpdateApproval/action | Memperbarui Persetujuan Microsoft.CustomerLockbox |
| Microsoft.CustomerLockbox/requests/read | Baca Permintaan Lockbox |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Insights/eventtypes/values/read | Membaca peristiwa Log Aktivitas |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can approve Microsoft support requests to access specific resources contained within a subscription, or the subscription itself, when Customer Lockbox for Microsoft Azure is enabled on the tenant where the subscription resides.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4dae6930-7baf-46f5-909e-0383bc931c46",
"name": "4dae6930-7baf-46f5-909e-0383bc931c46",
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/read",
"Microsoft.CustomerLockbox/requests/UpdateApproval/action",
"Microsoft.CustomerLockbox/requests/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/eventtypes/values/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Customer Lockbox Approver for Subscription",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Penagihan
Memungkinkan akses data ke data penagihan
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Billing/*/baca | Baca informasi Penagihan |
| Microsoft.Commerce/*/baca | |
| Microsoft.Consumption/*/baca | |
| Microsoft.Management/managementGroups/baca | Grup manajemen daftar untuk pengguna yang diautentikasi. |
| Microsoft.CostManagement/*/baca | |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to billing data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"name": "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Billing/*/read",
"Microsoft.Commerce/*/read",
"Microsoft.Consumption/*/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Billing Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Cetak Biru
Dapat mengelola definisi blueprint, tetapi tidak dapat menetapkannya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Blueprint/cetak biru/* | Membuat dan mengelola definisi cetak biru atau artefak cetak biru. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can manage blueprint definitions, but not assign them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4",
"name": "41077137-e803-4205-871c-5a86e6a753b4",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprints/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Cetak Biru
Dapat menetapkan cetak biru yang dipublikasikan sebelumnya, tetapi tidak dapat membuat definisi cetak biru baru. Penugasan cetak biru hanya berfungsi jika penugasan dilakukan dengan identitas terkelola yang ditetapkan pengguna.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Blueprint/blueprintAssignments/* | Membuat dan mengelola penetapan cetak biru. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090",
"name": "437d2ced-4a38-4302-8479-ed2bcb43d090",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprintAssignments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Pengoptimalan Karbon
Mengizinkan akses baca ke data Pengoptimalan Karbon Azure
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Carbon/carbonEmissionReports/action | API untuk Laporan Emisi Karbon |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allow read access to Azure Carbon Optimization data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa0d39e6-28e5-40cf-8521-1eb320653a4c",
"name": "fa0d39e6-28e5-40cf-8521-1eb320653a4c",
"permissions": [
{
"actions": [
"Microsoft.Carbon/carbonEmissionReports/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Carbon Optimization Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Manajemen Biaya
Dapat melihat biaya dan mengelola konfigurasi biaya (misalnya, anggaran, ekspor)
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Consumption/* | |
| Microsoft.CostManagement/* | |
| Microsoft.Billing/billingPeriods/baca | |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Advisor/konfigurasi/baca | Mendapatkan konfigurasi |
| Microsoft.Advisor/rekomendasi/baca | Membaca rekomendasi |
| Microsoft.Management/managementGroups/baca | Grup manajemen daftar untuk pengguna yang diautentikasi. |
| Microsoft.Billing/billingProperty/baca | Mendapatkan properti penagihan untuk langganan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can view costs and manage cost configuration (e.g. budgets, exports)",
"id": "/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430",
"name": "434105ed-43f6-45c7-a02f-909b2ba83430",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*",
"Microsoft.CostManagement/*",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Billing/billingProperty/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Cost Management
Dapat melihat data biaya dan konfigurasi (misalnya, anggaran, ekspor)
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Consumption/*/baca | |
| Microsoft.CostManagement/*/baca | |
| Microsoft.Billing/billingPeriods/baca | |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Advisor/konfigurasi/baca | Mendapatkan konfigurasi |
| Microsoft.Advisor/rekomendasi/baca | Membaca rekomendasi |
| Microsoft.Management/managementGroups/baca | Grup manajemen daftar untuk pengguna yang diautentikasi. |
| Microsoft.Billing/billingProperty/baca | Mendapatkan properti penagihan untuk langganan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can view cost data and configuration (e.g. budgets, exports)",
"id": "/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3",
"name": "72fafb9e-0641-4937-9268-a91bfd8191a3",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Billing/billingProperty/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Pengaturan Hierarki
Memungkinkan pengguna mengedit dan menghapus Pengaturan Hierarki
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Management/managementGroups/pengaturan/tulis | Membuat atau memperbarui pengaturan hierarki grup manajemen. |
| Microsoft.Management/managementGroups/pengaturan/hapus | Menghapus pengaturan hierarki grup manajemen. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows users to edit and delete Hierarchy Settings",
"id": "/providers/Microsoft.Authorization/roleDefinitions/350f8d15-c687-4448-8ae1-157740a3936d",
"name": "350f8d15-c687-4448-8ae1-157740a3936d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/settings/write",
"Microsoft.Management/managementGroups/settings/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Hierarchy Settings Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Kontributor Aplikasi Terkelola
Mengizinkan pembuatan sumber daya aplikasi terkelola.
| Tindakan | Deskripsi |
|---|---|
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| Microsoft.Solutions/aplikasi/* | |
| Microsoft.Solutions/daftar/tindakan | Mendaftarkan langganan untuk Microsoft.Solutions |
| Microsoft.Resources/subscriptions/resourceGroups/* | |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for creating managed application resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e",
"name": "641177b8-a67a-45b9-a033-47bc880bb21e",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/*",
"Microsoft.Solutions/register/action",
"Microsoft.Resources/subscriptions/resourceGroups/*",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Contributor Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Operator Aplikasi Terkelola
Memungkinkan Anda membaca dan melakukan tindakan pada sumber daya Aplikasi Terkelola
| Tindakan | Deskripsi |
|---|---|
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| Microsoft.Solutions/aplikasi/baca | Mencantumkan semua aplikasi dalam langganan. |
| Microsoft.Solutions/*/tindakan | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and perform actions on Managed Application resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae",
"name": "c7393b34-138c-406f-901b-d8cf2b17e6ae",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/read",
"Microsoft.Solutions/*/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Aplikasi Terkelola
Memungkinkan Anda membaca sumber daya di aplikasi terkelola dan meminta akses JIT.
| Tindakan | Deskripsi |
|---|---|
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Solutions/jitRequests/* | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you read resources in a managed app and request JIT access.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44",
"name": "b9331d33-8a36-4f8c-b097-4f54124fdb44",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Solutions/jitRequests/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Applications Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Penghapusan penetapan Pendaftaran Layanan Terkelola
Peran Penghapusan Penetapan Pendaftaran Layanan Terkelola memungkinkan pengguna penyewa yang mengelola untuk menghapus penetapan pendaftaran yang ditetapkan kepada penyewa mereka.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ManagedServices/registrationAssignments/baca | Mengambil daftar penugasan pendaftaran Layanan Terkelola. |
| Microsoft.ManagedServices/registrationAssignments/hapus | Menghapus penugasan pendaftaran Layanan Terkelola. |
| Microsoft.ManagedServices/operationStatuses/baca | Membaca status operasi untuk sumber daya. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46",
"name": "91c1777a-f3dc-4fae-b103-61d183457e46",
"permissions": [
{
"actions": [
"Microsoft.ManagedServices/registrationAssignments/read",
"Microsoft.ManagedServices/registrationAssignments/delete",
"Microsoft.ManagedServices/operationStatuses/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Services Registration assignment Delete Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Grup Manajemen
Peran Kontributor Grup Manajemen
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Management/managementGroups/hapus | Menghapus grup manajemen. |
| Microsoft.Management/managementGroups/baca | Grup manajemen daftar untuk pengguna yang diautentikasi. |
| Microsoft.Management/managementGroups/langganan/hapus | Membatalkan pengaitan langganan dari grup manajemen. |
| Microsoft.Management/managementGroups/langganan/tulis | Mengaitkan langganan yang sudah ada dengan grup manajemen. |
| Microsoft.Management/managementGroups/tulis | Membuat atau memperbarui grup manajemen. |
| Microsoft.Management/managementGroups/langganan/baca | Membuat daftar langganan di bawah grup manajemen tertentu. |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Management Group Contributor Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"name": "5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/delete",
"Microsoft.Management/managementGroups/read",
"Microsoft.Management/managementGroups/subscriptions/delete",
"Microsoft.Management/managementGroups/subscriptions/write",
"Microsoft.Management/managementGroups/write",
"Microsoft.Management/managementGroups/subscriptions/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Grup Manajemen
Peran Pembaca Grup Manajemen
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Management/managementGroups/baca | Grup manajemen daftar untuk pengguna yang diautentikasi. |
| Microsoft.Management/managementGroups/langganan/baca | Membuat daftar langganan di bawah grup manajemen tertentu. |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Management Group Reader Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d",
"name": "ac63b705-f282-497d-ac71-919bf39d939d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/read",
"Microsoft.Management/managementGroups/subscriptions/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Akun New Relic APM
Memungkinkan Anda mengelola akun dan aplikasi New Relic Application Performance Management, tetapi tidak dapat mengaksesnya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NewRelic.APM/akun/* | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237",
"name": "5d28c62d-5b37-4476-8438-e587778df237",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"NewRelic.APM/accounts/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "New Relic APM Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penulis Data Policy Insights (Pratinjau)
Memungkinkan akses baca ke kebijakan sumber daya dan akses tulis ke kejadian kebijakan komponen sumber daya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/policyassignments/baca | Mendapatkan informasi tentang penugasan kebijakan. |
| Microsoft.Authorization/policydefinitions/baca | Dapatkan informasi tentang definisi kebijakan. |
| Microsoft.Authorization/policyexemptions/baca | Dapatkan informasi tentang pengecualian kebijakan. |
| Microsoft.Authorization/policysetdefinisi/baca | Mendapatkan informasi tentang definisi kumpulan kebijakan. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.PolicyInsights/checkDataPolicyCompliance/tindakan | Periksa status kepatuhan komponen tertentu terhadap kebijakan data. |
| Microsoft.PolicyInsights/policyEvents/logDataEvents/tindakan | Mencatat peristiwa kebijakan komponen sumber daya. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to resource policies and write access to resource component policy events.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84",
"name": "66bb4e9e-b016-4a94-8249-4c0511c2be84",
"permissions": [
{
"actions": [
"Microsoft.Authorization/policyassignments/read",
"Microsoft.Authorization/policydefinitions/read",
"Microsoft.Authorization/policyexemptions/read",
"Microsoft.Authorization/policysetdefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.PolicyInsights/checkDataPolicyCompliance/action",
"Microsoft.PolicyInsights/policyEvents/logDataEvents/action"
],
"notDataActions": []
}
],
"roleName": "Policy Insights Data Writer (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Permintaan Kuota
Baca dan buat permintaan kuota, dapatkan status permintaan kuota, dan buat tiket dukungan.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Kapasitas/resourceProviders/locations/serviceLimits/baca | Dapatkan batas layanan atau kuota sumber daya dan lokasi yang ditentukan saat ini |
| Microsoft.Kapasitas/resourceProviders/locations/serviceLimits/tulis | Buat batas layanan atau kuota untuk sumber daya dan lokasi yang ditentukan |
| Microsoft.Kapasitas/resourceProviders/locations/serviceLimits/baca | Dapatkan permintaan batas layanan untuk sumber daya dan lokasi yang ditentukan |
| Microsoft.Kapasitas/daftar/tindakan | Mendaftarkan penyedia sumber daya Kapasitas dan memungkinkan pembuatan sumber daya Kapasitas. |
| Microsoft.Quota/usages/read | Mendapatkan penggunaan untuk penyedia sumber daya |
| Microsoft.Quota/quoas/read | Dapatkan batas Layanan saat ini atau kuota sumber daya yang ditentukan |
| Microsoft.Quota/quota/write | Membuat batas layanan atau permintaan kuota untuk sumber daya yang ditentukan |
| Microsoft.Quota/quotaRequests/read | Mendapatkan permintaan batas layanan apa pun untuk sumber daya yang ditentukan |
| Microsoft.Quota/register/action | Mendaftarkan langganan dengan Penyedia Sumber Daya Microsoft.Quota |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read and create quota requests, get quota request status, and create support tickets.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0e5f05e5-9ab9-446b-b98d-1e2157c94125",
"name": "0e5f05e5-9ab9-446b-b98d-1e2157c94125",
"permissions": [
{
"actions": [
"Microsoft.Capacity/resourceProviders/locations/serviceLimits/read",
"Microsoft.Capacity/resourceProviders/locations/serviceLimits/write",
"Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read",
"Microsoft.Capacity/register/action",
"Microsoft.Quota/usages/read",
"Microsoft.Quota/quotas/read",
"Microsoft.Quota/quotas/write",
"Microsoft.Quota/quotaRequests/read",
"Microsoft.Quota/register/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Quota Request Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembeli Reservasi
Memungkinkan Anda membeli reservasi
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/roleAssignments/baca | Mendapatkan informasi tentang penetapan peran. |
| Microsoft.Kapasitas/katalog/baca | Baca katalog Reservasi |
| Microsoft.Kapasitas/daftar/tindakan | Mendaftarkan penyedia sumber daya Kapasitas dan memungkinkan pembuatan sumber daya Kapasitas. |
| Microsoft.Compute/daftar/tindakan | Mendaftarkan Langganan dengan penyedia sumber Microsoft.Compute |
| Microsoft.Consumption/daftar/tindakan | Mendaftarkan ke RP Konsumsi |
| Microsoft.Consumption/reservationRecommendationDetails/read | Mencantumkan Detail Rekomendasi Reservasi |
| Microsoft.Consumption/reservationRecommendations/baca | Mencantumkan rekomendasi tunggal atau bersama untuk instans yang dipesan untuk langganan. |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.SQL/daftar/tindakan | Mendaftarkan langganan untuk penyedia sumber daya Microsoft SQL Database dan memungkinkan pembuatan Database Microsoft SQL. |
| Microsoft.Support/supporttickets/tulis | Memungkinkan membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you purchase reservations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f7b75c60-3036-4b75-91c3-6b41c27c1689",
"name": "f7b75c60-3036-4b75-91c3-6b41c27c1689",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Capacity/catalogs/read",
"Microsoft.Capacity/register/action",
"Microsoft.Compute/register/action",
"Microsoft.Consumption/register/action",
"Microsoft.Consumption/reservationRecommendationDetails/read",
"Microsoft.Consumption/reservationRecommendations/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SQL/register/action",
"Microsoft.Support/supporttickets/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservation Purchaser",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Reservasi
Mari kita membaca semua reservasi di penyewa
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Capacity/*/read | |
| Microsoft.Authorization/roleAssignments/baca | Mendapatkan informasi tentang penetapan peran. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/providers/Microsoft.Capacity"
],
"description": "Lets one read all the reservations in a tenant",
"id": "/providers/Microsoft.Authorization/roleDefinitions/582fc458-8989-419f-a480-75249bc5db7e",
"name": "582fc458-8989-419f-a480-75249bc5db7e",
"permissions": [
{
"actions": [
"Microsoft.Capacity/*/read",
"Microsoft.Authorization/roleAssignments/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservations Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Policy Sumber Daya
Pengguna dengan hak untuk membuat/mengubah kebijakan sumber daya, membuat tiket dukungan, dan membaca sumber daya/hierarki.
| Tindakan | Deskripsi |
|---|---|
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| Microsoft.Authorization/policyassignments/* | Membuat dan mengelola penetapan kebijakan |
| Microsoft.Authorization/policydefinitions/* | Membuat dan mengelola definisi kebijakan |
| Microsoft.Authorization/policyexemptions/* | Membuat dan mengelola pembebasan kebijakan |
| Microsoft.Authorization/policysetdefinitions/* | Membuat dan mengelola rangkaian kebijakan |
| Microsoft.PolicyInsights/* | |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608",
"name": "36243c78-bf99-498c-9df9-86d9f8d28608",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/policyassignments/*",
"Microsoft.Authorization/policydefinitions/*",
"Microsoft.Authorization/policyexemptions/*",
"Microsoft.Authorization/policysetdefinitions/*",
"Microsoft.PolicyInsights/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Resource Policy Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembeli paket penghematan
Memungkinkan Anda membeli paket penghematan
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Kapasitas/daftar/tindakan | Mendaftarkan penyedia sumber daya Kapasitas dan memungkinkan pembuatan sumber daya Kapasitas. |
| Microsoft.Kapasitas/katalog/baca | Baca katalog Reservasi |
| Microsoft.Authorization/roleAssignments/baca | Mendapatkan informasi tentang penetapan peran. |
| Microsoft.BillingBenefits/savingsPlanOrders/write | Membuat pesanan paket penghematan |
| Microsoft.BIllingBenefits/register/action | Mendaftarkan penyedia sumber daya BillingBenefits dan memungkinkan pembuatan sumber daya BillingBenefits. |
| Microsoft.Support/supporttickets/tulis | Memungkinkan membuat dan memperbarui tiket dukungan |
| Microsoft.Billing/billingProperty/baca | Mendapatkan properti penagihan untuk langganan |
| Microsoft.CostManagement/benefitRecommendations/read | Mencantumkan rekomendasi tunggal atau bersama untuk manfaat Microsoft. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you purchase savings plans",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3d24a3a0-c154-4f6f-a5ed-adc8e01ddb74",
"name": "3d24a3a0-c154-4f6f-a5ed-adc8e01ddb74",
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Capacity/register/action",
"Microsoft.Capacity/catalogs/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.BillingBenefits/savingsPlanOrders/write",
"Microsoft.BIllingBenefits/register/action",
"Microsoft.Support/supporttickets/write",
"Microsoft.Billing/billingProperty/read",
"Microsoft.CostManagement/benefitRecommendations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Savings plan Purchaser",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Patching Terjadwal
Menyediakan akses untuk mengelola konfigurasi pemeliharaan dengan cakupan pemeliharaan InGuestPatch dan penetapan konfigurasi yang sesuai
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Maintenance/maintenanceConfigurations/read | Membaca konfigurasi pemeliharaan. |
| Microsoft.Maintenance/maintenanceConfigurations/write | Membuat atau memperbarui konfigurasi pemeliharaan. |
| Microsoft.Maintenance/maintenanceConfigurations/delete | Menghapus konfigurasi pemeliharaan. |
| Microsoft.Maintenance/configurationAssignments/read | Membaca penetapan konfigurasi pemeliharaan. |
| Microsoft.Maintenance/configurationAssignments/write | Membuat atau memperbarui penetapan konfigurasi pemeliharaan. |
| Microsoft.Maintenance/configurationAssignments/delete | Menghapus penetapan konfigurasi pemeliharaan. |
| Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/read | Membaca penetapan konfigurasi pemeliharaan untuk cakupan pemeliharaan InGuestPatch. |
| Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/write | Membuat atau memperbarui penetapan konfigurasi pemeliharaan untuk cakupan pemeliharaan InGuestPatch. |
| Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/delete | Menghapus penetapan konfigurasi pemeliharaan untuk cakupan pemeliharaan InGuestPatch. |
| Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/read | Baca konfigurasi pemeliharaan untuk cakupan pemeliharaan InGuestPatch. |
| Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/write | Membuat atau memperbarui konfigurasi pemeliharaan untuk cakupan pemeliharaan InGuestPatch. |
| Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/delete | Hapus konfigurasi pemeliharaan untuk cakupan pemeliharaan InGuestPatch. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cd08ab90-6b14-449c-ad9a-8f8e549482c6",
"name": "cd08ab90-6b14-449c-ad9a-8f8e549482c6",
"permissions": [
{
"actions": [
"Microsoft.Maintenance/maintenanceConfigurations/read",
"Microsoft.Maintenance/maintenanceConfigurations/write",
"Microsoft.Maintenance/maintenanceConfigurations/delete",
"Microsoft.Maintenance/configurationAssignments/read",
"Microsoft.Maintenance/configurationAssignments/write",
"Microsoft.Maintenance/configurationAssignments/delete",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/read",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/write",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/delete",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/read",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/write",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Scheduled Patching Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Site Recovery
Memungkinkan Anda mengelola layanan Site Recovery selain pembuatan vault dan penetapan peran
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.RecoveryServices/locations/allocatedStamp/baca | GetAllocatedStamp adalah operasi internal yang digunakan oleh layanan |
| Microsoft.RecoveryServices/lokasi/allocateStamp/tindakan | AllocateStamp adalah operasi internal yang digunakan oleh layanan |
| Microsoft.RecoveryServices/Vaults/sertifikat/tulis | Operasi Perbarui Sertifikat Sumber Daya memperbarui sertifikat kredensial sumber daya/vault. |
| Microsoft.RecoveryServices/Vaults/extendedInformation/* | Membuat dan mengelola info yang diperluas terkait dengan kubah |
| Microsoft.RecoveryServices/Vaults/baca | Operasi Mendapatkan Vault mendapatkan objek yang mewakili sumber daya Azure jenis 'vault' |
| Microsoft.RecoveryServices/Vaults/refreshContainers/baca | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/* | Membuat dan mengelola identitas terdaftar |
| Microsoft.RecoveryServices/vaults/replicationAlertSettings/* | Membuat atau Memperbarui pengaturan pemberitahuan replikasi |
| Microsoft.RecoveryServices/vaults/replicationEvents/baca | Membaca Peristiwa apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/* | Membuat dan mengelola susunan replikasi |
| Microsoft.RecoveryServices/vaults/replicationJobs/* | Membuat dan mengelola pekerjaan replikasi |
| Microsoft.RecoveryServices/vaults/replicationPolicies/* | Membuat dan mengelola kebijakan replikasi |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/* | Membuat dan mengelola rencana pemulihan |
| Microsoft.RecoveryServices/vaults/replicationVaultSettings/* | |
| Microsoft.RecoveryServices/Vaults/storageConfig/* | Membuat dan mengelola konfigurasi penyimpanan vault Layanan Pemulihan |
| Microsoft.RecoveryServices/Vaults/tokenInfo/baca | |
| Microsoft.RecoveryServices/Vaults/penggunaan/baca | Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/vaultTokens/baca | Operasi Token Vault dapat digunakan untuk mendapatkan Token Vault untuk operasi backend tingkat kubah. |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | Baca pemberitahuan untuk kubah layanan Pemulihan |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/baca | |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.RecoveryServices/vaults/replicationOperationStatus/baca | Baca Status Operasi Replikasi Kubah |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Site Recovery service except vault creation and role assignment",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"name": "6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/*",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/*",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/*",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/*",
"Microsoft.RecoveryServices/Vaults/storageConfig/*",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/vaults/replicationOperationStatus/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Site Recovery
Memungkinkan Anda failover dan failback, tetapi tidak dapat melakukan operasi manajemen Site Recovery lainnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.RecoveryServices/locations/allocatedStamp/baca | GetAllocatedStamp adalah operasi internal yang digunakan oleh layanan |
| Microsoft.RecoveryServices/lokasi/allocateStamp/tindakan | AllocateStamp adalah operasi internal yang digunakan oleh layanan |
| Microsoft.RecoveryServices/Vaults/extendedInformation/baca | Operasi Mendapatkan Info yang Diperluas mendapatkan Info yang Diperluas objek yang mewakili sumber daya Azure jenis ?vault? |
| Microsoft.RecoveryServices/Vaults/baca | Operasi Mendapatkan Vault mendapatkan objek yang mewakili sumber daya Azure jenis 'vault' |
| Microsoft.RecoveryServices/Vaults/refreshContainers/baca | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/baca | Operasi Dapatkan Hasil Operasi dapat digunakan untuk mendapatkan hasil dan status operasi untuk operasi yang dikirimkan secara asinkron |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/baca | Operasi Dapatkan Kontainer dapat digunakan untuk mendapatkan kontainer yang terdaftar untuk sumber daya. |
| Microsoft.RecoveryServices/vaults/replicationAlertSettings/baca | Baca Pengaturan Pemberitahuan apa pun |
| Microsoft.RecoveryServices/vaults/replicationEvents/baca | Membaca Peristiwa apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/tindakan | Memeriksa Konsistensi Susunan |
| Microsoft.RecoveryServices/vaults/replicationFabrics/baca | Baca Susunan Apa Pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/tindakan | Pisahkan Gateway |
| Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/tindakan | Perbarui Sertifikat Susunan |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/baca | Membaca Jaringan apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/baca | Baca Pemetaan Jaringan apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/baca | Baca Kontainer Perlindungan apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/baca | Baca Item yang Dapat Diproteksi |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/tindakan | Terapkan Titik Pemulihan |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/tindakan | Penerapan Failover |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/tindakan | Failover terencana |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/baca | Baca Item Terproteksi |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/baca | Baca Titik Pemulihan Replikasi apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/tindakan | Perbaiki replikasi |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/tindakan | Lindungi kembali Item yang Dilindungi |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/tindakan | Beralih Kontainer Perlindungan |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/tindakan | Menguji Failover |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/tindakan | Uji Pembersihan Failover |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/tindakan | Failover |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/tindakan | Memperbarui Layanan Mobilitas |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/baca | Membaca Pemetaan Kontainer Perlindungan apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/baca | Baca Penyedia Layanan Pemulihan apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/tindakan | Segarkan Penyedia |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/baca | Baca Klasifikasi Penyimpanan apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/baca | Membaca Pemetaan Klasifikasi Penyimpanan apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/baca | Baca vCenters apa pun |
| Microsoft.RecoveryServices/vaults/replicationJobs/* | Membuat dan mengelola pekerjaan replikasi |
| Microsoft.RecoveryServices/vaults/replicationPolicies/baca | Membaca Kebijakan apa pun |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/tindakan | Paket Pemulihan Penerapan Failover |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/tindakan | Rencana Pemulihan Failover yang Direncanakan |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/baca | Membaca Paket Pemulihan apa pun |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/tindakan | Paket Pemulihan ReProtect |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/tindakan | Menguji Paket Pemulihan Failover |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/tindakan | Uji Rencana Pemulihan Pembersihan Failover |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/t | Rencana Pemulihan Failover |
| Microsoft.RecoveryServices/vaults/replicationVaultSettings/read | Membaca apa pun |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | Baca pemberitahuan untuk kubah layanan Pemulihan |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/baca | |
| Microsoft.RecoveryServices/Vaults/storageConfig/baca | |
| Microsoft.RecoveryServices/Vaults/tokenInfo/baca | |
| Microsoft.RecoveryServices/Vaults/penggunaan/baca | Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/vaultTokens/baca | Operasi Token Vault dapat digunakan untuk mendapatkan Token Vault untuk operasi backend tingkat kubah. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you failover and failback but not perform other Site Recovery management operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca",
"name": "494ae006-db33-4328-bf46-533a6560a3ca",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Site Recovery
Memungkinkan Anda melihat status Site Recovery, tetapi tidak dapat melakukan operasi manajemen lainnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.RecoveryServices/locations/allocatedStamp/baca | GetAllocatedStamp adalah operasi internal yang digunakan oleh layanan |
| Microsoft.RecoveryServices/Vaults/extendedInformation/baca | Operasi Mendapatkan Info yang Diperluas mendapatkan Info yang Diperluas objek yang mewakili sumber daya Azure jenis ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca | Mendapatkan peringatan untuk vault Layanan pemulihan. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/baca | |
| Microsoft.RecoveryServices/Vaults/baca | Operasi Mendapatkan Vault mendapatkan objek yang mewakili sumber daya Azure jenis 'vault' |
| Microsoft.RecoveryServices/Vaults/refreshContainers/baca | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/baca | Operasi Dapatkan Hasil Operasi dapat digunakan untuk mendapatkan hasil dan status operasi untuk operasi yang dikirimkan secara asinkron |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/baca | Operasi Dapatkan Kontainer dapat digunakan untuk mendapatkan kontainer yang terdaftar untuk sumber daya. |
| Microsoft.RecoveryServices/vaults/replicationAlertSettings/baca | Baca Pengaturan Pemberitahuan apa pun |
| Microsoft.RecoveryServices/vaults/replicationEvents/baca | Membaca Peristiwa apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/baca | Baca Susunan Apa Pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/baca | Membaca Jaringan apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/baca | Baca Pemetaan Jaringan apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/baca | Baca Kontainer Perlindungan apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/baca | Baca Item yang Dapat Diproteksi |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/baca | Baca Item Terproteksi |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/baca | Baca Titik Pemulihan Replikasi apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/baca | Membaca Pemetaan Kontainer Perlindungan apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/baca | Baca Penyedia Layanan Pemulihan apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/baca | Baca Klasifikasi Penyimpanan apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/baca | Membaca Pemetaan Klasifikasi Penyimpanan apa pun |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/baca | Baca vCenters apa pun |
| Microsoft.RecoveryServices/vaults/replicationJobs/baca | Membaca Pekerjaan apa pun |
| Microsoft.RecoveryServices/vaults/replicationPolicies/baca | Membaca Kebijakan apa pun |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/baca | Membaca Paket Pemulihan apa pun |
| Microsoft.RecoveryServices/vaults/replicationVaultSettings/read | Membaca apa pun |
| Microsoft.RecoveryServices/Vaults/storageConfig/baca | |
| Microsoft.RecoveryServices/Vaults/tokenInfo/baca | |
| Microsoft.RecoveryServices/Vaults/penggunaan/baca | Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/vaultTokens/baca | Operasi Token Vault dapat digunakan untuk mendapatkan Token Vault untuk operasi backend tingkat kubah. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you view Site Recovery status but not perform other management operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/dbaa88c4-0c30-4179-9fb3-46319faa6149",
"name": "dbaa88c4-0c30-4179-9fb3-46319faa6149",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/read",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Permintaan Dukungan
Memungkinkan Anda membuat dan mengelola Permintaan dukungan
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you create and manage Support requests",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"name": "cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Support Request Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Tag
Memungkinkan Anda mengelola tag pada entitas, tanpa memberikan akses ke entitas itu sendiri.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan sumber daya untuk grup sumber daya. |
| Microsoft.Resources/langganan/sumber daya/baca | Mendapatkan sumber daya dari langganan. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Resources/tags/* | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage tags on entities, without providing access to the entities themselves.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f",
"name": "4a9ae827-6dc8-4573-8ac7-8239d42aa03f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/resources/read",
"Microsoft.Resources/subscriptions/resources/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*",
"Microsoft.Resources/tags/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Tag Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Spesifikasi Templat
Memungkinkan akses penuh ke operasi Spesifikasi Templat pada cakupan yang ditetapkan.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Resources/templateSpecs/* | Membuat dan mengelola spesifikasi templat dan versi spesifikasi templat |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows full access to Template Spec operations at the assigned scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1c9b6475-caf0-4164-b5a1-2142a7116f4b",
"name": "1c9b6475-caf0-4164-b5a1-2142a7116f4b",
"permissions": [
{
"actions": [
"Microsoft.Resources/templateSpecs/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Template Spec Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Spesifikasi Templat
Memungkinkan akses baca ke Spesifikasi Templat pada cakupan yang ditetapkan.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Resources/templateSpecs/*/read | Mendapatkan atau mencantumkan spesifikasi templat dan versi spesifikasi templat |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to Template Specs at the assigned scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/392ae280-861d-42bd-9ea5-08ee6d83b80e",
"name": "392ae280-861d-42bd-9ea5-08ee6d83b80e",
"permissions": [
{
"actions": [
"Microsoft.Resources/templateSpecs/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Template Spec Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}