Peran bawaan Azure
Kontrol akses berbasis peran Azure (Azure RBAC) memiliki beberapa peran bawaan Azure yang dapat Anda tetapkan kepada pengguna, grup, prinsipal layanan, dan identitas terkelola. Penetapan peran adalah cara Anda mengontrol akses ke sumber daya Azure. Jika peran bawaan tidak memenuhi kebutuhan spesifik organisasi, Anda bisa membuat peran kustom Azure. Untuk informasi tentang cara menetapkan peran, lihat Langkah-langkah untuk menetapkan peran Azure.
Artikel ini mencantumkan peran bawaan Azure. Jika Anda mencari peran administrator untuk Azure Active Directory (Azure AD), lihat Peran bawaan Azure AD.
Tabel berikut ini menyediakan deskripsi singkat tentang setiap peran bawaan. Klik nama peran untuk melihat daftar Actions,NotActions,DataActions, dan NotDataActionsuntuk setiap peran. Untuk informasi tentang apa maksud tindakan ini dan bagaimana tindakan tersebut berlaku untuk kontrol dan data plane, lihat Memahami definisi peran Azure.
Semua
| Peran bawaan | Deskripsi | ID |
|---|---|---|
| Umum | ||
| Kontributor | Memberikan akses penuh untuk mengelola semua sumber daya, tetapi tidak mengizinkan Anda untuk menetapkan peran di RBAC Azure, mengelola tugas di Azure Blueprints, atau berbagi galeri gambar. | b24988ac-6180-42a0-ab88-20f7382dd24c |
| Pemilik | Memberikan akses penuh untuk mengelola semua sumber daya, termasuk kemampuan untuk menetapkan peran di RBAC Azure. | 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 |
| Pembaca | Melihat semua sumber daya, namun tidak mengizinkan Anda untuk melakukan perubahan apa pun. | acdd72a7-3385-48ef-bd42-f606fba81ae7 |
| Administrator Akses Pengguna | Memungkinkan Anda mengelola akses pengguna ke sumber daya Azure. | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9 |
| Compute | ||
| Kontributor Mesin Virtual Klasik | Memungkinkan Anda mengelola virtual machines klasik, tetapi tidak dapat mengaksesnya, dan bukan jaringan virtual atau akun penyimpanan tempat virtual machines klasik tersambung. | d73bb868-a0df-4d4d-bd69-98a00b01fccb |
| Operator Data untuk Disk Terkelola | Menyediakan izin untuk mengunggah data ke disk terkelola yang kosong, membaca, atau mengekspor data disk terkelola (tidak dilampirkan ke VM yang sedang berjalan) dan rekam jepret menggunakan URI SAS dan autentikasi Azure AD. | 959f8984-c045-4866-89c7-12bf9737be2e |
| Pembaca Backup Disk | Memberikan izin ke vault cadangan untuk melakukan pencadangan disk. | 3e5e47e6-65f7-47ef-90b5-e5dd4d455f24 |
| Operator Kumpulan Disk | Berikan izin kepada Penyedia Sumber Daya StoragePool untuk mengelola disk yang ditambahkan ke kumpulan disk. | 60fc6e62-5479-42d4-8bf4-67625fcc2840 |
| Operator Pemulihan Disk | Memberikan izin ke vault cadangan untuk melakukan pemulihan disk. | b50d9833-a0cb-478e-945f-707fcc997c13 |
| Kontributor Snapshot Disk | Memberikan izin ke vault cadangan untuk mengelola rekam jepret disk. | 7efff54f-a5b4-42b5-a1c5-5411624893ce |
| Informasi Masuk Administrator Virtual Machine | Melihat Virtual Machines dalam portal dan masuk sebagai administrator | 1c0163c0-47e6-4577-8991-ea5c82e286e4 |
| Kontributor Komputer Virtual | Membuat dan mengelola komputer virtual, mengelola disk, menginstal dan menjalankan perangkat lunak, mengatur ulang kata sandi pengguna root komputer virtual menggunakan ekstensi VM, dan mengelola akun pengguna lokal menggunakan ekstensi VM. Peran ini tidak memberi Anda akses manajemen ke jaringan virtual atau akun penyimpanan yang terhubung dengan mesin virtual. Peran ini tidak memungkinkan Anda untuk menetapkan peran di Azure RBAC. | 9980e02c-c2be-4d73-94e8-173b1dc7cf3c |
| Login Pengguna Mesin Virtual | Melihat Virtual Machines di portal dan masuk sebagai pengguna biasa. | fb879df8-f326-4884-b1cf-06f3ad86be52 |
| Log Masuk Administrator Windows Admin Center | Mari Anda mengelola OS sumber daya Anda melalui Windows Admin Center sebagai administrator. | a6333a3e-0164-44c3-b281-7a577aff287f |
| Jaringan | ||
| Kontributor Endpoint CDN | Dapat mengelola titik akhir CDN, tetapi tidak dapat memberikan akses kepada pengguna lain. | 426e0c7f-0c7e-4658-b36f-ff54d6c29b45 |
| Pembaca Endpoint CDN | Dapat melihat titik akhir CDN, namun tidak dapat melakukan perubahan. | 871e35f6-b5c1-49cc-a043-bde969a0f2cd |
| Kontributor Profil CDN | Dapat mengelola profil CDN dan titik akhirnya, tetapi tidak dapat memberikan akses ke pengguna lain. | ec156ff8-a8d1-4d15-830c-5b80698ca432 |
| Pembaca Profil CDN | Dapat melihat profil CDN dan titik akhirnya, tetapi tidak dapat melakukan perubahan. | 8f96442b-4075-438f-813d-ad51ab4019af |
| Kontributor Jaringan Klasik | Memungkinkan Anda mengelola jaringan klasik, tetapi tidak dapat mengaksesnya. | b34d265f-36f7-4a0d-a4d4-e158ca92e90f |
| Kontributor Zona DNS | Memungkinkan Anda mengelola zona DNS dan kumpulan catatan di Azure DNS, tetapi tidak mengizinkan Anda mengontrol siapa yang memiliki aksesnya. | befefa01-2a29-4197-83a8-272ff33ce314 |
| Kontributor Jaringan | Memungkinkan Anda mengelola jaringan, tetapi tidak dapat mengaksesnya. | 4d97b98b-1d4f-4787-a291-c67834d212e7 |
| Kontributor Zona DNS Privat | Memungkinkan Anda mengelola sumber daya zona DNS privat, tetapi bukan jaringan virtual tempat sumber daya zona DNS privat tersambung. | b12aa53e-6015-4669-85d0-8515ebb3ae7f |
| Kontributor Traffic Manager | Memungkinkan Anda mengelola profil Traffic Manager, tetapi tidak mengizinkan Anda mengontrol siapa yang memiliki aksesnya. | a4b10055-b0c7-44c2-b00f-c7b5b3550cf7 |
| Penyimpanan | ||
| Kontributor Avere | Dapat membuat dan mengelola kluster Avere vFXT. | 4f8fab4f-1852-4a58-a46a-8eaf358af14a |
| Operator Avere | Digunakan oleh kluster Avere vFXT untuk mengelola kluster | c025889f-8102-4ebf-b32c-fc0c6f0c6bd9 |
| Kontributor Cadangan | Memungkinkan Anda mengelola layanan pencadangan,tetapi tidak dapat membuat vault dan memberi akses kepada orang lain | 5e467623-bb1f-42f4-a55d-6e525e11384b |
| Operator Microsoft Azure Backup | Memungkinkan Anda mengelola layanan pencadangan, kecuali penghapusan cadangan, pembuatan vault, dan memberikan akses kepada orang lain | 00c29273-979b-4161-815c-10b084fb9324 |
| Pembaca Backup | Dapat melihat layanan pencadangan, tetapi tidak dapat membuat perubahan | a795c7a0-d4a2-40c1-ae25-d81f01202912 |
| Kontributor Akun Storage Klasik | Memungkinkan Anda mengelola akun penyimpanan klasik, tetapi tidak dapat mengaksesnya. | 86e8f5dc-a6e9-4c67-9d15-de283e8eac25 |
| Peran Layanan Operator Kunci Akun Storage Klasik | Operator Kunci Akun Penyimpanan Klasik diizinkan untuk mencantumkan dan membuat kunci pada Akun Penyimpanan Klasik | 985d6b00-f706-48f5-a6fe-d0ca12fb668d |
| Kontributor Data Box | Memungkinkan Anda mengelola semuanya dalam Layanan Data Box, kecuali memberikan akses kepada orang lain. | add466c9-e687-43fc-8d98-dfcf8d720be5 |
| Pembaca Data Box | Memungkinkan Anda mengelola Layanan Data Box, kecuali membuat urutan atau mengedit detail urutan dan memberikan akses kepada orang lain. | 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027 |
| Pengembang Data Lake Analytics | Memungkinkan Anda untuk mengirim, memantau, dan mengelola tugas Anda sendiri, namun tidak dapat membuat atau menghapus akun Data Lake Analytics. | 47b7735b-770e-4598-a7da-8b91488b4c88 |
| Pemilik Elastic SAN | Memungkinkan akses penuh ke semua sumber daya di bawah Azure Elastic SAN termasuk mengubah kebijakan keamanan jaringan untuk membuka blokir akses jalur data | 80dcbedb-47ef-405d-95bd-188a1b4ac406 |
| Pembaca ELASTIC SAN | Memungkinkan akses baca jalur kontrol ke Azure Elastic SAN | af6a70f8-3c9f-4105-acf1-d719e9fca4ca |
| Pemilik Grup Volume Elastic SAN | Memungkinkan akses penuh ke grup volume di Azure Elastic SAN termasuk mengubah kebijakan keamanan jaringan untuk membuka blokir akses jalur data | a8281131-f312-4f34-8d98-ae12be9f0d23 |
| Pembaca dan Akses Data | Memungkinkan Anda melihat semuanya tetapi tidak akan membiarkan Anda menghapus atau membuat akun penyimpanan atau sumber daya yang terkandung. Ini juga akan memungkinkan akses baca / tulis ke semua data yang terkandung dalam akun penyimpanan melalui akses ke kunci akun penyimpanan. | c12c1c16-33a1-487b-954d-41c89c60f349 |
| Kontributor Pencadangan Akun Penyimpanan | Memungkinkan Anda melakukan operasi pencadangan dan pemulihan menggunakan Azure Backup di akun penyimpanan. | e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1 |
| Kontributor Akun Storage | Mengizinkan pengelolaan akun penyimpanan. Menyediakan akses ke kunci akun, yang dapat digunakan untuk mengakses data melalui otorisasi Kunci Bersama. | 17d1049b-9a84-46fb-8f53-869881c3d3ab |
| Peran Layanan Operator Kunci Akun Penyimpanan | Mengizinkan pencatatan dan regenerasi kunci akses akun penyimpanan. | 81a9662b-bebf-436f-a333-f67b29880f12 |
| Kontributor Data Blob Penyimpanan | Baca, tulis, dan hapus kontainer dan blob Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. | ba92f5b4-2d11-453d-a403-e96b0029c9fe |
| Pemilik Data Blob Penyimpanan | Memungkinkan akses penuh ke kontainer dan data blob Azure Storage, termasuk menetapkan kontrol akses POSIX. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. | b7e6dc6d-f1e8-4753-8033-0f276bb0955b |
| Pembaca Data Blob Penyimpanan. | Baca dan daftar kontainer dan blob Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. | 2a2b9908-6ea1-4ae2-8e65-a410df84e7d1 |
| Delegator Bloob Penyimpanan | Dapatkan kunci delegasi pengguna, yang kemudian dapat digunakan untuk membuat penanda akses bersama untuk kontainer atau blob yang ditandai dengan kredensial Azure AD. Untuk informasi selengkapnya, lihat Membuat delegasi pengguna SAS. | db58b8e5-c6ad-4a2a-8342-4190687cbf4a |
| Storage File Data Privileged Reader | Memungkinkan untuk membaca, menulis, menghapus, dan memodifikasi ACL pada file/direktori di berbagi file Azure dengan mengganti izin ACL/NTFS yang ada. Peran ini tidak memiliki bawaan yang setara pada server file Windows. | 69566ab7-960f-475b-8e7c-b3118f30c6bd |
| Pembaca Data File Penyimpanan Izin Khusus | Memungkinkan akses baca pada file/direktori di berbagi file Azure dengan mengganti izin ACL/NTFS yang ada. Peran ini tidak memiliki bawaan yang setara pada server file Windows. | b8eda974-7b85-4f76-af95-65846b26df6d |
| Kontributor Berbagi SMB Data File Penyimpanan | Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini tidak memiliki bawaan yang setara pada server file Windows. | 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb |
| Kontributor Lanjutan Berbagi SMB Data File Penyimpanan | Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini setara dengan ACL berbagi berkas perubahan pada peladen berkas Windows. | a7264617-510b-434b-a828-9731dc254ea7 |
| Pembaca Berbagi SMB Data File Penyimpanan | Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini setara dengan ACL berbagi file yang dibaca di server file Windows. | aba4ae5f-2193-4029-9191-0cb91df5e314 |
| Kontributor Data Antrean Penyimpanan | Baca, tulis, dan hapus antrean Azure Storage dan pesan antrean. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. | 974c5e8b-45b9-4653-ba55-5f855dd0fb88 |
| Pemroses Pesan Data Antrean Penyimpanan | Mengintip, mengambil, dan menghapus pesan dari antrean Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. | 8a0f0c08-91a1-4084-bc3d-661d67233fed |
| Storage Queue Data Message Sender | Tambah pesan ke antrean Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. | c6a89b2d-59bc-44d0-9896-0f6e12d7b80a |
| Kontributor Data Antrean Penyimpanan | Baca dan daftar antrean Azure Storage dan pesan antrean. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. | 19e7f393-937e-4f77-808e-94535e297925 |
| Kontributor Data Tabel Penyimpanan | Memungkinkan untuk membaca, menulis, dan menghapus akses ke Azure Storage tabel dan entitas | 0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3 |
| Pembaca Data Tabel Penyimpanan | Memungkinkan akses baca ke tabel dan entitas Azure Storage | 76199698-9eea-4c19-bc75-cec21354c6b6 |
| Web | ||
| Kontributor Data Azure Maps | Memberikan akses baca, tulis, dan hapus ke data terkait peta dari akun Azure maps. | 8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204 |
| Pembaca Data Azure Maps | Memberikan akses untuk membaca data terkait peta dari akun Azure maps. | 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa |
| Kontributor Server Azure Spring Cloud Config | Mengizinkan membaca, menulis, dan menghapus akses ke Server Config Azure Spring Cloud | a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b |
| Pembaca Server Azure Spring Cloud Config | Mengizinkan akses baca ke Server Config Azure Spring Cloud | d04c6db6-4947-4782-9e91-30a88feb7be7 |
| Pembaca Data Azure Spring Cloud | Izinkan akses baca ke Azure Spring Cloud Data | b5537268-8956-4941-a8f0-646150406f0c |
| Kontributor Registri Layanan Azure Spring Cloud | Mengizinkan membaca, menulis, dan menghapus akses ke Registri Layanan Azure Spring Cloud | f5880b48-c26d-48be-b172-7927bfa1c8f1 |
| Pembaca Registri Layanan Azure Spring Cloud | Mengizinkan akses baca ke Registri Layanan Azure Spring Cloud | cff1b556-2399-4e7e-856d-a8f754be7b65 |
| Administrator Akun Media Services | Membuat, membaca, mengubah, dan menghapus akun Media Services; akses baca-saja ke sumber daya Media Services lainnya. | 054126f8-9a2b-4f1c-a9ad-eca461f08466 |
| Administrator Acara Langsung Media Services | Membuat, membaca, dan memodifikasi Acara Langsung, Aset, Filter Aset, dan Pencari Streaming; akses baca-saja ke sumber daya Media Services lainnya. | 532bc159-b25e-42c0-969e-a1d439f60d77 |
| Operator Media untuk Media Services | Membuat, membaca, memodifikasi, dan menghapus Aset, Filter Aset, Pencari Streaming, dan Pekerjaan; akses baca-saja ke sumber daya Media Services lainnya. | e4395492-1534-4db2-bedf-88c14621589c |
| Administrator Policy Media Services | Membuat, membaca, memodifikasi, dan menghapus Filter Akun, Kebijakan Streaming, Kebijakan Kunci Konten, dan Transformasi; akses baca-saja ke sumber daya Media Services lainnya. Tidak dapat membuat sumber daya Pekerjaan, Aset, atau Streaming. | c4bba371-dacd-4a26-b320-7250bca963ae |
| Administrator Titik Akhir Streaming Media Services | Membuat, membaca, mengubah, dan menghapus akun Titik Akhir Streaming; akses baca-saja ke sumber daya Media Services lainnya. | 99dba123-b5fe-44d5-874c-ced7199a5804 |
| Kontributor Data Indeks Pencarian | Memberikan akses penuh ke data indeks Azure Cognitive Search. | 8ebe5a00-799e-43f5-93ac-243d3dce84a7 |
| Pembaca Data Indeks Pencarian | Memberikan akses membaca ke data indeks Azure Cognitive Search. | 1407120a-92aa-4202-b7e9-c0e197c71c8f |
| Kontributor Layanan Pencarian | Memungkinkan Anda mengelola Layanan pencarian, tetapi tidak dapat mengaksesnya. | 7ca78c08-252a-4471-8644-bb5ff32d4ba0 |
| Pembaca SignalR AccessKey | Membaca Kunci Akses Layanan SignalR | 04165923-9d83-45d5-8227-78b77b0a687e |
| Server Aplikasi SignalR | Memungkinkan server aplikasi Anda mengakses SignalR Service dengan opsi autentikasi AAD. | 420fcaa2-552c-430f-98ca-3264be4806c7 |
| Pemilik REST API SignalR | Akses penuh ke REST API Azure SignalR Service | fd53cd77-2268-407a-8f46-7e7863d0f521 |
| Pembaca REST API SignalR | Akses baca saja ke REST API Azure SignalR Service | ddde6b66-c0df-4114-a159-3618637b3035 |
| Pemilik SignalR Service | Akses penuh ke REST API Azure SignalR Service | 7e4f1700-ea5a-4f59-8f37-079cfe29dce3 |
| Kontributor SignalR/Web PubSub | Membuat, Membaca, Memperbarui, dan Menghapus sumber daya layanan SignalR | 8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761 |
| Kontributor Rencana Web | Mengelola paket web untuk situs web. Peran ini tidak memungkinkan Anda menetapkan peran di RBAC Azure. | 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b |
| Kontributor Situs Web | Mengelola situs web, tetapi bukan paket web. Peran ini tidak memungkinkan Anda menetapkan peran di RBAC Azure. | de139f84-1756-47ae-9be6-808fbbe84772 |
| Kontainer | ||
| AcrDelete | Hapus repositori, tag, atau manifes dari registri kontainer. | c2f4ef07-c644-48eb-af81-4b1b4947fb11 |
| AcrImageSigner | Dorong gambar tepercaya ke atau tarik gambar tepercaya dari registri kontainer yang diaktifkan untuk kepercayaan konten. | 6cef56e8-d556-48e5-a04f-b8e64114680f |
| AcrPull | Tarik artefak dari registri kontainer. | 7f951dda-4ed3-4680-a7ca-43fe172d538d |
| AcrPush | Dorong artefak ke atau tarik artefak dari registri kontainer. | 8311e382-0749-4cb8-b61a-304f252e45ec |
| AcrQuarantineReader | Tarik gambar yang dikarantina dari registri kontainer. | cdda3590-29a3-44f6-95f2-9f980659eb04 |
| AcrQuarantineWriter | Dorong gambar yang dikarantina ke atau tarik gambar yang dikarantina dari registri kontainer. | c8d4ff99-41c3-41a8-9f60-21dfdad59608 |
| Admin Azure Kubernetes Fleet Manager RBAC | Peran ini memberikan akses admin - menyediakan izin tulis pada sebagian besar objek dalam namespace layanan, dengan pengecualian objek ResourceQuota dan objek namespace itu sendiri. Menerapkan peran ini pada lingkup kluster akan memberikan akses ke semua namespace. | 434fb43a-c01c-447e-9f67-c3ad923cfaba |
| Admin Kluster RBAC Azure Kubernetes Fleet Manager | Memungkinkan Anda mengelola semua sumber daya di kluster manajer armada. | 18ab4d3d-a1bf-4477-8ad9-8359bc988f69 |
| Pembaca RBAC Manajer Armada Azure Kubernetes | Izinkan akses read-only untuk melihat sebagian besar objek di namespace layanan. Hal ini tidak mengizinkan untuk menampilkan peran atau pengikatan peran. Peran ini tidak memungkinkan penayangan, karena membaca konten Rahasia memungkinkan akses ke kredensial ServiceAccount di namespace, yang akan memungkinkan akses API sebagai ServiceAccount apa pun di namespace (bentuk eskalasi hak istimewa). Menerapkan peran ini pada lingkup kluster akan memberikan akses ke semua namespace. | 30b27cfc-9c84-438e-b0ce-70e35255df80 |
| Penulis RBAC Manajer Armada Azure Kubernetes | Mengizinkan akses read/write ke sebagian besar objek dalam sebuah namespace layanan. Peran ini tidak mengizinkan melihat atau memodifikasi peran atau pengikatan peran. Namun, peran ini memungkinkan mengakses Rahasia sebagai ServiceAccount apa pun di namespace layanan, sehingga dapat digunakan untuk mendapatkan tingkat akses API dari ServiceAccount apa pun di namespace layanan. Menerapkan peran ini pada lingkup kluster akan memberikan akses ke semua namespace. | 5af6afb3-c06c-4fa4-8848-71a8aee05683 |
| Peran Admin kluster Azure Kubernetes Service | Tindakan buat daftar kredensial admin kluster. | 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8 |
| Peran Pengguna kluster Azure Kubernetes Service | Tindakan buat daftar kredensial pengguna kluster. | 4abbcc35-e782-43d8-92c5-2d3f1bd2253f |
| Peran Kontributor Azure Kubernetes Service | Memberikan akses untuk membaca dan menulis kluster Azure Kubernetes Service | ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8 |
| Admin RBAC Azure Kubernetes Service | Memungkinkan Anda mengelola semua sumber daya dalam kluster/namespace layanan, kecuali memperbarui atau menghapus kuota dan namespace. | 3498e952-d568-435e-9b2c-8d77e338d7f7 |
| Admin Klaster RBAC Azure Kubernetes Service | Memungkinkan Anda mengelola semua sumber daya dalam kluster. | b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b |
| Pembaca RBAC Azure Kubernetes Service | Izinkan akses read-only untuk melihat sebagian besar objek di namespace layanan. Hal ini tidak mengizinkan untuk menampilkan peran atau pengikatan peran. Peran ini tidak memungkinkan penayangan, karena membaca konten Rahasia memungkinkan akses ke kredensial ServiceAccount di namespace, yang akan memungkinkan akses API sebagai ServiceAccount apa pun di namespace (bentuk eskalasi hak istimewa). Menerapkan peran ini pada lingkup kluster akan memberikan akses ke semua namespace. | 7f6c6a51-bcf8-42ba-9220-52d62157d7db |
| Penulis RBAC Azure Kubernetes Service | Mengizinkan akses read/write ke sebagian besar objek dalam sebuah namespace layanan. Peran ini tidak mengizinkan melihat atau memodifikasi peran atau pengikatan peran. Namun, peran ini memungkinkan akses Rahasia dan menjalankan Pod sebagai ServiceAccount mana pun di namespace, sehingga dapat digunakan untuk mendapatkan level akses API dari ServiceAccount apa pun di namespace. Menerapkan peran ini pada lingkup kluster akan memberikan akses ke semua namespace. | a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb |
| Database | ||
| Onboarding SQL Server yang Terhubung ke Azure | Memungkinkan untuk membaca dan menulis akses ke sumber daya Azure untuk SQL Server pada server arc-enabled. | e8113dce-c529-4d33-91fa-e9b972617508 |
| Peran Cosmos DB Account Reader | Dapat membaca data Akun Azure Cosmos DB. Lihat Kontributor Akun DocumentDB untuk mengelola akun Azure Cosmos DB. | fbdf93bf-df7d-467e-a4d2-9458aa1360c8 |
| Operator Cosmos DB | Memungkinkan Anda mengelola akun Azure Cosmos DB, tetapi tidak mengakses data di dalamnya. Mencegah akses ke kunci akun dan string koneksi. | 230815da-be43-4aae-9cb4-875f7bd000aa |
| CosmosBackupOperator | Dapat mengirim permintaan pemulihan untuk database Cosmos DB atau kontainer untuk akun | db7b14f2-5adf-42da-9f96-f2ee17bab5cb |
| CosmosRestoreOperator | Dapat melakukan tindakan pemulihan untuk akun database Cosmos DB dengan mode pencadangan kontinu | 5432c526-bc82-444a-b7ba-57c5b0b5b34f |
| Kontributor Akun DocumentDB | Dapat mengelola akun Azure Cosmos DB. Azure Cosmos DB sebelumnya dikenal sebagai DocumentDB. | 5bd9cd88-fe45-4216-938b-f97437e15450 |
| Kontributor Redis Cache | Memungkinkan Anda mengelola Redis cache, tetapi tidak dapat mengaksesnya. | e0f68234-74aa-48ed-b826-c38b57376e17 |
| Kontributor SQL DB | Memungkinkan Anda mengelola database SQL, tetapi tidak mengaksesnya. Selain itu, Anda tidak dapat mengelola kebijakan terkait keamanan atau server SQL induk mereka. | 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec |
| Kontributor SQL Managed Instance | Memungkinkan Anda mengelola SQL Managed Instances dan konfigurasi jaringan yang diperlukan, tetapi tidak dapat memberikan akses kepada orang lain. | 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d |
| SQL Security Manager | Memungkinkan Anda mengelola kebijakan terkait keamanan dari server dan database SQL, tetapi tidak dapat mengaksesnya. | 056cd41c-7e88-42e1-933e-88ba6a50c9c3 |
| Kontributor SQL Server | Memungkinkan Anda mengelola server dan database SQL, tetapi tidak dapat mengaksesnya, dan bukan kebijakan terkait keamanannya. | 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 |
| Analitik | ||
| Pemilik Data Azure Event Hubs | Memungkinkan akses penuh ke sumber daya Azure Event Hubs. | f526a384-b230-433a-b45c-95f59c4a2dec |
| Penerima Data Azure Event Hubs | Memungkinkan penerimaan akses ke sumber daya Azure Event Hubs. | a638d3c7-ab3a-418d-83e6-5f17a39d4fde |
| Azure Service Bus Data Sender | Memungkinkan untuk mengirim akses ke sumber daya Azure Event Hubs. | 2b629674-e913-4c01-ae53-ef4638d8f975 |
| Kontributor Data Factory | Buat dan kelola pabrik data, serta sumber daya turunan di dalamnya. | 673868aa-7521-48a0-acc6-0f60742d39f5 |
| Penghapus Seluruh Data | Menghapus data pribadi dari ruang kerja Analitik Log. | 150f5e0c-0603-4f03-8c7f-cf70034c4e90 |
| Operator Klaster HDInsight | Memungkinkan Anda membaca dan mengubah konfigurasi kluster HDInsight. | 61ed4efc-fab3-44fd-b111-e24485cc132a |
| Kontributor Layanan Domain HDInsight | Dapat Membaca, Membuat, Mengubah, dan Menghapus operasi terkait Layanan Domain yang diperlukan untuk Paket Keamanan Perusahaan HDInsight | 8d8d5a11-05d3-4bda-a417-a08778121c7c |
| Kontributor Analitik Log | Kontributor Analitik Log dapat membaca semua data pemantauan dan mengedit pengaturan pemantauan. Pengaturan pemantauan pengeditan termasuk menambahkan ekstensi VM ke VM; membaca kunci akun penyimpanan untuk dapat mengonfigurasi koleksi log dari Azure Storage; menambahkan solusi; dan mengonfigurasi diagnostik Azure pada semua sumber daya Azure. | 92aaf0da-9dab-42b6-94a3-d43ce8d16293 |
| Pembaca Analitik Log | Pembaca Analitik Log dapat melihat dan mencari semua data pemantauan serta melihat pengaturan pemantauan, termasuk melihat konfigurasi diagnostik Azure di semua sumber daya Azure. | 73c42c96-874c-492b-b04d-ab87d138a893 |
| Kontributor Schema Registry (Pratinjau) | Membaca, menulis, dan menghapus grup dan skema Schema Registry. | 5dffeca3-4936-4216-b2bc-10343a5abb25 |
| Pembaca Schema Registry (Pratinjau) | Membaca dan membuat daftar grup dan skema Schema Registry. | 2c56ea50-c6b3-40a6-83c0-9d98858bc7d2 |
| Penguji Kueri Azure Stream Analytics | Memungkinkan Anda melakukan pengujian kueri tanpa membuat pekerjaan analisis aliran terlebih dahulu | 1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf |
| AI + pembelajaran mesin | ||
| Ilmuwan Data AzureML | Dapat melakukan semua tindakan dalam ruang kerja Azure Machine Learning, kecuali untuk membuat atau menghapus sumber daya komputasi dan memodifikasi ruang kerja itu sendiri. | f6c7c914-8db3-469d-8ca1-694a8f32e121 |
| Kontributor Cognitive Services | Memungkinkan Anda membuat, membaca, memperbarui, menghapus, dan mengelola kunci Cognitive Services. | 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68 |
| Kontributor Visi Kustom Cognitive Services | Akses penuh ke proyek, termasuk kemampuan untuk melihat, membuat, mengedit, atau menghapus proyek. | c1ff6cc2-c111-46fe-8896-e0ef812ad9f3 |
| Penyebaran Visi Kustom Cognitive Services | Publikasikan, batal terbitkan, atau ekspor model. Penyebaran dapat melihat proyek tetapi tidak dapat memperbarui. | 5c4089e1-6d96-4d2f-b296-c1bc7137275f |
| Pemberi Label Visi Kustom Cognitive Services | Lihat, edit gambar pelatihan dan buat, tambahkan, hapus, atau hapus tag gambar. Pelabel dapat melihat proyek tetapi tidak dapat memperbarui apa pun selain gambar dan tag pelatihan. | 88424f51-ebe7-446f-bc41-7fa16989e96c |
| Pembaca Visi Kustom Cognitive Services | Tindakan baca-saja di ruang kerja. Pembaca tidak dapat membuat atau memperbarui aset ini. | 93586559-c37d-4a6b-ba08-b9f0940c2d73 |
| Pelatih Custom Vision Cognitive Services | Lihat, edit proyek, dan latih model, termasuk kemampuan untuk menerbitkan, membatalkan penerbitan, mengekspor model. Pelatih tidak dapat membuat atau menghapus proyek. | 0a5ae4ab-0d65-4eeb-be61-29fc9b54394b |
| Pembaca Data Cognitive Services (Pratinjau) | Memungkinkan Anda membaca data Cognitive Services. | b59867f0-fa02-499b-be73-45a86b5b3e1c |
| Pengenal Wajah Cognitive Services | Memungkinkan Anda melakukan deteksi, verifikasi, identifikasi, kelompokkan, dan temukan operasi serupa di Face API. Peran ini tidak memungkinkan operasi buat atau hapus, yang membuatnya sangat cocok untuk titik akhir yang hanya perlu kemampuan yang lebih rendah, mengikuti praktik terbaik 'hak istimewa paling sedikit'. | 9894cab4-e18a-44aa-828b-cb588cd6f2d7 |
| Administrator Advisor Metrik Cognitive Services | Akses penuh ke proyek, termasuk konfigurasi tingkat sistem. | cb43c632-a144-4ec5-977c-e80c4affc34a |
| Kontributor OpenAI Cognitive Services | Akses penuh termasuk kemampuan untuk menyempurnakan, menyebarkan, dan menghasilkan teks | a001fd3d-188f-4b5d-821b-7da978bf7442 |
| Pengguna OpenAI Cognitive Services | Akses baca untuk melihat file, model, penyebaran. Kemampuan untuk membuat penyelesaian dan penyematan panggilan. | 5e0bd9bd-7b93-4f28-af87-19fc36ad61bd |
| Editor Pembuat QnA Cognitive Services | Mari kita membuat, mengedit, mengimpor, dan mengekspor KB. Anda tidak dapat menerbitkan atau menghapus KB. | f4cc2bf9-21be-47a1-bdf1-5c5804381025 |
| Pembaca Pembuat QnA Cognitive Services | Memungkinkan Anda membaca dan menguji KB saja. | 466ccd10-b268-4a11-b098-b4849f024126 |
| Pengguna Cognitive Services | Memungkinkan Anda membaca dan mencantumkan kunci Cognitive Services. | a97b65f3-24c7-4388-baec-2e87135dc908 |
| Internet of Things | ||
| Administrator Pembaruan Perangkat | Memberi Anda akses penuh ke operasi manajemen dan konten | 02ca0879-e8e4-47a5-a61e-5c618b76e64a |
| Administrator Konten Pembaruan Perangkat | Memberi Anda akses penuh ke operasi konten | 0378884a-3af5-44ab-8323-f5b22f9f3c98 |
| Pembaca Konten Pembaruan Perangkat | Memberi Anda akses baca ke operasi konten, tetapi tidak mengizinkan untuk melakukan perubahan | d1ee9a80-8b14-47f0-bdc2-f4a351625a7b |
| Administrator Penyebaran Pembaruan Perangkat | Memberi Anda akses penuh ke operasi manajemen | e4237640-0e3d-4a46-8fda-70bc94856432 |
| Pembaca Penyebaran Pembaruan Perangkat | Memberi Anda akses baca ke operasi manajemen, tetapi tidak mengizinkan untuk melakukan perubahan | 49e2f5d2-7741-4835-8efa-19e1fe35e47f |
| Pembaca Pembaruan Perangkat | Memberi Anda akses baca ke operasi manajemen dan konten, tetapi tidak mengizinkan untuk melakukan perubahan | e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f |
| Kontributor Data IoT Hub | Memungkinkan akses penuh ke operasi pesawat data IoT Hub. | 4fc6c259-987e-4a07-842e-c321cc9d413f |
| Pembaca Data IoT Hub | Memungkinkan akses baca penuh ke properti pesawat data IoT Hub | b447c946-2db7-41ec-983d-d8bf3b1c77e3 |
| Kontributor Registri IoT Hub | Memungkinkan akses penuh ke registri perangkat IoT Hub. | 4ea46cd5-c1b2-4a8e-910b-273211f9ce47 |
| Kontributor Kembar IoT Hub | Memungkinkan untuk membaca dan menulis akses ke semua perangkat IoT Hub dan modul kembar. | 494bdba2-168f-4f31-a0a1-191d2f7c028c |
| Realitas campuran | ||
| Administrator Remote Rendering | Memberi pengguna kemampuan konversi, mengelola sesi, perenderan, dan diagnostik untuk Azure Remote Rendering | 3df8b902-2a6f-47c7-8cc5-360e9b272a7e |
| Klien Remote Rendering | Memberi pengguna kemampuan mengelola sesi, perenderan, dan diagnostik untuk Azure Remote Rendering. | d39065c4-c120-43c9-ab0a-63eed9795f0a |
| Kontributor Akun Spatial Anchors | Memungkinkan Anda mengelola spatial anchors dalam akun, tetapi tidak dapat menghapusnya | 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827 |
| Pemilik Akun Spatial Anchors | Memungkinkan Anda mengelola spatial anchors dalam akun, termasuk menghapusnya | 70bbe301-9835-447d-afdd-19eb3167307c |
| Pemilik Akun Spatial Anchors | Memungkinkan Anda menemukan dan membaca properti spatial anchors dalam akun | 5d51204f-eb77-4b1c-b86a-2ec626c49413 |
| Integrasi | ||
| Kontributor Layanan API Management | Dapat mengelola layanan dan API | 312a565d-c81f-4fd8-895a-4e21e48d571c |
| Peran Operator Layanan API Management | Dapat mengelola layanan, tetapi bukan API | e022efe7-f5ba-4159-bbe4-b44f577e9b61 |
| Peran Pembaca Layanan API Management | Akses baca-saja ke layanan dan API | 71522526-b88f-4d52-b57f-d31fc3546d0d |
| Pengembang API Ruang Kerja Layanan API Management | Memiliki akses baca ke tag dan produk dan akses tulis untuk memungkinkan: menetapkan API ke produk, menetapkan tag ke produk dan API. Peran ini harus ditetapkan pada cakupan layanan. | 9565a273-41b9-4368-97d2-aeb0c976a9b3 |
| API Management Service Workspace API Product Manager | Memiliki akses yang sama dengan API Management Service Workspace API Developer serta akses baca ke pengguna dan akses tulis untuk memungkinkan penetapan pengguna ke grup. Peran ini harus ditetapkan pada cakupan layanan. | d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da |
| Pengembang API Ruang Kerja API Management | Memiliki akses baca ke entitas di ruang kerja dan membaca dan menulis akses ke entitas untuk mengedit API. Peran ini harus ditetapkan pada cakupan ruang kerja. | 56328988-075d-4c6a-8766-d93edd6725b6 |
| API Management Workspace API Product Manager | Memiliki akses baca ke entitas di ruang kerja dan membaca dan menulis akses ke entitas untuk menerbitkan API. Peran ini harus ditetapkan pada cakupan ruang kerja. | 73c2c328-d004-4c5e-938c-35c6f5679a1f |
| Kontributor Ruang Kerja API Management | Dapat mengelola ruang kerja dan tampilan, tetapi tidak mengubah anggotanya. Peran ini harus ditetapkan pada cakupan ruang kerja. | 0c34c906-8d99-4cb7-8bb7-33f5b0a1a799 |
| Pembaca Ruang Kerja API Management | Memiliki akses baca-saja ke entitas di ruang kerja. Peran ini harus ditetapkan pada cakupan ruang kerja. | ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2 |
| Pemilik Data App Configuration | Memungkinkan akses penuh ke data App Configuration. | 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b |
| Pembaca Data App Configuration | Memungkinkan akses baca ke data App Configuration. | 516239f1-63e1-4d78-a4de-a74fb236a071 |
| Pendengar Azure Relay | Memungkinkan untuk mendengarkan akses ke sumber daya Azure Relay. | 26e0b698-aa6d-4085-9386-aadae190014d |
| Pemilik Azure Relay | Memungkinkan akses penuh ke sumber daya Azure Relay. | 2787bf04-f1f5-4bfe-8383-c8a24483ee38 |
| Pengirim Azure Relay | Memungkinkan untuk mengirimkan akses ke sumber daya Azure Relay. | 26baccc8-eea7-41f1-98f4-1762cc7f685d |
| Pemilik Data Azure Service Bus | Memungkinkan akses penuh ke sumber daya Azure Service Bus. | 090c5cfd-751d-490a-894a-3ce6f1109419 |
| Penerima Data Bus Layanan Azure | Memungkinkan untuk menerima akses ke sumber daya Azure Service Bus. | 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0 |
| Azure Service Bus Data Sender | Memungkinkan untuk mengirim akses ke sumber daya Azure Service Bus. | 69a216fc-b8fb-44d8-bc22-1f3c2cd27a39 |
| Pemilik Pendaftaran Tumpukan Azure | Memungkinkan Anda mengelola pendaftaran Azure Stack Hub. | 6f12a6df-dd06-4f3e-bcb1-ce8be600526a |
| Kontributor EventGrid | Memungkinkan Anda mengelola operasi EventGrid. | 1e241071-0855-49ea-94dc-649edcd759de |
| Pengirim Data EventGrid | Memungkinkan mengirim akses ke acara grid acara. | d5a91429-5739-47e2-a06b-3470a27159e7 |
| Kontributor EventSubscription EventGrid | Memungkinkan Anda mengelola operasi langganan kejadian EventGrid. | 428e0ff0-5e57-4d9c-a221-2c70d0e0a443 |
| Pembaca EventSubscription EventGrid | Memungkinkan Anda membaca langganan kejadian EventGrid. | 2414bbcf-6497-4faf-8c65-045460748405 |
| Kontributor Data FHIR | Peran memungkinkan pengguna atau prinsipal mengakses penuh Data FHIR | 5a1fc7df-4bf1-4951-a576-89034ee01acd |
| Pengimpor Data FHIR | Peran memungkinkan pengguna atau prinsipal untuk membaca dan mengimpor Data FHIR | 4465e953-8ced-4406-a58e-0f6e3f3b530b |
| Pengekspor Data FHIR | Peran memungkinkan pengguna atau prinsipal untuk membaca dan mengekspor Data FHIR | 3db33094-8700-4567-8da5-1501d4e7e843 |
| Pembaca Data FHIR | Peran memungkinkan pengguna atau prinsipal untuk membaca Data FHIR | 4c8d0bbc-75d3-4935-991f-5f3c56d81508 |
| Penulis Data FHIR | Peran memungkinkan pengguna atau prinsipal untuk membaca dan menulis Data FHIR | 3f88fce4-5892-4214-ae73-ba5294559913 |
| Kontributor Lingkungan Layanan Integrasi | Memungkinkan Anda mengelola lingkungan layanan integrasi, tetapi tidak dapat mengaksesnya. | a41e2c5b-bd99-4a07-88f4-9bf657a760b8 |
| Pengembang Lingkungan Layanan Integrasi | Memungkinkan pengembang untuk membuat dan memperbarui alur kerja, akun integrasi, dan koneksi API dalam lingkungan layanan integrasi. | c7aa55d3-1abb-444a-a5ca-5e51e485d6ec |
| Kontributor Akun Sistem Cerdas | Memungkinkan Anda mengelola akun Intelligent Systems, tetapi tidak dapat mengaksesnya. | 03a6d094-3444-4b3d-88af-7477090a9e5e |
| Kontributor Aplikasi Logika | Memungkinkan Anda mengelola aplikasi logika, tetapi tidak mengubah akses ke aplikasi tersebut. | 87a39d53-fc1b-424a-814c-f7e04687dc9e |
| Operator Aplikasi Logika | Memungkinkan Anda membaca, mengaktifkan, dan menonaktifkan aplikasi logika, tetapi tidak mengedit atau memperbaruinya. | 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe |
| Identitas | ||
| Kontributor Layanan Domain | Dapat mengelola Azure AD Domain Services dan konfigurasi jaringan terkait | eeaeda52-9324-47f6-8069-5d5bade478b2 |
| Pembaca Layanan Domain | Dapat melihat Azure AD Domain Services dan konfigurasi jaringan terkait | 361898ef-9ed1-48c2-849c-a832951106bb |
| Kontributor Identitas Terkelola | Membuat, Membaca, Memperbarui, dan Menghapus Identitas yang Ditetapkan Pengguna | e40ec5ca-96e0-45a2-b4ff-59039f2c2b59 |
| Operator Identitas Terkelola | Membaca dan Menetapkan Identitas yang Ditetapkan Pengguna | f1a07417-d97a-45cb-824c-7a7467783830 |
| Keamanan | ||
| Kontributor Pengesahan | Dapat membaca, menulis, atau menghapus contoh penyedia pengesahan | bbf86eb8-f7b4-4cce-96e4-18cddf81d86e |
| Pembaca Pengesahan | Dapat membaca properti penyedia pengesahan | fd1bd22b-8476-40bc-a0bc-69b95687b9f3 |
| Administrator Key Vault | Lakukan semua operasi bidang data pada brankas kunci dan semua objek di dalamnya, termasuk sertifikat, kunci, dan rahasia. Tidak dapat mengelola sumber daya brankas kunci atau mengelola penetapan peran. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'Kontrol akses berbasis peran Azure'. | 00482a5a-887f-4fb3-b363-3b7fe8e74483 |
| Petugas Sertifikat Key Vault | Lakukan tindakan apa pun pada sertifikat brankas kunci, kecuali izin kelola. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. | a4417e6f-fecd-4de8-b567-7b0420556985 |
| Kontributor Key Vault | Kelola kubah utama, tetapi tidak memungkinkan Anda untuk menetapkan peran di Azure RBAC, dan tidak memungkinkan Anda mengakses rahasia, kunci, atau sertifikat. | f25e0fa2-a7c8-4377-a976-54943a77a395 |
| Petugas Kripto Key Vault | Lakukan tindakan apa pun pada kunci brankas kunci, kecuali izin kelola. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. | 14b46e9e-c2b7-41b4-b07b-48a6ebf60603 |
| Pengguna Enkripsi Layanan Kripto Key Vault | Baca metadata kunci dan lakukan operasi bungkus/buka bungkus. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. | e147488a-f6f5-4113-8e2d-b22465e65bf6 |
| Pengguna Kripto Key Vault | Lakukan operasi kriptografi menggunakan kunci. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. | 12338af0-0e69-4776-bea7-57ae8d297424 |
| Pembaca Key Vault | Baca metadata brankas kunci serta sertifikat, kunci, dan rahasianya. Tidak dapat membaca nilai sensitif seperti konten rahasia atau materi kunci. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. | 21090545-7ca7-4776-b22c-e363652d74d2 |
| Petugas Rahasia Key Vault | Lakukan tindakan apa pun pada rahasia brankas kunci, kecuali izin kelola. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. | b86a8fe4-44ce-4948-aee5-eccb2c155cd7 |
| Pengguna Rahasia Key Vault | Baca konten rahasia. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. | 4633458b-17de-408a-b874-0445c86b69e6 |
| Kontributor HSM Terkelola | Memungkinkan Anda mengelola kumpulan HSM terkelola, tetapi tidak dapat mengaksesnya. | 18500a29-7fe2-46b2-a342-b16a415e101d |
| Kontributor Automasi Microsoft Azure Sentinel | Kontributor Automasi Microsoft Azure Sentinel | f4c81013-99ee-4d62-a7ee-b3f1f648599a |
| Kontributor Microsoft Azure Sentinel | Kontributor Microsoft Azure Sentinel | ab8e14d6-4a74-4a29-9ba8-549422addade |
| Microsoft Sentinel Playbook Operator | Microsoft Sentinel Playbook Operator | 51d6186e-6489-4900-b93f-92e23144cca5 |
| Pembaca Microsoft Azure Sentinel | Pembaca Microsoft Azure Sentinel | 8d289c81-5878-46d4-8554-54e1e3d8b5cb |
| Penanggap Microsoft Azure Sentinel | Penanggap Microsoft Azure Sentinel | 3e150937-b8fe-4cfb-8069-0eaf05ecd056 |
| Admin Keamanan | Lihat dan perbarui izin untuk Microsoft Defender untuk Cloud. Izin yang sama dengan peran Pembaca Keamanan dan juga dapat memperbarui kebijakan keamanan dan menghilangkan peringatan dan rekomendasi. Untuk Microsoft Defender untuk IoT, lihat Peran pengguna Azure untuk pemantauan OT dan Enterprise IoT. |
fb1c8493-542b-48eb-b624-b4c8fea62acd |
| Kontributor Penilaian Keamanan | Memungkinkan Anda mendorong penilaian ke Microsoft Defender untuk Cloud | 612c2aa1-cb24-443b-ac28-3ab7272de6f5 |
| Manajer Keamanan (Legasi) | Ini adalah peran legasi. Silakan gunakan Admin Keamanan sebagai gantinya. | e3d13bf0-dd5a-482e-ba6b-9b8433878d10 |
| Pembaca Keamanan | Lihat izin untuk Microsoft Defender untuk Cloud. Pengguna dapat melihat rekomendasi, pemberitahuan, kebijakan keamanan, status keamanan, tetapi tidak dapat mengubahnya. Untuk Microsoft Defender untuk IoT, lihat Peran pengguna Azure untuk pemantauan OT dan Enterprise IoT. |
39bc4728-0917-49c7-9d2c-d95423bc2eb4 |
| DevOps | ||
| Pengguna DevTest Labs | Memungkinkan Anda menyambungkan, memulai, memulai ulang, dan mematikan virtual machines Anda di Azure DevTest Labs. | 76283e04-6283-4c54-8f91-bcf1374a3c64 |
| Asisten Lab | Memungkinkan Anda melihat lab yang ada, melakukan tindakan pada VM lab dan mengirim undangan ke lab. | ce40b423-cede-4313-a93f-9b28290b72e1 |
| Kontributor Lab | Diterapkan pada tingkat lab, memungkinkan Anda mengelola lab. Diterapkan di grup sumber daya, memungkinkan Anda membuat dan mengelola lab. | 5daaa2af-1fe8-407c-9122-bba179798270 |
| Pembuat Lab | Memungkinkan Anda membuat lab baru di bawah Akun Azure Lab. | b97fb8bc-a8b2-4522-a38b-dd33c7e65ead |
| Lab Operator | Memberi Anda kemampuan terbatas untuk mengelola lab yang ada. | a36e6959-b6be-4b12-8e9f-ef4b474d304d |
| Kontributor Layanan Lab | Memungkinkan Anda mengontrol sepenuhnya semua skenario Lab Services dalam grup sumber daya. | f69b8690-cc87-41d6-b77a-a4bc3c0a966f |
| Pembaca Layanan Lab | Memungkinkan Anda untuk melihat, tetapi tidak berubah, semua paket lab dan sumber daya lab. | 2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc |
| Monitor | ||
| Kontributor Komponen Application Insights | Dapat mengelola komponen Application Insights | ae349356-3a1b-4a5e-921d-050484c6347e |
| Snapshot Debugger Application Insights | Memberikan izin kepada pengguna untuk melihat dan mengunduh snapshot debug yang dikumpulkan dengan Application Insights Snapshot Debugger. Perhatikan bahwa izin ini tidak disertakan dalam peran Pemilikatau Kontributor. Saat memberi pengguna peran Snapshot Debugger Application Insights, Anda harus memberikan peran langsung kepada pengguna. Peran tidak dikenali ketika ditambahkan ke peran kustom. | 08954f03-6346-4c2e-81c0-ec3a5cfae23b |
| Kontributor Pemantauan | Dapat membaca semua data pemantauan dan memperbarui pengaturan pemantauan. Untuk informasi selengkapnya, lihat Mulai menggunakan peran, izin, dan keamanan dengan Azure Monitor. | 749f88d5-cbae-40b8-bcfc-e573ddc772fa |
| Penerbit Metrik Pemantauan | Mengaktifkan penerbitan metrik terhadap sumber daya Azure | 3913510d-42f4-4e42-8a64-420c390055eb |
| Pembaca Pemantauan | Dapat membaca semua data pemantauan (metrik, log, dll.). Untuk informasi selengkapnya, lihat Mulai menggunakan peran, izin, dan keamanan dengan Azure Monitor. | 43d0d8ad-25c7-4714-9337-8ba259a9fe05 |
| Kontributor Buku Kerja | Dapat menyimpan buku kerja bersama. | e8ddcd69-c73f-4f9f-9844-4100522f16ad |
| Pembaca Buku Kerja | Dapat membaca buku kerja. | b279062a-9be3-42a0-92ae-8b3cf002ec4d |
| Manajemen dan tata kelola | ||
| Kontributor Automation | Mengelola sumber daya Azure Automation dan sumber daya lainnya menggunakan Azure Automation. | f353d9bd-d4a6-484e-a77a-8050b599b867 |
| Operator Pekerjaan Automation | Membuat dan Mengelola Tugas menggunakan Runbook Automation. | 4fe576fe-1146-4730-92eb-48519fa6bf9f |
| Operator Automation | Operator Automation dapat memulai, menghentikan, menangguhkan, dan melanjutkan tugas | d3881f73-407a-4167-8283-e981cbba0404 |
| Operator Runbook Automation | Properti baca Runbook - agar dapat membuat Tugas runbook. | 5fb5aef8-1081-4b8e-bb16-9d5d0385bab5 |
| Peran Pengguna Kluster Kubernetes yang Mendukung Azure Arc | Tindakan buat daftar kredensial pengguna kluster. | 00493d72-78f6-4148-b6c5-d3ce8e4799dd |
| Azure Arc Kubernetes Admin | Memungkinkan Anda mengelola semua sumber daya dalam kluster/namespace layanan, kecuali memperbarui atau menghapus kuota dan namespace. | dffb1e0c-446f-4dde-a09f-99eb5cc68b96 |
| Admin Klaster Azure Arc Kubernetes | Memungkinkan Anda mengelola semua sumber daya dalam kluster. | 8393591c-06b9-48a2-a542-1bd6b377f6a2 |
| Penampil Kubernetes Azure Arc | Memungkinkan Anda melihat semua sumber daya di kluster/namespace, kecuali rahasia. | 63f0a09d-1495-4db4-a681-037d84835eb4 |
| Penulis Kubernetes Azure Arc | Memungkinkan Anda memperbarui semuanya di kluster/namespace, kecuali peran (kluster) dan ikatan peran (kluster). | 5b999177-9696-4545-85c7-50de3797e5a1 |
| Onboarding Komputer yang Tersambung Azure | Dapat melakukan onboarding Komputer yang Tersambung Azure. | b64e21ea-ac4e-4cdf-9dc9-5b892992bee7 |
| Administrator Sumber Daya Komputer Yang Terhubung Azure | Dapat membaca, menulis, menghapus, dan melakukan onboarding ulang Komputer yang Tersambung Azure. | cd570a14-e51a-42ad-bac8-bafd67325302 |
| Pembaca Penagihan | Memungkinkan akses data ke data penagihan | fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64 |
| Kontributor Cetak Biru | Dapat mengelola definisi blueprint, tetapi tidak dapat menetapkannya. | 41077137-e803-4205-871c-5a86e6a753b4 |
| Operator Cetak Biru | Dapat menetapkan cetak biru yang dipublikasikan sebelumnya, tetapi tidak dapat membuat definisi cetak biru baru. Penugasan cetak biru hanya berfungsi jika penugasan dilakukan dengan identitas terkelola yang ditetapkan pengguna. | 437d2ced-4a38-4302-8479-ed2bcb43d090 |
| Kontributor Manajemen Biaya | Dapat melihat biaya dan mengelola konfigurasi biaya (misalnya, anggaran, ekspor) | 434105ed-43f6-45c7-a02f-909b2ba83430 |
| Pembaca Cost Management | Dapat melihat data biaya dan konfigurasi (misalnya, anggaran, ekspor) | 72fafb9e-0641-4937-9268-a91bfd8191a3 |
| Administrator Pengaturan Hierarki | Memungkinkan pengguna mengedit dan menghapus Pengaturan Hierarki | 350f8d15-c687-4448-8ae1-157740a3936d |
| Klaster Kubernetes - Azure Arc Onboarding | Definisi peran untuk mengotorisasi setiap pengguna/layanan untuk membuat sumber daya connectedClusters | 34e09817-6cbe-4d01-b1a2-e0eac5743d41 |
| Kontributor Ekstensi Kubernetes | Dapat membuat, memperbarui, mendapatkan, daftar dan menghapus Ekstensi Kubernetes, dan mendapatkan operasi async ekstensi | 85cb6faf-e071-4c9b-8136-154b5a04f717 |
| Peran Kontributor Aplikasi Terkelola | Mengizinkan pembuatan sumber daya aplikasi terkelola. | 641177b8-a67a-45b9-a033-47bc880bb21e |
| Peran Operator Aplikasi Terkelola | Memungkinkan Anda membaca dan melakukan tindakan pada sumber daya Aplikasi Terkelola | c7393b34-138c-406f-901b-d8cf2b17e6ae |
| Pembaca Aplikasi Terkelola | Memungkinkan Anda membaca sumber daya di aplikasi terkelola dan meminta akses JIT. | b9331d33-8a36-4f8c-b097-4f54124fdb44 |
| Peran Penghapusan Penetapan Pendaftaran Layanan Terkelola | Peran Penghapusan Penetapan Pendaftaran Layanan Terkelola memungkinkan pengguna penyewa yang mengelola untuk menghapus penetapan pendaftaran yang ditetapkan kepada penyewa mereka. | 91c1777a-f3dc-4fae-b103-61d183457e46 |
| Kontributor Grup Manajemen | Peran Kontributor Grup Manajemen | 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c |
| Pembaca Grup Manajemen | Peran Pembaca Grup Manajemen | ac63b705-f282-497d-ac71-919bf39d939d |
| Kontributor Akun New Relic APM | Memungkinkan Anda mengelola akun dan aplikasi New Relic Application Performance Management, tetapi tidak dapat mengaksesnya. | 5d28c62d-5b37-4476-8438-e587778df237 |
| Penulis Data Wawasan Kebijakan (Pratinjau) | Memungkinkan akses baca ke kebijakan sumber daya dan akses tulis ke kejadian kebijakan komponen sumber daya. | 66bb4e9e-b016-4a94-8249-4c0511c2be84 |
| Operator Permintaan Kuota | Baca dan buat permintaan kuota, dapatkan status permintaan kuota, dan buat tiket dukungan. | 0e5f05e5-9ab9-446b-b98d-1e2157c94125 |
| Pembeli Reservasi | Memungkinkan Anda membeli reservasi | f7b75c60-3036-4b75-91c3-6b41c27c1689 |
| Kontributor Policy Sumber Daya | Pengguna dengan hak untuk membuat/mengubah kebijakan sumber daya, membuat tiket dukungan, dan membaca sumber daya/hierarki. | 36243c78-bf99-498c-9df9-86d9f8d28608 |
| Kontributor Site Recovery | Memungkinkan Anda mengelola layanan Site Recovery selain pembuatan vault dan penetapan peran | 6670b86e-a3f7-4917-ac9b-5d6ab1be4567 |
| Operator Site Recovery | Memungkinkan Anda failover dan failback, tetapi tidak dapat melakukan operasi manajemen Site Recovery lainnya | 494ae006-db33-4328-bf46-533a6560a3ca |
| Pembaca Site Recovery | Memungkinkan Anda melihat status Site Recovery, tetapi tidak dapat melakukan operasi manajemen lainnya | dbaa88c4-0c30-4179-9fb3-46319faa6149 |
| Kontributor Permintaan Dukungan | Memungkinkan Anda membuat dan mengelola Permintaan dukungan | cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e |
| Kontributor Tag | Memungkinkan Anda mengelola tag pada entitas, tanpa memberikan akses ke entitas itu sendiri. | 4a9ae827-6dc8-4573-8ac7-8239d42aa03f |
| Kontributor Spesifikasi Templat | Memungkinkan akses penuh ke operasi Spesifikasi Templat pada cakupan yang ditetapkan. | 1c9b6475-caf0-4164-b5a1-2142a7116f4b |
| Pembaca Spesifikasi Templat | Memungkinkan akses baca ke Spesifikasi Templat pada cakupan yang ditetapkan. | 392ae280-861d-42bd-9ea5-08ee6d83b80e |
| Infrastruktur desktop virtual | ||
| Kontributor Grup Aplikasi Virtualisasi Desktop | Kontributor Grup Aplikasi Virtualisasi Desktop. | 86240b0e-9422-4c43-887b-b61143f32ba8 |
| Pembaca Grup Aplikasi Virtualisasi Desktop | Pembaca Grup Aplikasi Virtualisasi Desktop. | aebf23d0-b568-4e86-b8f9-fe83a2c6ab55 |
| Kontributor Virtualisasi Desktop | Kontributor Virtualisasi Desktop. | 082f0a83-3be5-4ba1-904c-961cca79b387 |
| Kontributor Kumpulan Host Virtualisasi Desktop | Kontributor Kumpulan Host Virtualisasi Desktop. | e307426c-f9b6-4e81-87de-d99efb3c32bc |
| Pembaca Kumpulan Host Virtualisasi Desktop | Pembaca Kumpulan Host Virtualisasi Desktop. | ceadfde2-b300-400a-ab7b-6143895aa822 |
| Pembaca Virtualisasi Desktop | Pembaca Virtualisasi Desktop. | 49a72310-ab8d-41df-bbb0-79b649203868 |
| Operator Host Sesi Virtualisasi Desktop | Operator Host Sesi Desktop Virtualization. | 2ad6aaab-ead9-4eaa-8ac5-da422f562408 |
| Pembaca Virtualisasi Desktop | Memungkinkan pengguna untuk menggunakan aplikasi di grup aplikasi. | 1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63 |
| Operator Sesi Pengguna Virtualisasi Desktop | Operator Sesi Pengguna Virtualisasi Desktop. | ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6 |
| Kontributor Ruang Kerja Virtualisasi Desktop | Kontributor Ruang Kerja Virtualisasi Desktop. | 21efdde3-836f-432b-bf3d-3e8e734d4b2b |
| Pembaca Ruang Kerja Virtualisasi Desktop | Pembaca Ruang Kerja Virtualisasi Desktop. | 0fa44ee9-7a7d-466b-9bb2-2bf446b1204d |
| Lainnya | ||
| Pemilik Data Azure Digital Twins | Peran akses penuh untuk sarana data Digital Twins | bcd981a7-7f74-457b-83e1-cceb9e632ffe |
| Pembaca Data Azure Digital Twins | Peran baca saja untuk properti sarana data Digital Twins | d57506d4-4c8d-48b1-8587-93c323f6a5a3 |
| Kontributor BizTalk | Memungkinkan Anda mengelola layanan BizTalk, tetapi tidak dapat mengaksesnya. | 5e3c6656-6cfa-4708-81fe-0de47ac73342 |
| Admin Grafana | Lakukan semua operasi Grafana, termasuk kemampuan untuk mengelola sumber data, membuat dasbor, dan mengelola penetapan peran dalam Grafana. | 22926164-76b3-42b3-bc55-97df8dab3e41 |
| Grafana Editor | Lihat dan edit instans Grafana, termasuk dasbor dan pemberitahuannya. | a79a5197-3a5c-4973-a920-486035ffd60f |
| Penampil Grafana | Lihat instans Grafana, termasuk dasbor dan pemberitahuannya. | 60921a7e-fef1-4a43-9b16-a26c52ad4769 |
| Kontributor Uji Beban | Lihat, buat, perbarui, hapus, dan jalankan pengujian beban. Menampilkan dan mencantumkan sumber daya uji beban tetapi tidak dapat membuat perubahan apa pun. | 749a398d-560b-491b-bb21-08924219302e |
| Pemilik Uji Beban | Jalankan semua operasi pada sumber daya uji beban dan uji beban | 45bb0b16-2f0c-4e78-afaa-a07599b003f6 |
| Load Test Reader | Menampilkan dan mencantumkan semua pengujian beban dan sumber daya uji beban tetapi tidak dapat membuat perubahan apa pun | 3ae3fb29-0000-4ccd-bf80-542e7b26e081 |
| Kontributor Kumpulan Tugas Scheduler | Memungkinkan Anda mengelola koleksi tugas Scheduler, tetapi tidak dapat mengaksesnya. | 188a0f2f-5c9e-469b-ae67-2aa5ce574b94 |
| Operator Hub Layanan | Operator Hub Layanan memungkinkan Anda melakukan semua operasi baca, tulis, dan penghapusan terkait dengan Konektor Hub Layanan. | 82200a5b-e217-47a5-b665-6d8765ee745b |
Umum
Kontributor
Memberikan akses penuh untuk mengelola semua sumber daya, tetapi tidak mengizinkan Anda untuk menetapkan peran di RBAC Azure, mengelola tugas di Azure Blueprints, atau berbagi galeri gambar. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| * | Membuat dan mengelola sumber daya dari semua jenis |
| Bukan Tindakan | |
| Microsoft.Authorization/*/Hapus | Menghapus peran, penetapan kebijakan, definisi kebijakan, dan definisi yang ditetapkan kebijakan |
| Microsoft.Authorization/*/Tulis | Menghapus peran, penetapan kebijakan, definisi kebijakan, dan definisi yang ditetapkan kebijakan |
| Microsoft.Authorization/elevateAccess/Tindakan | Memberi pemanggil akses Administrator Akses Pengguna pada lingkup penyewa |
| Microsoft.Blueprint/blueprintAssignments/tulis | Membuat atau memperbarui penetapan cetak biru apa pun |
| Microsoft.Blueprint/blueprintAssignments/hapus | Menghapus tugas cetak biru apa pun |
| Microsoft.Compute/galeri/berbagi/tindakan | Berbagi Galeri ke lingkup yang berbeda |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
"name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
"permissions": [
{
"actions": [
"*"
],
"notActions": [
"Microsoft.Authorization/*/Delete",
"Microsoft.Authorization/*/Write",
"Microsoft.Authorization/elevateAccess/Action",
"Microsoft.Blueprint/blueprintAssignments/write",
"Microsoft.Blueprint/blueprintAssignments/delete",
"Microsoft.Compute/galleries/share/action"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik
Memberikan akses penuh untuk mengelola semua sumber daya, termasuk kemampuan untuk menetapkan peran di RBAC Azure. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| * | Membuat dan mengelola sumber daya dari semua jenis |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"permissions": [
{
"actions": [
"*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca
Melihat semua sumber daya, namun tidak mengizinkan Anda untuk melakukan perubahan apa pun. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "View all resources, but does not allow you to make any changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
"name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
"permissions": [
{
"actions": [
"*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Akses Pengguna
Memungkinkan Anda mengelola akses pengguna ke sumber daya Azure. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| Microsoft.Authorization/* | Mengelola otorisasi |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage user access to Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "User Access Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Compute
Kontributor Mesin Virtual Klasik
Memungkinkan Anda mengelola virtual machines klasik, tetapi tidak dapat mengaksesnya, dan bukan jaringan virtual atau akun penyimpanan tempat virtual machines klasik tersambung.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.ClassicCompute/domainNames/* | Membuat dan mengelola nama domain komputasi klasik |
| Microsoft.ClassicCompute/virtualMachines/* | Membuat dan mengelola komputer virtual |
| Microsoft.ClassicNetwork/networkSecurityGroups/gabung/tindakan | |
| Microsoft.ClassicNetwork/reservedIps/tautan/tindakan | Tautkan IP Khusus |
| Microsoft.ClassicNetwork/reservedIps/baca | Mendapatkan IP Khusus |
| Microsoft.ClassicNetwork/virtualNetworks/gabung/tindakan | Buat jaringan virtual. |
| Microsoft.ClassicNetwork/virtualNetworks/baca | Buat jaringan virtual. |
| Microsoft.ClassicStorage/storageAkcount/disk/baca | Mengembalikan disk akun penyimpanan. |
| Microsoft.ClassicStorage/storageAkcount/gambar/baca | Mengembalikan disk akun penyimpanan. (Tidak digunakan lagi. Gunakan 'Microsoft.ClassicStorage/storageAccounts/vmImages') |
| Microsoft.ClassicStorage/storageAccounts/listKeys/tindakan | Mencantumkan kunci akses untuk akun penyimpanan. |
| Microsoft.ClassicStorage/storageAccounts/baca | Kembalikan akun penyimpanan dengan akun yang diberikan. |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicCompute/domainNames/*",
"Microsoft.ClassicCompute/virtualMachines/*",
"Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
"Microsoft.ClassicNetwork/reservedIps/link/action",
"Microsoft.ClassicNetwork/reservedIps/read",
"Microsoft.ClassicNetwork/virtualNetworks/join/action",
"Microsoft.ClassicNetwork/virtualNetworks/read",
"Microsoft.ClassicStorage/storageAccounts/disks/read",
"Microsoft.ClassicStorage/storageAccounts/images/read",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.ClassicStorage/storageAccounts/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Data untuk Disk Terkelola
Menyediakan izin untuk mengunggah data ke disk terkelola yang kosong, membaca, atau mengekspor data disk terkelola (tidak dilampirkan ke VM yang sedang berjalan) dan rekam jepret menggunakan URI SAS dan autentikasi Azure AD.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Compute/disks/download/action | Melakukan operasi baca data pada Uri SAS Disk |
| Microsoft.Compute/disks/upload/action | Melakukan operasi tulis data pada Uri SAS Disk |
| Microsoft.Compute/snapshots/download/action | Melakukan operasi baca data pada Snapshot SAS Uri |
| Microsoft.Compute/snapshots/upload/action | Melakukan operasi tulis data pada Snapshot SAS Uri |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/959f8984-c045-4866-89c7-12bf9737be2e",
"name": "959f8984-c045-4866-89c7-12bf9737be2e",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Compute/disks/download/action",
"Microsoft.Compute/disks/upload/action",
"Microsoft.Compute/snapshots/download/action",
"Microsoft.Compute/snapshots/upload/action"
],
"notDataActions": []
}
],
"roleName": "Data Operator for Managed Disks",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Backup Disk
Memberikan izin ke vault cadangan untuk melakukan pencadangan disk. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Compute/disks/baca | Dapatkan properti Disk |
| Microsoft.Compute/disks/beginGetAccess/tindakan | Dapatkan SAS URI dari disk untuk akses blob |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Provides permission to backup vault to perform disk backup.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3e5e47e6-65f7-47ef-90b5-e5dd4d455f24",
"name": "3e5e47e6-65f7-47ef-90b5-e5dd4d455f24",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/beginGetAccess/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Backup Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Kumpulan Disk
Berikan izin kepada Penyedia Sumber Daya StoragePool untuk mengelola disk yang ditambahkan ke kumpulan disk.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Compute/disks/tulis | Membuat Image baru atau memperbarui Image yang sudah ada |
| Microsoft.Compute/disks/baca | Dapatkan properti Disk |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840",
"name": "60fc6e62-5479-42d4-8bf4-67625fcc2840",
"permissions": [
{
"actions": [
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Pool Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Pemulihan Disk
Memberikan izin ke vault cadangan untuk melakukan pemulihan disk. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Compute/disks/tulis | Membuat Image baru atau memperbarui Image yang sudah ada |
| Microsoft.Compute/disks/baca | Dapatkan properti Disk |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Provides permission to backup vault to perform disk restore.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b50d9833-a0cb-478e-945f-707fcc997c13",
"name": "b50d9833-a0cb-478e-945f-707fcc997c13",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Restore Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Snapshot Disk
Memberikan izin ke vault cadangan untuk mengelola rekam jepret disk. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Compute/snapshots/hapus | Menghapus Snapshot |
| Microsoft.Compute/snapshots/tulis | Membuat Snapshot baru atau memperbarui snapshot yang sudah ada |
| Microsoft.Compute/snapshots/baca | Mendapatkan properti Snapshot |
| Microsoft.Compute/snapshots/beginGetAccess/tindakan | Dapatkan SAS URI dari Snapshot untuk akses blob |
| Microsoft.Compute/snapshots/endGetAccess/tindakan | Mencabut SAS URI dari Snapshot |
| Microsoft.Compute/disks/beginGetAccess/tindakan | Dapatkan SAS URI dari disk untuk akses blob |
| Microsoft.Storage/storageAccounts/listKeys/tindakan | Mengembalikan kunci akses untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/tulis | Membuat akun penyimpanan dengan parameter yang ditentukan atau memperbarui properti atau tag atau menambahkan domain kustom untuk akun penyimpanan yang ditentukan. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/hapus | Hapus akun penyimpanan yang sudah ada. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Provides permission to backup vault to manage disk snapshots.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7efff54f-a5b4-42b5-a1c5-5411624893ce",
"name": "7efff54f-a5b4-42b5-a1c5-5411624893ce",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Compute/snapshots/delete",
"Microsoft.Compute/snapshots/write",
"Microsoft.Compute/snapshots/read",
"Microsoft.Compute/snapshots/beginGetAccess/action",
"Microsoft.Compute/snapshots/endGetAccess/action",
"Microsoft.Compute/disks/beginGetAccess/action",
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/write",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Snapshot Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Informasi Masuk Administrator Virtual Machine
Lihat Virtual Machines di portal dan masuk sebagai administrator Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Network/publicIPAddresses/baca | Mendapatkan definisi alamat ip publik. |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Compute/virtualMachines/*/baca | |
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.HybridConnectivity/endpoints/listCredentials/action | Cantumkan kredensial akses titik akhir ke sumber daya. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Compute/virtualMachines/login/tindakan | Masuk ke mesin virtual sebagai pengguna biasa |
| Microsoft.Compute/virtualMachines/loginAsAdmin/tindakan | Masuk ke mesin virtual dengan hak istimewa administrator Windows atau pengguna akar Linux |
| Microsoft.HybridCompute/machines/login/action | Masuk ke komputer Azure Arc sebagai pengguna biasa |
| Microsoft.HybridCompute/machines/loginAsAdmin/action | Masuk ke komputer Azure Arc dengan administrator Windows atau hak istimewa pengguna akar Linux |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as administrator",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
"name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridConnectivity/endpoints/listCredentials/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action",
"Microsoft.Compute/virtualMachines/loginAsAdmin/action",
"Microsoft.HybridCompute/machines/login/action",
"Microsoft.HybridCompute/machines/loginAsAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine Administrator Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Komputer Virtual
Membuat dan mengelola komputer virtual, mengelola disk, menginstal dan menjalankan perangkat lunak, mengatur ulang kata sandi pengguna root komputer virtual menggunakan ekstensi VM, dan mengelola akun pengguna lokal menggunakan ekstensi VM. Peran ini tidak memberi Anda akses manajemen ke jaringan virtual atau akun penyimpanan yang terhubung dengan mesin virtual. Peran ini tidak memungkinkan Anda untuk menetapkan peran di Azure RBAC. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Compute/availabilitySets/* | Membuat dan mengelola set ketersediaan |
| Microsoft.Compute/lokasi/* | Membuat dan mengelola lokasi komputasi |
| Microsoft.Compute/virtualMachines/* | Lakukan semua tindakan mesin virtual termasuk membuat, memperbarui, menghapus, memulai, memulai ulang, dan mematikan mesin virtual. Jalankan skrip pada mesin virtual. |
| Microsoft.Compute/virtualMachineScaleSets/* | Membuat dan mengelola set skala komputer virtual |
| Microsoft.Compute/cloudServices/* | |
| Microsoft.Compute/disks/tulis | Membuat Image baru atau memperbarui Image yang sudah ada |
| Microsoft.Compute/disks/baca | Dapatkan properti Disk |
| Microsoft.Compute/disks/hapus | Menghapus Disk |
| Microsoft.DevTestLab/jadwal/* | |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Network/applicationGateways/backendAddressPools/gabung/tindakan | Kumpulan alamat backend Application Gateway kosong. Tidak bisa diperingatkan. |
| Microsoft.Network/loadBalancers/backendAddressPools/gabung/tindakan | Bergabung dengan kumpulan alamat backend penyeimbang muatan. Tidak bisa diperingatkan. |
| Microsoft.Network/loadBalancers/inboundNatPools/gabung/tindakan | Bergabung dengan kumpulan NAT masuk penyeimbang muatan. Tidak bisa diperingatkan. |
| Microsoft.Network/loadBalancers/inboundNatRules/gabung/tindakan | Bergabung dengan kumpulan NAT masuk penyeimbang muatan. Tidak bisa diperingatkan. |
| Microsoft.Network/loadBalancers/probes/gabung/tindakan | Memungkinkan penggunaan probe penyeimbang muatan. Misalnya, dengan izin ini properti healthProbe set skala VM dapat mereferensikan penyelidikan. Tidak bisa diperingatkan. |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/lokasi/* | Membuat dan mengelola lokasi jaringan |
| Microsoft.Network/networkInterfaces/* | Membuat dan mengelola antarmuka jaringan |
| Microsoft.Network/networkSecurityGroups/gabung/tindakan | Mendapatkan grup keamanan jaringan. Tidak bisa diperingatkan. |
| Microsoft.Network/networkSecurityGroups/baca | Mendapatkan grup keamanan jaringan |
| Microsoft.Network/publicIPAddresses/gabung/tindakan | Tambahkan alamat ip publik. Tidak bisa diperingatkan. |
| Microsoft.Network/publicIPAddresses/baca | Mendapatkan definisi alamat ip publik. |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/gabung/tindakan | Bergabung dengan jaringan virtual. Tidak bisa diperingatkan. |
| Microsoft.RecoveryServices/lokasi/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/tulis | Buat Niat Perlindungan cadangan |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/baca | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/baca | Mengembalikan detail objek Item yang Diproteksi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/tulis | Buat Item yang Diproteksi cadangan |
| Microsoft.RecoveryServices/Vaults/backupPolicies/baca | Mengembalikan semua Kebijakan Proteksi |
| Microsoft.RecoveryServices/Vaults/backupPolicies/tulis | Membuat Policy Proteksi |
| Microsoft.RecoveryServices/Vaults/baca | Operasi Get Vault mendapatkan objek yang mewakili sumber daya Azure tipe 'vault' |
| Microsoft.RecoveryServices/Vaults/penggunaan/baca | Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/tulis | Operasi Create Vault membuat sumber daya Azure jenis 'vault' |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.SerialConsole/serialPorts/connect/action | Menyambungkan ke port serial |
| Microsoft.SqlVirtualMachine/* | |
| Microsoft.Storage/storageAccounts/listKeys/tindakan | Mengembalikan kunci akses untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/locations/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/virtualMachineScaleSets/*",
"Microsoft.Compute/cloudServices/*",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/delete",
"Microsoft.DevTestLab/schedules/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/applicationGateways/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/loadBalancers/probes/join/action",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/locations/*",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/write",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SerialConsole/serialPorts/connect/action",
"Microsoft.SqlVirtualMachine/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Informasi Masuk Pengguna Virtual Machine
Melihat Virtual Machines di portal dan masuk sebagai pengguna biasa. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Network/publicIPAddresses/baca | Mendapatkan definisi alamat ip publik. |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Compute/virtualMachines/*/baca | |
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.HybridConnectivity/endpoints/listCredentials/action | Cantumkan kredensial akses titik akhir ke sumber daya. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Compute/virtualMachines/login/tindakan | Masuk ke mesin virtual sebagai pengguna biasa |
| Microsoft.HybridCompute/machines/login/action | Masuk ke komputer Azure Arc sebagai pengguna biasa |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as a regular user.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
"name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridConnectivity/endpoints/listCredentials/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action",
"Microsoft.HybridCompute/machines/login/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine User Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Log Masuk Administrator Windows Admin Center
Mari kita kelola OS sumber daya Anda melalui Windows Admin Center sebagai administrator. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.HybridCompute/machines/extensions/* | |
| Microsoft.HybridCompute/machines/upgradeExtensions/action | Meningkatkan Ekstensi pada komputer Azure Arc |
| Microsoft.HybridCompute/operations/read | Membaca semua Operasi Azure Arc untuk Server |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/publicIPAddresses/baca | Mendapatkan definisi alamat ip publik. |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/networkSecurityGroups/baca | Mendapatkan grup keamanan jaringan |
| Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read | Mendapatkan definisi aturan keamanan default |
| Microsoft.Network/networkWatchers/securityGroupView/action | Melihat aturan kelompok keamanan jaringan yang dikonfigurasi dan efektif yang diterapkan pada VM. |
| Microsoft.Network/networkSecurityGroups/securityRules/read | Mendapatkan definisi aturan keamanan |
| Microsoft.Network/networkSecurityGroups/securityRules/write | Membuat aturan keamanan atau memperbarui aturan keamanan yang sudah ada |
| Microsoft.HybridConnectivity/endpoints/write | Buat atau perbarui titik akhir ke sumber daya target. |
| Microsoft.HybridConnectivity/endpoints/read | Dapatkan atau daftar titik akhir ke sumber daya target. |
| Microsoft.HybridConnectivity/endpoints/listManagedProxyDetails/action | Cantumkan detail proksi terkelola ke sumber daya. |
| Microsoft.Compute/virtualMachines/baca | Dapatkan properti mesin virtual |
| Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/read | Mengambil ringkasan operasi penilaian patch terbaru |
| Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/softwarePatches/read | Mengambil daftar patch yang dinilai selama operasi penilaian patch terakhir |
| Microsoft.Compute/virtualMachines/patchInstallationResults/read | Mengambil ringkasan operasi penginstalan patch terbaru |
| Microsoft.Compute/virtualMachines/patchInstallationResults/softwarePatches/read | Mengambil daftar patch yang mencoba untuk dipasang selama operasi penginstalan patch terakhir |
| Microsoft.Compute/virtualMachines/extensions/read | Mendapatkan properti ekstensi komputer virtual |
| Microsoft.Compute/virtualMachines/instanceView/read | Mendapatkan status runtime detail komputer virtual dan sumber dayanya |
| Microsoft.Compute/virtualMachines/runCommands/read | Mendapatkan properti perintah eksekusi komputer virtual |
| Microsoft.Compute/virtualMachines/vmSizes/baca | Daftar ukuran yang tersedia yang dapat digunakan untuk memperbarui mesin virtual |
| Microsoft.Compute/locations/publishers/artifacttypes/types/read | Mendapatkan properti Jenis VMExtension |
| Microsoft.Compute/locations/publishers/artifacttypes/types/versions/read | Mendapatkan properti dari Versi VMExtension |
| Microsoft.Compute/diskAccesses/read | Mendapatkan properti dari sumber daya DiskAccess |
| Microsoft.Compute/galleries/images/read | Mendapatkan properti Gambar Galeri |
| Microsoft.Compute/images/read | Mendapatkan properti dari Gambar |
| Microsoft.AzureStackHCI/Clusters/Read | Mendapatkan kluster |
| Microsoft.AzureStackHCI/Clusters/ArcSettings/Read | Mendapatkan sumber daya busur kluster HCI |
| Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Read | Mendapatkan sumber daya ekstensi kluster HCI |
| Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Write | Membuat atau memperbarui sumber daya ekstensi kluster HCI |
| Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Delete | Menghapus sumber daya ekstensi kluster HCI |
| Microsoft.AzureStackHCI/Operations/Read | Mendapatkan operasi |
| Microsoft.ConnectedVMwarevSphere/VirtualMachines/Read | Membaca virtualmachines |
| Microsoft.ConnectedVMwarevSphere/VirtualMachines/Extensions/Write | Menulis sumber daya ekstensi |
| Microsoft.ConnectedVMwarevSphere/VirtualMachines/Extensions/Read | Mendapatkan sumber daya ekstensi |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.HybridCompute/machines/WACLoginAsAdmin/action | Memungkinkan Anda mengelola OS sumber daya anda melalui Windows Admin Center sebagai administrator. |
| Microsoft.Compute/virtualMachines/WACloginAsAdmin/action | Memungkinkan Anda mengelola OS sumber daya anda melalui Windows Admin Center sebagai administrator |
| Microsoft.AzureStackHCI/Clusters/WACloginAsAdmin/Action | Mengelola OS sumber daya HCI melalui Windows Admin Center sebagai administrator |
| Microsoft.ConnectedVMwarevSphere/virtualmachines/WACloginAsAdmin/action | Memungkinkan Anda mengelola OS sumber daya anda melalui Windows Admin Center sebagai administrator. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Let's you manage the OS of your resource via Windows Admin Center as an administrator.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a6333a3e-0164-44c3-b281-7a577aff287f",
"name": "a6333a3e-0164-44c3-b281-7a577aff287f",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridCompute/machines/extensions/*",
"Microsoft.HybridCompute/machines/upgradeExtensions/action",
"Microsoft.HybridCompute/operations/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read",
"Microsoft.Network/networkWatchers/securityGroupView/action",
"Microsoft.Network/networkSecurityGroups/securityRules/read",
"Microsoft.Network/networkSecurityGroups/securityRules/write",
"Microsoft.HybridConnectivity/endpoints/write",
"Microsoft.HybridConnectivity/endpoints/read",
"Microsoft.HybridConnectivity/endpoints/listManagedProxyDetails/action",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/read",
"Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/softwarePatches/read",
"Microsoft.Compute/virtualMachines/patchInstallationResults/read",
"Microsoft.Compute/virtualMachines/patchInstallationResults/softwarePatches/read",
"Microsoft.Compute/virtualMachines/extensions/read",
"Microsoft.Compute/virtualMachines/instanceView/read",
"Microsoft.Compute/virtualMachines/runCommands/read",
"Microsoft.Compute/virtualMachines/vmSizes/read",
"Microsoft.Compute/locations/publishers/artifacttypes/types/read",
"Microsoft.Compute/locations/publishers/artifacttypes/types/versions/read",
"Microsoft.Compute/diskAccesses/read",
"Microsoft.Compute/galleries/images/read",
"Microsoft.Compute/images/read",
"Microsoft.AzureStackHCI/Clusters/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Write",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Delete",
"Microsoft.AzureStackHCI/Operations/Read",
"Microsoft.ConnectedVMwarevSphere/VirtualMachines/Read",
"Microsoft.ConnectedVMwarevSphere/VirtualMachines/Extensions/Write",
"Microsoft.ConnectedVMwarevSphere/VirtualMachines/Extensions/Read"
],
"notActions": [],
"dataActions": [
"Microsoft.HybridCompute/machines/WACLoginAsAdmin/action",
"Microsoft.Compute/virtualMachines/WACloginAsAdmin/action",
"Microsoft.AzureStackHCI/Clusters/WACloginAsAdmin/Action",
"Microsoft.ConnectedVMwarevSphere/virtualmachines/WACloginAsAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Windows Admin Center Administrator Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Jaringan
Kontributor Endpoint CDN
Dapat mengelola titik akhir CDN, tetapi tidak dapat memberikan akses kepada pengguna lain.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Cdn/edgenodes/baca | |
| Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profil/endpoints/* | |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can manage CDN endpoints, but can't grant access to other users.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
"name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/endpoints/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Endpoint Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Endpoint CDN
Dapat melihat titik akhir CDN, namun tidak dapat melakukan perubahan.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Cdn/edgenodes/baca | |
| Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profil/endpoints/*/baca | |
| Microsoft.Cdn/profiles/afdendpoints/validateCustomDomain/action | |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can view CDN endpoints, but can't make changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
"name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/endpoints/*/read",
"Microsoft.Cdn/profiles/afdendpoints/validateCustomDomain/action",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Endpoint Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Profil CDN
Dapat mengelola profil CDN dan titik akhirnya, tetapi tidak dapat memberikan akses ke pengguna lain. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Cdn/edgenodes/baca | |
| Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profil/* | |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
"name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Profile Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Profil CDN
Dapat melihat profil CDN dan titik akhirnya, tetapi tidak dapat melakukan perubahan.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Cdn/edgenodes/baca | |
| Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profiles/*/baca | |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can view CDN profiles and their endpoints, but can't make changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
"name": "8f96442b-4075-438f-813d-ad51ab4019af",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Profile Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Jaringan Klasik
Memungkinkan Anda mengelola jaringan klasik, tetapi tidak dapat mengaksesnya. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.ClassicNetwork/* | Membuat dan mengelola jaringan klasik |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic networks, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
"name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicNetwork/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Network Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Zona DNS
Memungkinkan Anda mengelola zona DNS dan kumpulan catatan di Azure DNS, tetapi tidak mengizinkan Anda mengontrol siapa yang memiliki aksesnya. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Network/dnsZones/* | Membuat dan mengelola zona dan catatan DNS |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
"name": "befefa01-2a29-4197-83a8-272ff33ce314",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/dnsZones/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DNS Zone Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Jaringan
Memungkinkan Anda mengelola jaringan, tetapi tidak dapat mengaksesnya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Network/* | Membuat dan mengelola jaringan |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage networks, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
"name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Network Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Zona DNS Privat
Memungkinkan Anda mengelola sumber daya zona DNS privat, tetapi bukan jaringan virtual tempat sumber daya zona DNS privat tersambung. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Network/privateDnsZones/* | |
| Microsoft.Network/privateDnsOperationResults/* | |
| Microsoft.Network/privateDnsOperationStatuses/* | |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/virtualNetworks/gabung/tindakan | Bergabung dengan jaringan virtual. Tidak bisa diperingatkan. |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage private DNS zone resources, but not the virtual networks they are linked to.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f",
"name": "b12aa53e-6015-4669-85d0-8515ebb3ae7f",
"permissions": [
{
"actions": [
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Network/privateDnsZones/*",
"Microsoft.Network/privateDnsOperationResults/*",
"Microsoft.Network/privateDnsOperationStatuses/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/join/action",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Private DNS Zone Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Traffic Manager
Memungkinkan Anda mengelola profil Traffic Manager, tetapi tidak mengizinkan Anda mengontrol siapa yang memiliki aksesnya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Network/trafficManagerProfiles/* | |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
"name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/trafficManagerProfiles/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Traffic Manager Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penyimpanan
Kontributor Avere
Dapat membuat dan mengelola kluster Avere vFXT. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Compute/*/baca | |
| Microsoft.Compute/availabilitySets/* | |
| Microsoft.Compute/proximityPlacementGroups/* | |
| Microsoft.Compute/virtualMachines/* | |
| Microsoft.Compute/disks/* | |
| Microsoft.Network/*/baca | |
| Microsoft.Network/networkInterfaces/* | |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/baca | Mendapatkan definisi subnet jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/gabung/tindakan | Bergabung dengan jaringan virtual. Tidak bisa diperingatkan. |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/tindakan | Bergabung dengan sumber daya seperti akun penyimpanan atau database SQL ke subnet. Tidak bisa diperingatkan. |
| Microsoft.Network/networkSecurityGroups/gabung/tindakan | Mendapatkan grup keamanan jaringan. Tidak bisa diperingatkan. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/*/baca | |
| Microsoft.Storage/storageAccounts/* | Membuat dan mengelola akun penyimpanan |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan sumber daya untuk grup sumber daya. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan hasil menghapus blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan blob atau daftar blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tulis | Mengembalikan hasil penulisan blob |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can create and manage an Avere vFXT cluster.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/proximityPlacementGroups/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/disks/*",
"Microsoft.Network/*/read",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/*/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*",
"Microsoft.Resources/subscriptions/resourceGroups/resources/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Avere
Digunakan oleh klaster Avere vFXT untuk mengelola klaster Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Compute/virtualMachines/baca | Dapatkan properti mesin virtual |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Network/networkInterfaces/tulis | Membuat antarmuka jaringan atau memperbarui antarmuka jaringan yang ada. |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/baca | Mendapatkan definisi subnet jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/gabung/tindakan | Bergabung dengan jaringan virtual. Tidak bisa diperingatkan. |
| Microsoft.Network/networkSecurityGroups/gabung/tindakan | Mendapatkan grup keamanan jaringan. Tidak bisa diperingatkan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan hasil menghapus kontainer |
| Microsoft.Storage/storageAccounts/blobServices/containers/baca | Daftar kontainer yang diperbarui |
| Microsoft.Storage/storageAccounts/blobServices/containers/tulis | Mengembalikan hasil dari wadah blob put |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan hasil menghapus blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan blob atau daftar blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tulis | Mengembalikan hasil penulisan blob |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Used by the Avere vFXT cluster to manage the cluster",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"permissions": [
{
"actions": [
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Cadangan
Memungkinkan Anda mengelola layanan pencadangan, tetapi tidak dapat membuat kubah dan memberikan akses ke orang lain Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.RecoveryServices/lokasi/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* | Kelola hasil operasi pada manajemen cadangan |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* | Membuat dan mengelola kontainer cadangan di dalam kain cadangan kubah Layanan Pemulihan |
| Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/tindakan | Me-refresh daftar kontainer |
| Microsoft.RecoveryServices/Vaults/backupJobs/* | Membuat dan mengelola pekerjaan pencadangan |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/tindakan | Ekspor pekerjaan |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/* | Membuat dan mengelola Hasil operasi manajemen cadangan |
| Microsoft.RecoveryServices/Vaults/backupPolicies/* | Membuat dan mengelola pekerjaan pencadangan |
| Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | Membuat dan mengelola item yang bisa dicadangkan |
| Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | Membuat dan mengelola item yang dicadangkan |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* | Membuat dan mengelola kontainer yang menyimpan item cadangan |
| Microsoft.RecoveryServices/Vaults/backupSecurityPIN/* | |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/baca | Menghasilkan ringkasan untuk Item yang Dilindungi dan Server yang Dilindungi untuk Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/sertifikat/* | Membuat dan mengelola sertifikat yang terkait dengan pencadangan di brankas Layanan Pemulihan |
| Microsoft.RecoveryServices/Vaults/extendedInformation/* | Membuat dan mengelola info yang diperluas terkait dengan kubah |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca | Mendapatkan peringatan untuk vault Layanan pemulihan. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/baca | Operasi Get Vault mendapatkan objek yang mewakili sumber daya Azure tipe 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/* | Membuat dan mengelola identitas terdaftar |
| Microsoft.RecoveryServices/Vaults/penggunaan/* | Membuat dan mengelola penggunaan kubah Layanan Pemulihan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupValidateOperation/tindakan | Validasi Operasi pada Item yang Dilindungi |
| Microsoft.RecoveryServices/Vaults/tulis | Operasi Create Vault membuat sumber daya Azure jenis 'vault' |
| Microsoft.RecoveryServices/Vaults/backupOperations/baca | Menghasilkan Status Operasi Backup untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/backupEngines/baca | Mengembalikan semua server manajemen cadangan yang terdaftar dengan vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/baca | Dapatkan semua kontainer yang dapat dilindungi |
| Microsoft.RecoveryServices/vaults/operationStatus/read | Mendapatkan Status Operasi untuk Operasi tertentu |
| Microsoft.RecoveryServices/vaults/operationResults/read | Operasi Dapatkan Hasil Operasi yang dapat digunakan untuk mendapatkan status operasi dan hasil untuk operasi yang dikirimkan secara asinkron |
| Microsoft.RecoveryServices/locations/backupStatus/tindakan | Periksa Status Backup untuk Vault Layanan Pemulihan |
| Microsoft.RecoveryServices/locations/backupPreValidateProtection/tindakan | |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/tindakan | Validasi Fitur |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca | Menyelesaikan peringatan. |
| Microsoft.RecoveryServices/operations/baca | Operasi menghasilkan daftar Operasi untuk Penyedia Sumber Daya |
| Microsoft.RecoveryLayanan/lokasi/operasiStatus/baca | Mendapatkan Status Operasi untuk Operasi yang diberikan |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/baca | Daftar semua cadangan Niat Proteksi |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.DataProtection/locations/getBackupStatus/action | Memeriksa Status Cadangan untuk Vault Layanan Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/write | Membuat Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/delete | Menghapus sebuah Instans Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Mengembalikan semua Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Mengembalikan semua Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | Mencantumkan Instans Cadangan yang dihapus sementara di Brankas Cadangan. |
| Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action | Lakukan penghapusan Instans Cadangan yang dihapus sementara. Instans Cadangan berpindah dari status SoftDeleted ke ProtectionStopped. |
| Microsoft.DataProtection/backupVaults/backupInstances/backup/action | Melakukan Pencadangan pada Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action | Menvalidasi Pemulihan dari Instans Pencadangan |
| Microsoft.DataProtection/backupVaults/backupInstances/restore/action | Memicu pemulihan pada Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupPolicies/write | Membuat Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupPolicies/delete | Menghapus Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Mengembalikan semua Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Mengembalikan semua Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Mengembalikan semua Titik Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Mengembalikan semua Titik Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action | Menemukan Rentang Waktu yang Dapat Dipulihkan |
| Microsoft.DataProtection/backupVaults/write | Memperbarui operasi BackupVault memperbarui sumber daya Azure jenis 'Backup Vault' |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/backupVaults/operationResults/read | Mendapatkan Hasil Operasi Patch untuk Vault Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/operationStatus/read | Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/locations/checkNameAvailability/action | Memeriksa apakah Nama BackupVault yang diminta Tersedia |
| Microsoft.DataProtection/locations/checkFeatureSupport/action | Memvalidasi apakah fitur didukung |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/locations/operationStatus/read | Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/locations/operationResults/read | Mengembalikan Hasil Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/backupVaults/validateForBackup/action | Memvalidasi pencadangan Instans Microsoft Azure Backup |
| Microsoft.DataProtection/operations/read | Operasi menampilkan daftar Operasi untuk Penyedia Sumber Daya |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backup service,but can't create vaults and give access to others",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
"name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/*",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/*",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/Vaults/usages/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/vaults/operationStatus/read",
"Microsoft.RecoveryServices/vaults/operationResults/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*",
"Microsoft.DataProtection/locations/getBackupStatus/action",
"Microsoft.DataProtection/backupVaults/backupInstances/write",
"Microsoft.DataProtection/backupVaults/backupInstances/delete",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/read",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action",
"Microsoft.DataProtection/backupVaults/backupInstances/backup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action",
"Microsoft.DataProtection/backupVaults/backupInstances/restore/action",
"Microsoft.DataProtection/backupVaults/backupPolicies/write",
"Microsoft.DataProtection/backupVaults/backupPolicies/delete",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
"Microsoft.DataProtection/backupVaults/write",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/operationResults/read",
"Microsoft.DataProtection/backupVaults/operationStatus/read",
"Microsoft.DataProtection/locations/checkNameAvailability/action",
"Microsoft.DataProtection/locations/checkFeatureSupport/action",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/backupVaults/validateForBackup/action",
"Microsoft.DataProtection/operations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Microsoft Azure Backup
Memungkinkan Anda mengelola layanan pencadangan, kecuali penghapusan cadangan, pembuatan kubah, dan memberikan akses ke orang lain Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca | Mengembalikan status operasi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/baca | Mendapatkan hasil Operasi yang dilakukan pada Kontainer Proteksi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/tindakan | Melakukan Backup untuk item yang Diproteksi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/baca | Mendapatkan Hasil Operasi yang Dilakukan pada Item yang Diproteksi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/baca | Mengembalikan status Operasi yang dilakukan pada Item yang Diproteksi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/baca | Mengembalikan detail objek Item yang Diproteksi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/tindakan | Penyediaan Pemulihan Item Instan untuk Item yang Dilindungi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/tindakan | Dapatkan AccessToken untuk Pemulihan Lintas Wilayah. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/baca | Dapatkan Titik Pemulihan untuk Item yang Diproteksi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/baca | Pulihkan Titik Pemulihan untuk Item yang Diproteksi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/tindakan | Membatalkan Pemulihan Item Instan untuk Item yang Dilindungi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/tulis | Buat Item yang Diproteksi cadangan |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/baca | Mengembalikan semua kontainer yang terdaftar |
| Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/tindakan | Me-refresh daftar kontainer |
| Microsoft.RecoveryServices/Vaults/backupJobs/* | Membuat dan mengelola pekerjaan pencadangan |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/tindakan | Ekspor pekerjaan |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/* | Membuat dan mengelola Hasil operasi manajemen cadangan |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca | Dapatkan Hasil Operasi Policy. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/baca | Mengembalikan semua Kebijakan Proteksi |
| Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | Membuat dan mengelola item yang bisa dicadangkan |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/baca | Mengembalikan daftar semua Item yang Diproteksi. |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/baca | Mengembalikan semua kontainer milik langganan |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/baca | Menghasilkan ringkasan untuk Item yang Dilindungi dan Server yang Dilindungi untuk Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/sertifikat/tulis | Operasi Perbarui Sertifikat Sumber Daya memperbarui sertifikat kredensial sumber daya/vault. |
| Microsoft.RecoveryServices/Vaults/extendedInformation/baca | Operasi Get Extended Info mendapatkan Info Tambahan objek yang mewakili sumber daya Azure jenis ?vault? |
| Microsoft.RecoveryServices/Vaults/extendedInformation/baca | Operasi Get Extended Info mendapatkan Info Tambahan objek yang mewakili sumber daya Azure jenis ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca | Mendapatkan peringatan untuk vault Layanan pemulihan. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/baca | Operasi Get Vault mendapatkan objek yang mewakili sumber daya Azure tipe 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/baca | Operasi Dapatkan Hasil Operasi dapat digunakan untuk mendapatkan hasil dan status operasi untuk operasi yang dikirimkan secara asinkron |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/baca | Operasi Dapatkan Kontainer dapat digunakan untuk mendapatkan kontainer yang terdaftar untuk sumber daya. |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/tulis | Operasi Daftarkan Kontainer Layanan dapat digunakan untuk mendaftarkan kontainer dengan Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/penggunaan/baca | Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupValidateOperation/tindakan | Validasi Operasi pada Item yang Dilindungi |
| Microsoft.RecoveryServices/Vaults/backupTriggerValidateOperation/action | Memvalidasi Operasi pada Item yang Dilindungi |
| Microsoft.RecoveryServices/Vaults/backupValidateOperationResults/read | Memvalidasi Operasi pada Item yang Dilindungi |
| Microsoft.RecoveryServices/Vaults/backupValidateOperationsStatuses/read | Validasi Operasi pada Item yang Dilindungi |
| Microsoft.RecoveryServices/Vaults/backupOperations/baca | Mengembalikan Status Operasi Backup untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca | Dapatkan Status Operasi Policy. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/tulis | Buat kontainer terdaftar |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/tindakan | Lakukan permintaan beban kerja dalam kontainer |
| Microsoft.RecoveryServices/Vaults/backupEngines/baca | Mengembalikan semua server manajemen cadangan yang terdaftar dengan vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/tulis | Buat Niat Proteksi cadangan |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/baca | Dapatkan cadangan Niat Proteksi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/baca | Dapatkan semua kontainer yang dapat dilindungi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/baca | Dapatkan semua item dalam kontainer |
| Microsoft.RecoveryServices/locations/backupStatus/tindakan | Periksa Status Backup untuk Vault Layanan Pemulihan |
| Microsoft.RecoveryServices/locations/backupPreValidateProtection/tindakan | |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/tindakan | Validasi Fitur |
| Microsoft.RecoveryServices/locations/backupAadProperties/baca | Dapatkan Properti AAD untuk autentikasi di wilayah ketiga untuk Pemulihan Lintas Wilayah. |
| Microsoft.RecoveryServices/locations/backupStatus/tindakan | Cantumkan Pekerjaan Pemulihan Lintas Wilayah di wilayah sekunder untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/locations/backupStatus/tindakan | Dapatkan Detail Pekerjaan Pemulihan Lintas Wilayah di wilayah sekunder untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/locations/backupCrossRegionRestore/tindakan | Mulai Pemulihan lintas wilayah. |
| Microsoft.RecoveryServices/locations/backupCrrOperationResults/baca | Mengembalikan Hasil Operasi CRR untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/locations/backupCrrOperationResults/baca | Mengembalikan Status Operasi CRR untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca | Menyelesaikan peringatan. |
| Microsoft.RecoveryServices/operations/baca | Operasi menghasilkan daftar Operasi untuk Penyedia Sumber Daya |
| Microsoft.RecoveryLayanan/lokasi/operasiStatus/baca | Mendapatkan Status Operasi untuk Operasi yang diberikan |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/baca | Daftar semua cadangan Niat Proteksi |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Mengembalikan semua Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Mengembalikan semua Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | Mencantumkan Instans Cadangan yang dihapus sementara di Brankas Cadangan. |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Mengembalikan semua Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Mengembalikan semua Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Mengembalikan semua Titik Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Mengembalikan semua Titik Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action | Menemukan Rentang Waktu yang Dapat Dipulihkan |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/backupVaults/operationResults/read | Mendapatkan Hasil Operasi Patch untuk Vault Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/operationStatus/read | Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/locations/operationStatus/read | Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/locations/operationResults/read | Mengembalikan Hasil Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/operations/read | Operasi menampilkan daftar Operasi untuk Penyedia Sumber Daya |
| Microsoft.DataProtection/backupVaults/validateForBackup/action | Memvalidasi pencadangan Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/backup/action | Melakukan Pencadangan pada Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action | Menvalidasi Pemulihan dari Instans Pencadangan |
| Microsoft.DataProtection/backupVaults/backupInstances/restore/action | Memicu pemulihan pada Instans Microsoft Azure Backup |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
"name": "00c29273-979b-4161-815c-10b084fb9324",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/write",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/backupTriggerValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/backupValidateOperationResults/read",
"Microsoft.RecoveryServices/Vaults/backupValidateOperationsStatuses/read",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/locations/backupAadProperties/read",
"Microsoft.RecoveryServices/locations/backupCrrJobs/action",
"Microsoft.RecoveryServices/locations/backupCrrJob/action",
"Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action",
"Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
"Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/operationResults/read",
"Microsoft.DataProtection/backupVaults/operationStatus/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/operations/read",
"Microsoft.DataProtection/backupVaults/validateForBackup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/backup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action",
"Microsoft.DataProtection/backupVaults/backupInstances/restore/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Backup
Bisa melihat layanan pencadangan, tetapi tidak bisa membuat perubahan Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.RecoveryServices/locations/allocatedStamp/baca | GetAllocatedStamp adalah operasi internal yang digunakan oleh layanan |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca | Mengembalikan status operasi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/baca | Mendapatkan hasil Operasi yang dilakukan pada Kontainer Proteksi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/baca | Mendapatkan Hasil Operasi yang Dilakukan pada Item yang Diproteksi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/baca | Mengembalikan status Operasi yang dilakukan pada Item yang Diproteksi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/baca | Mengembalikan detail objek Item yang Diproteksi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/baca | Dapatkan Titik Pemulihan untuk Item yang Diproteksi. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/baca | Mengembalikan semua kontainer yang terdaftar |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca | Mengembalikan Hasil Operasi Tugas. |
| Microsoft.RecoveryServices/Vaults/backupJobs/baca | Menghasilkan semua Objek Tugas |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/tindakan | Ekspor pekerjaan |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/baca | Mengembalikan Hasil Operasi Backup untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca | Dapatkan Hasil Operasi Policy. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/baca | Mengembalikan semua Kebijakan Proteksi |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/baca | Mengembalikan daftar semua Item yang Diproteksi. |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/baca | Mengembalikan semua kontainer milik langganan |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/baca | Menghasilkan ringkasan untuk Item yang Dilindungi dan Server yang Dilindungi untuk Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/extendedInformation/baca | Operasi Get Extended Info mendapatkan Info Tambahan objek yang mewakili sumber daya Azure jenis ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca | Mendapatkan peringatan untuk vault Layanan pemulihan. |
| Microsoft.RecoveryServices/Vaults/baca | Operasi Get Vault mendapatkan objek yang mewakili sumber daya Azure tipe 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/baca | Operasi Dapatkan Hasil Operasi dapat digunakan untuk mendapatkan hasil dan status operasi untuk operasi yang dikirimkan secara asinkron |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/baca | Operasi Dapatkan Kontainer dapat digunakan untuk mendapatkan kontainer yang terdaftar untuk sumber daya. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/baca | Menghasilkan Konfigurasi Penyimpanan untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/backupconfig/baca | Menghasilkan Konfigurasi untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/backupOperations/baca | Mengembalikan Status Operasi Backup untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca | Dapatkan Status Operasi Policy. |
| Microsoft.RecoveryServices/Vaults/backupEngines/baca | Mengembalikan semua server manajemen cadangan yang terdaftar dengan vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/baca | Dapatkan cadangan Niat Proteksi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/baca | Dapatkan semua item dalam kontainer |
| Microsoft.RecoveryServices/locations/backupStatus/tindakan | Periksa Status Backup untuk Vault Layanan Pemulihan |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca | Menyelesaikan peringatan. |
| Microsoft.RecoveryServices/operations/baca | Operasi menghasilkan daftar Operasi untuk Penyedia Sumber Daya |
| Microsoft.RecoveryLayanan/lokasi/operasiStatus/baca | Mendapatkan Status Operasi untuk Operasi yang diberikan |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/baca | Daftar semua cadangan Niat Proteksi |
| Microsoft.RecoveryServices/Vaults/penggunaan/baca | Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/tindakan | Validasi Fitur |
| Microsoft.RecoveryServices/locations/backupStatus/tindakan | Cantumkan Pekerjaan Pemulihan Lintas Wilayah di wilayah sekunder untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/locations/backupStatus/tindakan | Dapatkan Detail Pekerjaan Pemulihan Lintas Wilayah di wilayah sekunder untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/locations/backupCrrOperationResults/baca | Mengembalikan Hasil Operasi CRR untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/locations/backupCrrOperationResults/baca | Mengembalikan Status Operasi CRR untuk Vault Layanan Pemulihan. |
| Microsoft.DataProtection/locations/getBackupStatus/action | Memeriksa Status Cadangan untuk Vault Layanan Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/write | Membuat Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Mengembalikan semua Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | Mencantumkan Instans Cadangan yang dihapus sementara di Brankas Cadangan. |
| Microsoft.DataProtection/backupVaults/backupInstances/backup/action | Melakukan Pencadangan pada Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action | Menvalidasi Pemulihan dari Instans Pencadangan |
| Microsoft.DataProtection/backupVaults/backupInstances/restore/action | Memicu pemulihan pada Instans Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Mengembalikan semua Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Mengembalikan semua Kebijakan Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Mengembalikan semua Titik Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Mengembalikan semua Titik Pemulihan |
| Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action | Menemukan Rentang Waktu yang Dapat Dipulihkan |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/backupVaults/operationResults/read | Mendapatkan Hasil Operasi Patch untuk Vault Microsoft Azure Backup |
| Microsoft.DataProtection/backupVaults/operationStatus/read | Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/backupVaults/read | Mendapatkan daftar Vault Microsoft Azure Backup di grup sumber daya |
| Microsoft.DataProtection/locations/operationStatus/read | Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/locations/operationResults/read | Mengembalikan Hasil Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup. |
| Microsoft.DataProtection/backupVaults/validateForBackup/action | Memvalidasi pencadangan Instans Microsoft Azure Backup |
| Microsoft.DataProtection/operations/read | Operasi menampilkan daftar Operasi untuk Penyedia Sumber Daya |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can view backup services, but can't make changes",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
"name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/read",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
"Microsoft.RecoveryServices/Vaults/backupconfig/read",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/locations/backupCrrJobs/action",
"Microsoft.RecoveryServices/locations/backupCrrJob/action",
"Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
"Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
"Microsoft.DataProtection/locations/getBackupStatus/action",
"Microsoft.DataProtection/backupVaults/backupInstances/write",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/backup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action",
"Microsoft.DataProtection/backupVaults/backupInstances/restore/action",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/operationResults/read",
"Microsoft.DataProtection/backupVaults/operationStatus/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/backupVaults/validateForBackup/action",
"Microsoft.DataProtection/operations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Akun Storage Klasik
Memungkinkan Anda mengelola akun penyimpanan klasik, tetapi tidak dapat mengaksesnya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.ClassicStorage/storageAccounts/* | Membuat dan mengelola akun penyimpanan |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic storage accounts, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicStorage/storageAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Layanan Operator Kunci Akun Storage Klasik
Operator Kunci Akun Penyimpanan Klasik diizinkan untuk mencantumkan dan meregenerasi kunci pada Akun Penyimpanan Klasik Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ClassicStorage/storageAccounts/listKeys/tindakan | Mencantumkan kunci akses untuk akun penyimpanan. |
| Microsoft.ClassicStorage/storageAccounts/regeneratekey/tindakan | Membuat ulang kunci akses yang ada untuk akun penyimpanan. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"permissions": [
{
"actions": [
"Microsoft.ClassicStorage/storageAccounts/listkeys/action",
"Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Data Box
Memungkinkan Anda mengelola semuanya dalam Layanan Data Box, kecuali memberikan akses kepada orang lain. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Databox/* | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage everything under Data Box Service except giving access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
"name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Databox/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data Box
Memungkinkan Anda mengelola Layanan Data Box, kecuali membuat urutan atau mengedit detail urutan dan memberikan akses kepada orang lain. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Databox/*/baca | |
| Microsoft.Databox/jobs/listsecrets/tindakan | |
| Microsoft.Databox/jobs/listcredentials/tindakan | Mencantumkan mandat tak terenkripsi yang terkait dengan urutan. |
| Microsoft.Databox/locations/availableSkus/tindakan | Metode ini mengembalikan daftar siku yang tersedia. |
| Microsoft.Databox/locations/validasiInputs/tindakan | Metode ini melakukan semua jenis validasi. |
| Microsoft.Databox/locations/regionConfiguration/tindakan | Metode ini mengembalikan konfigurasi untuk wilayah tersebut. |
| Microsoft.Databox/locations/validasiInputs/tindakan | Memvalidasi alamat pengiriman dan menyediakan alamat alternatif jika ada. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Databox/*/read",
"Microsoft.Databox/jobs/listsecrets/action",
"Microsoft.Databox/jobs/listcredentials/action",
"Microsoft.Databox/locations/availableSkus/action",
"Microsoft.Databox/locations/validateInputs/action",
"Microsoft.Databox/locations/regionConfiguration/action",
"Microsoft.Databox/locations/validateAddress/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengembang Data Lake Analytics
Memungkinkan Anda untuk mengirim, memantau, dan mengelola tugas Anda sendiri, namun tidak dapat membuat atau menghapus akun Data Lake Analytics. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.BigAnalytics/akun/* | |
| Microsoft.DataLakeAnalytics/akun/* | |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Microsoft.BigAnalytics/akun/Hapus | |
| Microsoft.BigAnalytics/akun/TakeOwnership/tindakan | |
| Microsoft.BigAnalytics/akun/Hapus | |
| Microsoft.DataLakeAnalytics/akun/Hapus | Menghapus akun DataLakeAnalytics. |
| Microsoft.DataLakeAnalytics/akun/TakeOwnership/tindakan | Memberikan izin untuk membatalkan pekerjaan yang dikirimkan oleh pengguna lain. |
| Microsoft.DataLakeAnalytics/akun/Tulis | Membuat atau memperbarui akun DataLakeAnalytics. |
| Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Tulis | Membuat atau memperbarui akun DataLakeStore yang ditautkan dari akun DataLakeAnalytics. |
| Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Tulis | Batalkan tautan akun DataLakeStore dari akun DataLakeAnalytics. |
| Microsoft.DataLakeAnalytics/akun/storageAccounts/Tulis | Membuat atau memperbarui akun DataLakeStore yang ditautkan dari akun DataLakeAnalytics. |
| Microsoft.DataLakeAnalytics/akun/storageAccounts/Hapus | Batalkan tautan akun DataLakeStore dari akun DataLakeAnalytics. |
| Microsoft.DataLakeAnalytics/akun/firewallRules/Tulis | Membuat atau memperbarui aturan firewall. |
| Microsoft.DataLakeAnalytics/akun/firewallRules/Tulis | Menghapus aturan firewall. |
| Microsoft.DataLakeAnalytics/akun/computePolicies/Tulis | Membuat atau memperbarui kebijakan komputasi. |
| Microsoft.DataLakeAnalytics/akun/computePolicies/Hapus | Menghapus kebijakan komputasi. |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
"name": "47b7735b-770e-4598-a7da-8b91488b4c88",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.BigAnalytics/accounts/*",
"Microsoft.DataLakeAnalytics/accounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.BigAnalytics/accounts/Delete",
"Microsoft.BigAnalytics/accounts/TakeOwnership/action",
"Microsoft.BigAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
"Microsoft.DataLakeAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Lake Analytics Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik Elastic SAN
Memungkinkan akses penuh ke semua sumber daya di bawah Azure Elastic SAN termasuk mengubah kebijakan keamanan jaringan untuk membuka blokir akses jalur data
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ElasticSan/elasticSans/* | |
| Microsoft.ElasticSan/locations/* | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to all resources under Azure Elastic SAN including changing network security policies to unblock data path access",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/80dcbedb-47ef-405d-95bd-188a1b4ac406",
"name": "80dcbedb-47ef-405d-95bd-188a1b4ac406",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ElasticSan/elasticSans/*",
"Microsoft.ElasticSan/locations/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca ELASTIC SAN
Memungkinkan akses baca jalur kontrol ke Azure Elastic SAN
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/roleAssignments/baca | Mendapatkan informasi tentang penetapan peran. |
| Microsoft.Authorization/roleDefinisi/baca | Mendapatkan informasi tentang definisi peran. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ElasticSan/elasticSans/*/read | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for control path read access to Azure Elastic SAN",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/af6a70f8-3c9f-4105-acf1-d719e9fca4ca",
"name": "af6a70f8-3c9f-4105-acf1-d719e9fca4ca",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ElasticSan/elasticSans/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik Grup Volume Elastic SAN
Memungkinkan akses penuh ke grup volume di Azure Elastic SAN termasuk mengubah kebijakan keamanan jaringan untuk membuka blokir akses jalur data
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/roleAssignments/baca | Mendapatkan informasi tentang penetapan peran. |
| Microsoft.Authorization/roleDefinisi/baca | Mendapatkan informasi tentang definisi peran. |
| Microsoft.ElasticSan/elasticSans/volumeGroups/* | |
| Microsoft.ElasticSan/locations/asyncoperations/read | Polling status operasi asinkron. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to a volume group in Azure Elastic SAN including changing network security policies to unblock data path access",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a8281131-f312-4f34-8d98-ae12be9f0d23",
"name": "a8281131-f312-4f34-8d98-ae12be9f0d23",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read",
"Microsoft.ElasticSan/elasticSans/volumeGroups/*",
"Microsoft.ElasticSan/locations/asyncoperations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Volume Group Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Akses Data dan Pembaca
Memungkinkan Anda melihat semuanya tetapi tidak akan membiarkan Anda menghapus atau membuat akun penyimpanan atau sumber daya yang terkandung. Ini juga akan memungkinkan akses baca / tulis ke semua data yang terkandung dalam akun penyimpanan melalui akses ke kunci akun penyimpanan.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/listKeys/tindakan | Mengembalikan kunci akses untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/ListAccountSas/tindakan | Mengembalikan token SAS Akun untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
"name": "c12c1c16-33a1-487b-954d-41c89c60f349",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/ListAccountSas/action",
"Microsoft.Storage/storageAccounts/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reader and Data Access",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Pencadangan Akun Penyimpanan
Memungkinkan Anda melakukan operasi pencadangan dan pemulihan menggunakan Azure Backup di akun penyimpanan. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Authorization/locks/read | Mendapatkan kunci pada cakupan yang ditentukan. |
| Microsoft.Authorization/locks/write | Menambahkan kunci pada cakupan yang ditentukan. |
| Microsoft.Authorization/locks/delete | Menghapus kunci pada cakupan yang ditentukan. |
| Microsoft.Features/features/read | Mendapatkan fitur dari langganan. |
| Microsoft.Features/penyedia/fitur/baca | Mendapatkan fitur langganan di penyedia sumber daya yang diberikan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/operations/read | Polling status operasi asinkron. |
| Microsoft.Storage/storageAccounts/objectReplicationPolicies/delete | Menghapus kebijakan replikasi objek |
| Microsoft.Storage/storageAccounts/objectReplicationPolicies/read | Mencantumkan kebijakan replikasi objek |
| Microsoft.Storage/storageAccounts/objectReplicationPolicies/write | Membuat atau memperbarui kebijakan replikasi objek |
| Microsoft.Storage/storageAccounts/objectReplicationPolicies/restorePointMarkers/write | Membuat penanda titik pemulihan replikasi objek |
| Microsoft.Storage/storageAccounts/blobServices/containers/baca | Daftar kontainer yang diperbarui |
| Microsoft.Storage/storageAccounts/blobServices/containers/tulis | Mengembalikan hasil dari wadah blob put |
| Microsoft.Storage/storageAccounts/blobServices/read | Mengembalikan properti layanan blob atau statistik |
| Microsoft.Storage/storageAccounts/blobServices/write | Mengembalikan hasil dari properti layanan blob put |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/restoreBlobRanges/action | Kembalikan rentang blob ke keadaan pada waktu yang ditentukan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform backup and restore operations using Azure Backup on the storage account.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1",
"name": "e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/locks/read",
"Microsoft.Authorization/locks/write",
"Microsoft.Authorization/locks/delete",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/operations/read",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/delete",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/read",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/write",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/restorePointMarkers/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/write",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/restoreBlobRanges/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Backup Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Akun Penyimpanan
Mengizinkan pengelolaan akun penyimpanan. Menyediakan akses ke kunci akun, yang dapat digunakan untuk mengakses data melalui otorisasi Kunci Bersama. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/diagnosticSettings/* | Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/tindakan | Bergabung dengan sumber daya seperti akun penyimpanan atau database SQL ke subnet. Tidak bisa diperingatkan. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/storageAccounts/* | Membuat dan mengelola akun penyimpanan |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
"name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Layanan Operator Kunci Akun Penyimpanan
Mengizinkan pencatatan dan regenerasi kunci akses akun penyimpanan. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/listKeys/tindakan | Mengembalikan kunci akses untuk akun penyimpanan tertentu. |
| Microsoft.ClassicStorage/storageAccounts/regeneratekey/tindakan | Mengembalikan kunci akses untuk akun penyimpanan tertentu. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
"name": "81a9662b-bebf-436f-a333-f67b29880f12",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Data Blob Penyimpanan
Baca, tulis, dan hapus kontainer dan blob Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Hapus kontainer. |
| Microsoft.Storage/storageAccounts/blobServices/containers/baca | Mengembalikan kontainer atau daftar kontainer. |
| Microsoft.Storage/storageAccounts/blobServices/containers/tulis | Mengubah metadata atau properti kontainer. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/tindakan | Mengembalikan kunci delegasi pengguna untuk Blob service. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Hapus blob. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan blob atau daftar blob. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tulis | Menulis ke blob. |
| Microsoft.Storage/storageAccounts/blobServices/kontainer/blobs/pindah/tindakan | Memindahkan gumpalan dari satu jalur ke jalur lainnya |
| Microsoft.Storage/storageAccounts/blobServices/kontainer/blobs/tambah/tindakan | Mengembalikan hasil penambahan konten blob |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write and delete access to Azure Storage blob containers and data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik Data Blob Penyimpanan
Memungkinkan akses penuh ke kontainer dan data blob Azure Storage, termasuk menetapkan kontrol akses POSIX. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/kontainer/* | Izin penuh pada kontainer. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/tindakan | Mengembalikan kunci delegasi pengguna untuk Blob service. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/kontainer/blobs/* | Izin penuh pada blob. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/*",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data Blob Penyimpanan.
Baca dan daftar kontainer dan blob Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/containers/baca | Mengembalikan kontainer atau daftar kontainer. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/tindakan | Mengembalikan kunci delegasi pengguna untuk Blob service. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus | Mengembalikan blob atau daftar blob. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage blob containers and data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Delegator Blob Penyimpanan
Dapatkan kunci delegasi pengguna, yang kemudian dapat digunakan untuk membuat penanda akses bersama untuk kontainer atau blob yang ditandai dengan kredensial Azure AD. Untuk informasi selengkapnya, lihat Membuat delegasi pengguna SAS. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/tindakan | Mengembalikan kunci delegasi pengguna untuk Blob service. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Blob Delegator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Storage File Data Privileged Reader
Memungkinkan untuk membaca, menulis, menghapus, dan memodifikasi ACL pada file/direktori di berbagi file Azure dengan mengambil alih izin ACL/NTFS yang ada. Peran ini tidak memiliki bawaan yang setara pada server file Windows.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/baca | Mengembalikan file/folder atau daftar file/folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/tulis | Mengembalikan hasil penulisan file atau membuat folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/hapus | Mengembalikan hasil menghapus file/folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/tindakan | Mengembalikan hasil dari mengubah izin pada file/folder. |
| Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action | Membaca hak istimewa sematika pencadangan file. |
| Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action | Menulis hak istimewa sematika pencadangan file. |
| NotDataActions | |
| Tidak ada |
{
"id": "/providers/Microsoft.Authorization/roleDefinitions/69566ab7-960f-475b-8e7c-b3118f30c6bd",
"properties": {
"roleName": "Storage File Data Privileged Contributor",
"description": "Customer has read, write, delete and modify NTFS permission access on Azure Storage file shares.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action",
"Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action",
"Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action"
],
"notDataActions": []
}
]
}
}
Pembaca Data File Penyimpanan Izin Khusus
Memungkinkan akses baca pada file/direktori di berbagi file Azure dengan mengesampingkan izin ACL/NTFS yang ada. Peran ini tidak memiliki bawaan yang setara pada server file Windows.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action | Membaca hak istimewa sematika pencadangan file. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/baca | Mengembalikan file/folder atau daftar file/folder. |
| NotDataActions | |
| Tidak ada |
{
"id": "/providers/Microsoft.Authorization/roleDefinitions/b8eda974-7b85-4f76-af95-65846b26df6d",
"properties": {
"roleName": "Storage File Data Privileged Reader",
"description": "Customer has read access on Azure Storage file shares.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action"
],
"notDataActions": []
}
]
}
}
Kontributor Berbagi SMB Data File Penyimpanan
Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini tidak memiliki bawaan yang setara pada server file Windows. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/baca | Mengembalikan file/folder atau daftar file/folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/tulis | Mengembalikan hasil penulisan file atau membuat folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/hapus | Mengembalikan hasil menghapus file/folder. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Lanjutan Berbagi SMB Data File Penyimpanan
Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini setara dengan ACL berbagi berkas perubahan pada peladen berkas Windows. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/baca | Mengembalikan file/folder atau daftar file/folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/tulis | Mengembalikan hasil penulisan file atau membuat folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/hapus | Mengembalikan hasil menghapus file/folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/tindakan | Mengembalikan hasil dari mengubah izin pada file/folder. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
"name": "a7264617-510b-434b-a828-9731dc254ea7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Elevated Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Berbagi SMB Data File Penyimpanan
Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini setara dengan ACL berbagi file yang dibaca di server file Windows. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/baca | Mengembalikan file/folder atau daftar file/folder. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure File Share over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
"name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Data Antrean Penyimpanan
Baca, tulis, dan hapus antrean Azure Storage dan pesan antrean. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/hapus | Hapus antrean. |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/baca | Mengembalikan antrean atau daftar antrean. |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/tulis | Mengubah metadata atau properti antrean. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/hapus | Menghapus satu atau beberapa pesan dari antrean. |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/baca | Mengintip atau mengambil satu atau beberapa pesan dari antrean. |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/tulis | Kirim pesan ke antrean. |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/proses/tindakan | Mengembalikan hasil pemrosesan pesan |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/write",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemroses Pesan Data Antrean Penyimpanan
Mengintip, mengambil, dan menghapus pesan dari antrean Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/baca | Mengintip pesan. |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/proses/tindakan | Mengambil dan menghapus pesan. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
"name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Processor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Storage Queue Data Message Sender
Tambah pesan ke antrean Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/tambah/tulis | Kirim pesan ke antrean. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for sending of Azure Storage queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data Antrean Penyimpanan
Baca dan daftar antrean Azure Storage dan pesan antrean. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/baca | Mengembalikan antrean atau daftar antrean. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/baca | Mengintip atau mengambil satu atau beberapa pesan dari antrean. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage queues and queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
"name": "19e7f393-937e-4f77-808e-94535e297925",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Data Tabel Penyimpanan
Memungkinkan untuk membaca, menulis, dan menghapus akses ke Azure Storage tabel dan entitas
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/tableServices/tables/read | Mengkueri tabel |
| Microsoft.Storage/storageAccounts/tableServices/tables/write | Membuat tabel |
| Microsoft.Storage/storageAccounts/tableServices/tables/delete | Menghapus tabel |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/read | Mengkueri entitas tabel |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/write | Menyisipkan, menggabungkan, atau mengganti entitas tabel |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/delete | Menghapus entitas tabel |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action | Menyisipkan entitas tabel |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action | Menggabungkan atau memperbarui entitas tabel |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write and delete access to Azure Storage tables and entities",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3",
"name": "0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/read",
"Microsoft.Storage/storageAccounts/tableServices/tables/write",
"Microsoft.Storage/storageAccounts/tableServices/tables/delete"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/read",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/write",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/delete",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action"
],
"notDataActions": []
}
],
"roleName": "Storage Table Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data Tabel Penyimpanan
Memungkinkan akses baca ke tabel dan entitas Azure Storage
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Storage/storageAccounts/tableServices/tables/read | Mengkueri tabel |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/read | Mengkueri entitas tabel |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage tables and entities",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/76199698-9eea-4c19-bc75-cec21354c6b6",
"name": "76199698-9eea-4c19-bc75-cec21354c6b6",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/read"
],
"notDataActions": []
}
],
"roleName": "Storage Table Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Web
Kontributor Data Azure Maps
Memberikan akses baca, tulis, dan hapus ke data terkait peta dari akun Azure maps. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Maps/akun/*/baca | |
| Microsoft.Maps/akun/*/tulis | |
| Microsoft.Maps/akun/*/hapus | |
| Microsoft.Maps/accounts/*/action | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read, write, and delete access to map related data from an Azure maps account.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
"name": "8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Maps/accounts/*/read",
"Microsoft.Maps/accounts/*/write",
"Microsoft.Maps/accounts/*/delete",
"Microsoft.Maps/accounts/*/action"
],
"notDataActions": []
}
],
"roleName": "Azure Maps Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data Azure Maps
Memberikan akses untuk membaca data terkait peta dari akun Azure maps. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Maps/akun/*/baca | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read map related data from an Azure maps account.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
"name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Maps/accounts/*/read"
],
"notDataActions": []
}
],
"roleName": "Azure Maps Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Server Azure Spring Cloud Config
Mengizinkan membaca, menulis, dan menghapus akses ke Server Config Azure Spring Cloud Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.AppPlatform/Spring/configService/read | Membaca konten konfigurasi (misalnya, application.yaml) untuk instans layanan Azure Spring Apps tertentu |
| Microsoft.AppPlatform/Spring/configService/write | Menulis konten server konfigurasi untuk instans layanan Azure Spring Apps tertentu |
| Microsoft.AppPlatform/Spring/configService/delete | Menghapus konten server konfigurasi untuk instans layanan Azure Spring Apps tertentu |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allow read, write and delete access to Azure Spring Cloud Config Server",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b",
"name": "a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/configService/read",
"Microsoft.AppPlatform/Spring/configService/write",
"Microsoft.AppPlatform/Spring/configService/delete"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Cloud Config Server Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Server Azure Spring Cloud Config
Mengizinkan akses baca ke Server Config Azure Spring Cloud Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.AppPlatform/Spring/configService/read | Membaca konten konfigurasi (misalnya, application.yaml) untuk instans layanan Azure Spring Apps tertentu |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allow read access to Azure Spring Cloud Config Server",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d04c6db6-4947-4782-9e91-30a88feb7be7",
"name": "d04c6db6-4947-4782-9e91-30a88feb7be7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/configService/read"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Cloud Config Server Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data Azure Spring Cloud
Izinkan akses baca ke Azure Spring Cloud Data
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.AppPlatform/Spring/*/baca | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allow read access to Azure Spring Cloud Data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b5537268-8956-4941-a8f0-646150406f0c",
"name": "b5537268-8956-4941-a8f0-646150406f0c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/*/read"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Cloud Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Registri Layanan Azure Spring Cloud
Mengizinkan membaca, menulis, dan menghapus akses ke Registri Layanan Azure Spring Cloud Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.AppPlatform/Spring/eurekaService/read | Membaca informasi pendaftaran aplikasi pengguna untuk instans layanan Azure Spring Apps tertentu |
| Microsoft.AppPlatform/Spring/eurekaService/write | Menulis informasi pendaftaran aplikasi pengguna untuk instans layanan Azure Spring Apps tertentu |
| Microsoft.AppPlatform/Spring/eurekaService/delete | Menghapus informasi pendaftaran aplikasi pengguna untuk instans layanan Azure Spring Apps tertentu |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allow read, write and delete access to Azure Spring Cloud Service Registry",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f5880b48-c26d-48be-b172-7927bfa1c8f1",
"name": "f5880b48-c26d-48be-b172-7927bfa1c8f1",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/eurekaService/read",
"Microsoft.AppPlatform/Spring/eurekaService/write",
"Microsoft.AppPlatform/Spring/eurekaService/delete"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Cloud Service Registry Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Registri Layanan Azure Spring Cloud
Mengizinkan akses baca ke Registri Layanan Azure Spring Cloud Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.AppPlatform/Spring/eurekaService/read | Membaca informasi pendaftaran aplikasi pengguna untuk instans layanan Azure Spring Apps tertentu |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allow read access to Azure Spring Cloud Service Registry",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cff1b556-2399-4e7e-856d-a8f754be7b65",
"name": "cff1b556-2399-4e7e-856d-a8f754be7b65",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppPlatform/Spring/eurekaService/read"
],
"notDataActions": []
}
],
"roleName": "Azure Spring Cloud Service Registry Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Akun Media Services
Membuat, membaca, mengubah, dan menghapus akun Media Services; akses baca-saja ke sumber daya Media Services lainnya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/metrik/baca | Membaca metrik |
| Microsoft.Insights/metricDefinitions/baca | Baca definisi metrik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Media/mediaservices/*/baca | |
| Microsoft.Media/mediaservices/aset/listStreamingLocators/tindakan | Pencari Informasi Streaming Daftar untuk Aset |
| Microsoft.Media/mediaservices/streamingLocators/listPaths/tindakan | Jalur Daftar |
| Microsoft.Media/mediaservices/tulis | Membuat atau Memperbarui Akun Media Services apa pun |
| Microsoft.Media/mediaservices/hapus | Hapus Akun Media Services apa pun |
| Microsoft.Media/mediaservices/privateEndpointConnectionsApproval/tindakan | Setujui koneksi titik akhir privat |
| Microsoft.Media/mediaservices/privateEndpointConnections/* | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Create, read, modify, and delete Media Services accounts; read-only access to other Media Services resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/054126f8-9a2b-4f1c-a9ad-eca461f08466",
"name": "054126f8-9a2b-4f1c-a9ad-eca461f08466",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Media/mediaservices/*/read",
"Microsoft.Media/mediaservices/assets/listStreamingLocators/action",
"Microsoft.Media/mediaservices/streamingLocators/listPaths/action",
"Microsoft.Media/mediaservices/write",
"Microsoft.Media/mediaservices/delete",
"Microsoft.Media/mediaservices/privateEndpointConnectionsApproval/action",
"Microsoft.Media/mediaservices/privateEndpointConnections/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Media Services Account Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Acara Langsung Media Services
Membuat, membaca, dan memodifikasi Acara Langsung, Aset, Filter Aset, dan Pencari Streaming; akses baca-saja ke sumber daya Media Services lainnya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/metrik/baca | Membaca metrik |
| Microsoft.Insights/metricDefinitions/baca | Baca definisi metrik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Media/mediaservices/*/baca | |
| Microsoft.Media/mediaservices/aset/* | |
| Microsoft.Media/mediaservices/assets/assetfilters/* | |
| Microsoft.Media/mediaservices/streamingLocators/* | |
| Microsoft.Media/mediaservices/liveEvents/* | |
| Bukan Tindakan | |
| Microsoft.Media/layanan media/aset/getEncryptionKey/tindakan | Dapatkan Kunci Enkripsi Aset |
| Microsoft.Media/mediaservices/streamingLocators/listPaths/tindakan | Daftar Kunci Konten |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Create, read, modify, and delete Live Events, Assets, Asset Filters, and Streaming Locators; read-only access to other Media Services resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/532bc159-b25e-42c0-969e-a1d439f60d77",
"name": "532bc159-b25e-42c0-969e-a1d439f60d77",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Media/mediaservices/*/read",
"Microsoft.Media/mediaservices/assets/*",
"Microsoft.Media/mediaservices/assets/assetfilters/*",
"Microsoft.Media/mediaservices/streamingLocators/*",
"Microsoft.Media/mediaservices/liveEvents/*"
],
"notActions": [
"Microsoft.Media/mediaservices/assets/getEncryptionKey/action",
"Microsoft.Media/mediaservices/streamingLocators/listContentKeys/action"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Media Services Live Events Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Media Media Services
Membuat, membaca, memodifikasi, dan menghapus Aset, Filter Aset, Pencari Streaming, dan Pekerjaan; akses baca-saja ke sumber daya Media Services lainnya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/metrik/baca | Membaca metrik |
| Microsoft.Insights/metricDefinitions/baca | Baca definisi metrik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Media/mediaservices/*/baca | |
| Microsoft.Media/mediaservices/aset/* | |
| Microsoft.Media/mediaservices/assets/assetfilters/* | |
| Microsoft.Media/mediaservices/streamingLocators/* | |
| Microsoft.Media/layanan media/transformasi/pekerjaan/* | |
| Bukan Tindakan | |
| Microsoft.Media/layanan media/aset/getEncryptionKey/tindakan | Dapatkan Kunci Enkripsi Aset |
| Microsoft.Media/mediaservices/streamingLocators/listPaths/tindakan | Daftar Kunci Konten |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Create, read, modify, and delete Assets, Asset Filters, Streaming Locators, and Jobs; read-only access to other Media Services resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e4395492-1534-4db2-bedf-88c14621589c",
"name": "e4395492-1534-4db2-bedf-88c14621589c",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Media/mediaservices/*/read",
"Microsoft.Media/mediaservices/assets/*",
"Microsoft.Media/mediaservices/assets/assetfilters/*",
"Microsoft.Media/mediaservices/streamingLocators/*",
"Microsoft.Media/mediaservices/transforms/jobs/*"
],
"notActions": [
"Microsoft.Media/mediaservices/assets/getEncryptionKey/action",
"Microsoft.Media/mediaservices/streamingLocators/listContentKeys/action"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Media Services Media Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Media Services Policy
Membuat, membaca, memodifikasi, dan menghapus Filter Akun, Kebijakan Streaming, Kebijakan Kunci Konten, dan Transformasi; akses baca-saja ke sumber daya Media Services lainnya. Tidak dapat membuat sumber daya Pekerjaan, Aset, atau Streaming.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/metrik/baca | Membaca metrik |
| Microsoft.Insights/metricDefinitions/baca | Baca definisi metrik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Media/mediaservices/*/baca | |
| Microsoft.Media/mediaservices/aset/listStreamingLocators/tindakan | Pencari Informasi Streaming Daftar untuk Aset |
| Microsoft.Media/mediaservices/streamingLocators/listPaths/tindakan | Jalur Daftar |
| Microsoft.Media/mediaservices/accountFilters/* | |
| Microsoft.Media/mediaservices/streamingPolicies/* | |
| Microsoft.Media/mediaservices/contentKeyPolicies/* | |
| Microsoft.Media/mediaservices/transformasi/* | |
| Bukan Tindakan | |
| Microsoft.Media/layanan media/contentKeyPolicies/getPolicyPropertiesWithSecrets/action | Dapatkan Properti Policy Dengan Rahasia |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Create, read, modify, and delete Account Filters, Streaming Policies, Content Key Policies, and Transforms; read-only access to other Media Services resources. Cannot create Jobs, Assets or Streaming resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c4bba371-dacd-4a26-b320-7250bca963ae",
"name": "c4bba371-dacd-4a26-b320-7250bca963ae",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Media/mediaservices/*/read",
"Microsoft.Media/mediaservices/assets/listStreamingLocators/action",
"Microsoft.Media/mediaservices/streamingLocators/listPaths/action",
"Microsoft.Media/mediaservices/accountFilters/*",
"Microsoft.Media/mediaservices/streamingPolicies/*",
"Microsoft.Media/mediaservices/contentKeyPolicies/*",
"Microsoft.Media/mediaservices/transforms/*"
],
"notActions": [
"Microsoft.Media/mediaservices/contentKeyPolicies/getPolicyPropertiesWithSecrets/action"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Media Services Policy Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Endpoint Streaming Media Services
Membuat, membaca, mengubah, dan menghapus akun Titik Akhir Streaming; akses baca-saja ke sumber daya Media Services lainnya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/metrik/baca | Membaca metrik |
| Microsoft.Insights/metricDefinitions/baca | Baca definisi metrik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Media/mediaservices/*/baca | |
| Microsoft.Media/mediaservices/aset/listStreamingLocators/tindakan | Pencari Informasi Streaming Daftar untuk Aset |
| Microsoft.Media/mediaservices/streamingLocators/listPaths/tindakan | Jalur Daftar |
| Microsoft.Media/layanan media/streamingEndpoints/* | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Create, read, modify, and delete Streaming Endpoints; read-only access to other Media Services resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/99dba123-b5fe-44d5-874c-ced7199a5804",
"name": "99dba123-b5fe-44d5-874c-ced7199a5804",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Media/mediaservices/*/read",
"Microsoft.Media/mediaservices/assets/listStreamingLocators/action",
"Microsoft.Media/mediaservices/streamingLocators/listPaths/action",
"Microsoft.Media/mediaservices/streamingEndpoints/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Media Services Streaming Endpoints Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Data Indeks Pencarian
Memberikan akses penuh ke data indeks Azure Cognitive Search.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Search/searchServices/indexes/documents/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to Azure Cognitive Search index data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7",
"name": "8ebe5a00-799e-43f5-93ac-243d3dce84a7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Search/searchServices/indexes/documents/*"
],
"notDataActions": []
}
],
"roleName": "Search Index Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data Indeks Pencarian
Memberikan akses membaca ke data indeks Azure Cognitive Search.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Search/searchServices/indexes/documents/read | Membaca dokumen ataupun istilah kueri yang disarankan dari indeks. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Grants read access to Azure Cognitive Search index data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f",
"name": "1407120a-92aa-4202-b7e9-c0e197c71c8f",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Search/searchServices/indexes/documents/read"
],
"notDataActions": []
}
],
"roleName": "Search Index Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Layanan Pencarian
Memungkinkan Anda mengelola Layanan pencarian, tetapi tidak dapat mengaksesnya. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Search/searchServices/* | Membuat dan mengelola layanan pencarian |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Search services, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Search/searchServices/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Search Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca SignalR AccessKey
Membaca Kunci Akses Layanan SignalR
| Tindakan | Deskripsi |
|---|---|
| Microsoft.SignalRService/*/baca | |
| Microsoft.SignalRService/SignalR/listkeys/tindakan | Lihat nilai kunci akses SignalR di portal manajemen atau melalui API |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read SignalR Service Access Keys",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e",
"name": "04165923-9d83-45d5-8227-78b77b0a687e",
"permissions": [
{
"actions": [
"Microsoft.SignalRService/*/read",
"Microsoft.SignalRService/SignalR/listkeys/action",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SignalR AccessKey Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Server Aplikasi SignalR
Memungkinkan server aplikasi Anda mengakses SignalR Service dengan opsi autentikasi AAD.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.SignalRService/SignalR/auth/accessKey/tindakan | Buat AccessKey untuk menandatangani AccessTokens, kunci akan kedaluwarsa dalam 90 menit secara default. |
| Microsoft.SignalRService/SignalR/serverConnection/tulis | Memulai koneksi server. |
| Microsoft.SignalRService/SignalR/clientConnection/tulis | Tutup sambungan klien. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets your app server access SignalR Service with AAD auth options.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/420fcaa2-552c-430f-98ca-3264be4806c7",
"name": "420fcaa2-552c-430f-98ca-3264be4806c7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.SignalRService/SignalR/auth/accessKey/action",
"Microsoft.SignalRService/SignalR/serverConnection/write",
"Microsoft.SignalRService/SignalR/clientConnection/write"
],
"notDataActions": []
}
],
"roleName": "SignalR App Server",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik REST API SignalR
Akses penuh ke REST API Azure SignalR Service
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.SignalRService/SignalR/auth/clientToken/tindakan | Hasilkan AccessToken untuk klien yang terhubung ke ASRS, token akan kedaluwarsa dalam 5 menit secara default. |
| Microsoft.SignalRService/SignalR/listkeys/tindakan | Menyiarkan pesan ke semua koneksi klien di hub. |
| Microsoft.SignalRService/SignalR/listkeys/tindakan | Menyiarkan pesan ke grup. |
| Microsoft.SignalRService/SignalR/grup/baca | Periksa keberadaan grup atau keberadaan pengguna dalam grup. |
| Microsoft.SignalRService/SignalR/group/tulis | Bergabung / Tinggalkan grup. |
| Microsoft.SignalRService/SignalR/clientConnection/kirim/tindakan | Mengirim pesan langsung ke koneksi klien. |
| Microsoft.SignalRService/SignalR/clientConnection/baca | Periksa keberadaan koneksi klien. |
| Microsoft.SignalRService/SignalR/clientConnection/tulis | Tutup sambungan klien. |
| Microsoft.SignalRService/SignalR/pengguna/kirim/tindakan | Kirim pesan ke pengguna, yang mungkin terdiri dari beberapa koneksi klien. |
| Microsoft.SignalRService/SignalR/pengguna/baca | Periksa keberadaan pengguna. |
| Microsoft.SignalRService/SignalR/pengguna/tulis | Mengubah pengguna. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Full access to Azure SignalR Service REST APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fd53cd77-2268-407a-8f46-7e7863d0f521",
"name": "fd53cd77-2268-407a-8f46-7e7863d0f521",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.SignalRService/SignalR/auth/clientToken/action",
"Microsoft.SignalRService/SignalR/hub/send/action",
"Microsoft.SignalRService/SignalR/group/send/action",
"Microsoft.SignalRService/SignalR/group/read",
"Microsoft.SignalRService/SignalR/group/write",
"Microsoft.SignalRService/SignalR/clientConnection/send/action",
"Microsoft.SignalRService/SignalR/clientConnection/read",
"Microsoft.SignalRService/SignalR/clientConnection/write",
"Microsoft.SignalRService/SignalR/user/send/action",
"Microsoft.SignalRService/SignalR/user/read",
"Microsoft.SignalRService/SignalR/user/write"
],
"notDataActions": []
}
],
"roleName": "SignalR REST API Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca REST API SignalR
Akses baca saja ke REST API Azure SignalR Service
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.SignalRService/SignalR/grup/baca | Periksa keberadaan grup atau keberadaan pengguna dalam grup. |
| Microsoft.SignalRService/SignalR/clientConnection/baca | Periksa keberadaan koneksi klien. |
| Microsoft.SignalRService/SignalR/pengguna/baca | Periksa keberadaan pengguna. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read-only access to Azure SignalR Service REST APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ddde6b66-c0df-4114-a159-3618637b3035",
"name": "ddde6b66-c0df-4114-a159-3618637b3035",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.SignalRService/SignalR/group/read",
"Microsoft.SignalRService/SignalR/clientConnection/read",
"Microsoft.SignalRService/SignalR/user/read"
],
"notDataActions": []
}
],
"roleName": "SignalR REST API Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik SignalR Service
Akses penuh ke REST API Azure SignalR Service
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.SignalRService/SignalR/auth/accessKey/tindakan | Buat AccessKey untuk menandatangani AccessTokens, kunci akan kedaluwarsa dalam 90 menit secara default. |
| Microsoft.SignalRService/SignalR/auth/clientToken/tindakan | Hasilkan AccessToken untuk klien yang terhubung ke ASRS, token akan kedaluwarsa dalam 5 menit secara default. |
| Microsoft.SignalRService/SignalR/listkeys/tindakan | Menyiarkan pesan ke semua koneksi klien di hub. |
| Microsoft.SignalRService/SignalR/listkeys/tindakan | Menyiarkan pesan ke grup. |
| Microsoft.SignalRService/SignalR/grup/baca | Periksa keberadaan grup atau keberadaan pengguna dalam grup. |
| Microsoft.SignalRService/SignalR/group/tulis | Bergabung / Tinggalkan grup. |
| Microsoft.SignalRService/SignalR/clientConnection/kirim/tindakan | Mengirim pesan langsung ke koneksi klien. |
| Microsoft.SignalRService/SignalR/clientConnection/baca | Periksa keberadaan koneksi klien. |
| Microsoft.SignalRService/SignalR/clientConnection/tulis | Tutup sambungan klien. |
| Microsoft.SignalRService/SignalR/serverConnection/tulis | Memulai koneksi server. |
| Microsoft.SignalRService/SignalR/pengguna/kirim/tindakan | Kirim pesan ke pengguna, yang mungkin terdiri dari beberapa koneksi klien. |
| Microsoft.SignalRService/SignalR/pengguna/baca | Periksa keberadaan pengguna. |
| Microsoft.SignalRService/SignalR/pengguna/tulis | Mengubah pengguna. |
| Microsoft.SignalRService/SignalR/livetrace/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Full access to Azure SignalR Service REST APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
"name": "7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.SignalRService/SignalR/auth/accessKey/action",
"Microsoft.SignalRService/SignalR/auth/clientToken/action",
"Microsoft.SignalRService/SignalR/hub/send/action",
"Microsoft.SignalRService/SignalR/group/send/action",
"Microsoft.SignalRService/SignalR/group/read",
"Microsoft.SignalRService/SignalR/group/write",
"Microsoft.SignalRService/SignalR/clientConnection/send/action",
"Microsoft.SignalRService/SignalR/clientConnection/read",
"Microsoft.SignalRService/SignalR/clientConnection/write",
"Microsoft.SignalRService/SignalR/serverConnection/write",
"Microsoft.SignalRService/SignalR/user/send/action",
"Microsoft.SignalRService/SignalR/user/read",
"Microsoft.SignalRService/SignalR/user/write",
"Microsoft.SignalRService/SignalR/livetrace/*"
],
"notDataActions": []
}
],
"roleName": "SignalR Service Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor SignalR/Web PubSub
Membuat, Membaca, Memperbarui, dan Menghapus sumber daya layanan SignalR
| Tindakan | Deskripsi |
|---|---|
| Microsoft.SignalRService/* | |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Create, Read, Update, and Delete SignalR service resources",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
"name": "8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
"permissions": [
{
"actions": [
"Microsoft.SignalRService/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SignalR/Web PubSub Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Rencana Web
Mengelola paket web untuk situs web. Peran ini tidak memungkinkan Anda menetapkan peran di RBAC Azure.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Web/serverFarms/* | Membuat dan mengelola peternakan server |
| Microsoft.Web/hostingEnvironments/Gabung/Tindakan | Menggunakan Lingkungan App Service |
| Microsoft.Insights/autoscalesettings/* | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage the web plans for websites, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
"name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/serverFarms/*",
"Microsoft.Web/hostingEnvironments/Join/Action",
"Microsoft.Insights/autoscalesettings/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Web Plan Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Situs Web
Mengelola situs web, tetapi bukan paket web. Peran ini tidak memungkinkan Anda menetapkan peran di RBAC Azure.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/komponen/* | Membuat dan mengelola komponen Insight |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Web/sertifikat/* | Membuat dan mengelola sertifikat situs web |
| Microsoft.Web/listSitesAssignedToHostName/baca | Dapatkan nama situs yang ditetapkan ke nama host. |
| Microsoft.Web/serverFarms/gabung/tindakan | Bergabung dengan App Service Plan |
| Microsoft.Web/serverFarms/baca | Dapatkan properti di Paket App Service |
| Microsoft.Web/situs/* | Membuat dan mengelola situs web (pembuatan situs juga memerlukan izin tulis ke Paket App Service terkait) |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage websites (not web plans), but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
"name": "de139f84-1756-47ae-9be6-808fbbe84772",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/components/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/certificates/*",
"Microsoft.Web/listSitesAssignedToHostName/read",
"Microsoft.Web/serverFarms/join/action",
"Microsoft.Web/serverFarms/read",
"Microsoft.Web/sites/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Website Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontainer
AcrDelete
Hapus repositori, tag, atau manifes dari registri kontainer. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ContainerRegistry/registries/artefak/hapus | Hapus artefak dalam registri kontainer. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "acr delete",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
"name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/artifacts/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrDelete",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrImageSigner
Dorong gambar tepercaya ke atau tarik gambar tepercaya dari registri kontainer yang diaktifkan untuk kepercayaan konten. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ContainerRegistry/daftar/masuk/tulis | Tekan/Tarik metadata kepercayaan konten untuk registri kontainer. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.ContainerRegistry/registries/trustedCollections/write | Memungkinkan untuk mendorong atau menerbitkan koleksi tepercaya dari konten registri kontainer. Hal ini mirip dengan tindakan microsoft.ContainerRegistry/registries/sign/write namun ini adalah tindakan data |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "acr image signer",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
"name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/sign/write"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerRegistry/registries/trustedCollections/write"
],
"notDataActions": []
}
],
"roleName": "AcrImageSigner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrPull
Tarik artefak dari registri kontainer. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ContainerRegistry/daftar/tarik/baca | Tarik atau Dapatkan gambar dari registri kontainer. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "acr pull",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
"name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/pull/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrPull",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrPush
Dorong artefak ke atau tarik artefak dari registri kontainer. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ContainerRegistry/daftar/tarik/baca | Tarik atau Dapatkan gambar dari registri kontainer. |
| Microsoft.ContainerRegistry/registries/push/write | Mendorong atau Menulis gambar ke registri kontainer. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "acr push",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
"name": "8311e382-0749-4cb8-b61a-304f252e45ec",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/pull/read",
"Microsoft.ContainerRegistry/registries/push/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrPush",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrQuarantineReader
Tarik gambar yang dikarantina dari registri kontainer. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ContainerRegistry/daftar/karantina/baca | Tarik atau Dapatkan gambar yang dikarantina dari registri kontainer |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.ContainerRegistry/registries/quarantinedArtifacts/read | Memungkinkan untuk menarik ataupun mendapatkan artefak yang dikarantina dari registri kontainer. Hal ini mirip dengan Microsoft.ContainerRegistry/registries/quarantine/read namun itu adalah tindakan data |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "acr quarantine data reader",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
"name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/quarantine/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerRegistry/registries/quarantinedArtifacts/read"
],
"notDataActions": []
}
],
"roleName": "AcrQuarantineReader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrQuarantineWriter
Dorong gambar yang dikarantina ke atau tarik gambar yang dikarantina dari registri kontainer. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ContainerRegistry/daftar/karantina/baca | Tarik atau Dapatkan gambar yang dikarantina dari registri kontainer |
| Microsoft.ContainerRegistry/daftar/karantina/tulis | Menulis/Memodifikasi status karantina gambar yang dikarantina |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.ContainerRegistry/registries/quarantinedArtifacts/read | Memungkinkan untuk menarik ataupun mendapatkan artefak yang dikarantina dari registri kontainer. Hal ini mirip dengan Microsoft.ContainerRegistry/registries/quarantine/read namun itu adalah tindakan data |
| Microsoft.ContainerRegistry/registries/quarantinedArtifacts/write | Memungkinkan untuk menulis atau memperbarui status karantina artefak yang dikarantina. Hal ini mirip dengan Microsoft.ContainerRegistry/registries/quarantine/write action namun itu adalah tindakan data |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "acr quarantine data writer",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
"name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/quarantine/read",
"Microsoft.ContainerRegistry/registries/quarantine/write"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerRegistry/registries/quarantinedArtifacts/read",
"Microsoft.ContainerRegistry/registries/quarantinedArtifacts/write"
],
"notDataActions": []
}
],
"roleName": "AcrQuarantineWriter",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Admin Azure Kubernetes Fleet Manager RBAC
Peran ini memberikan akses admin - menyediakan izin tulis pada sebagian besar objek dalam namespace layanan, dengan pengecualian objek ResourceQuota dan objek namespace itu sendiri. Menerapkan peran ini pada lingkup kluster akan memberikan akses ke semua namespace.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ContainerService/fleets/read | Dapatkan armada |
| Microsoft.ContainerService/fleets/listCredentials/action | Mencantumkan info masuk armada |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.ContainerService/fleets/apps/controllerrevisions/read | Membaca controllerrevisions |
| Microsoft.ContainerService/fleets/apps/daemonsets/* | |
| Microsoft.ContainerService/fleets/apps/deployments/* | |
| Microsoft.ContainerService/fleets/apps/statefulsets/* | |
| Microsoft.ContainerService/fleets/authorization.k8s.io/localsubjectaccessreviews/write | Menulis localsubjectaccessreviews |
| Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/* | |
| Microsoft.ContainerService/fleets/batch/cronjobs/* | |
| Microsoft.ContainerService/fleets/batch/jobs/* | |
| Microsoft.ContainerService/fleets/configmaps/* | |
| Microsoft.ContainerService/fleets/endpoints/* | |
| Microsoft.ContainerService/fleets/events.k8s.io/events/read | Membaca kejadian |
| Microsoft.ContainerService/fleets/events/read | Membaca kejadian |
| Microsoft.ContainerService/fleets/extensions/daemonsets/* | |
| Microsoft.ContainerService/fleets/extensions/deployments/* | |
| Microsoft.ContainerService/fleets/extensions/ingresses/* | |
| Microsoft.ContainerService/fleets/extensions/networkpolicies/* | |
| Microsoft.ContainerService/fleets/limitranges/read | Membaca limitranges |
| Microsoft.ContainerService/fleets/namespaces/read | Membaca namespace |
| Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/* | |
| Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/* | |
| Microsoft.ContainerService/fleets/persistentvolumeclaims/* | |
| Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/* | |
| Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/rolebindings/* | |
| Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/roles/* | |
| Microsoft.ContainerService/fleets/replicationcontrollers/* | |
| Microsoft.ContainerService/fleets/replicationcontrollers/* | |
| Microsoft.ContainerService/fleets/resourcequotas/read | Membaca resourcequotas |
| Microsoft.ContainerService/fleets/secrets/* | |
| Microsoft.ContainerService/fleets/serviceaccounts/* | |
| Microsoft.ContainerService/fleets/services/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "This role grants admin access - provides write permissions on most objects within a a namespace, with the exception of ResourceQuota object and the namespace object itself. Applying this role at cluster scope will give access across all namespaces.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/434fb43a-c01c-447e-9f67-c3ad923cfaba",
"name": "434fb43a-c01c-447e-9f67-c3ad923cfaba",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ContainerService/fleets/read",
"Microsoft.ContainerService/fleets/listCredentials/action"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/fleets/apps/controllerrevisions/read",
"Microsoft.ContainerService/fleets/apps/daemonsets/*",
"Microsoft.ContainerService/fleets/apps/deployments/*",
"Microsoft.ContainerService/fleets/apps/statefulsets/*",
"Microsoft.ContainerService/fleets/authorization.k8s.io/localsubjectaccessreviews/write",
"Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/*",
"Microsoft.ContainerService/fleets/batch/cronjobs/*",
"Microsoft.ContainerService/fleets/batch/jobs/*",
"Microsoft.ContainerService/fleets/configmaps/*",
"Microsoft.ContainerService/fleets/endpoints/*",
"Microsoft.ContainerService/fleets/events.k8s.io/events/read",
"Microsoft.ContainerService/fleets/events/read",
"Microsoft.ContainerService/fleets/extensions/daemonsets/*",
"Microsoft.ContainerService/fleets/extensions/deployments/*",
"Microsoft.ContainerService/fleets/extensions/ingresses/*",
"Microsoft.ContainerService/fleets/extensions/networkpolicies/*",
"Microsoft.ContainerService/fleets/limitranges/read",
"Microsoft.ContainerService/fleets/namespaces/read",
"Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/*",
"Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/*",
"Microsoft.ContainerService/fleets/persistentvolumeclaims/*",
"Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/*",
"Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/rolebindings/*",
"Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/roles/*",
"Microsoft.ContainerService/fleets/replicationcontrollers/*",
"Microsoft.ContainerService/fleets/replicationcontrollers/*",
"Microsoft.ContainerService/fleets/resourcequotas/read",
"Microsoft.ContainerService/fleets/secrets/*",
"Microsoft.ContainerService/fleets/serviceaccounts/*",
"Microsoft.ContainerService/fleets/services/*"
],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Fleet Manager RBAC Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Admin Kluster RBAC Azure Kubernetes Fleet Manager
Memungkinkan Anda mengelola semua sumber daya di kluster manajer armada.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ContainerService/fleets/read | Dapatkan armada |
| Microsoft.ContainerService/fleets/listCredentials/action | Mencantumkan kredensial armada |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.ContainerService/fleets/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage all resources in the fleet manager cluster.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18ab4d3d-a1bf-4477-8ad9-8359bc988f69",
"name": "18ab4d3d-a1bf-4477-8ad9-8359bc988f69",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ContainerService/fleets/read",
"Microsoft.ContainerService/fleets/listCredentials/action"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/fleets/*"
],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Fleet Manager RBAC Cluster Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca RBAC Manajer Armada Azure Kubernetes
Izinkan akses read-only untuk melihat sebagian besar objek di namespace layanan. Hal ini tidak mengizinkan untuk menampilkan peran atau pengikatan peran. Peran ini tidak memungkinkan penayangan, karena membaca konten Rahasia memungkinkan akses ke kredensial ServiceAccount di namespace, yang akan memungkinkan akses API sebagai ServiceAccount apa pun di namespace (bentuk eskalasi hak istimewa). Menerapkan peran ini pada lingkup kluster akan memberikan akses ke semua namespace.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ContainerService/fleets/read | Dapatkan armada |
| Microsoft.ContainerService/fleets/listCredentials/action | Mencantumkan kredensial armada |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.ContainerService/fleets/apps/controllerrevisions/read | Membaca controllerrevisions |
| Microsoft.ContainerService/fleets/apps/daemonsets/read | Membaca daemonsets |
| Microsoft.ContainerService/fleets/apps/deployments/read | Membaca penyebaran |
| Microsoft.ContainerService/fleets/apps/statefulsets/read | Membaca statefulsets |
| Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/read | Membaca horizontalpodautoscalers |
| Microsoft.ContainerService/fleets/batch/cronjobs/read | Membaca cronjobs |
| Microsoft.ContainerService/fleets/batch/jobs/read | Membaca pekerjaan |
| Microsoft.ContainerService/fleets/configmaps/read | Membaca configmaps |
| Microsoft.ContainerService/fleets/endpoints/read | Membaca titik akhir |
| Microsoft.ContainerService/fleets/events.k8s.io/events/read | Membaca kejadian |
| Microsoft.ContainerService/fleets/events/read | Membaca kejadian |
| Microsoft.ContainerService/fleets/extensions/daemonsets/read | Membaca daemonsets |
| Microsoft.ContainerService/fleets/extensions/deployments/read | Membaca penyebaran |
| Microsoft.ContainerService/fleets/extensions/ingresses/read | Membaca ingress |
| Microsoft.ContainerService/fleets/extensions/networkpolicies/read | Membaca networkpolicies |
| Microsoft.ContainerService/fleets/limitranges/read | Membaca limitranges |
| Microsoft.ContainerService/fleets/namespaces/read | Membaca namespace |
| Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/read | Membaca ingress |
| Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/read | Membaca networkpolicies |
| Microsoft.ContainerService/fleets/persistentvolumeclaims/read | Membaca persistentvolumeclaims |
| Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/read | Membaca poddisruptionbudgets |
| Microsoft.ContainerService/fleets/replicationcontrollers/read | Membaca replicationcontrollers |
| Microsoft.ContainerService/fleets/replicationcontrollers/read | Membaca replicationcontrollers |
| Microsoft.ContainerService/fleets/resourcequotas/read | Membaca resourcequotas |
| Microsoft.ContainerService/fleets/serviceaccounts/read | Membaca serviceaccounts |
| Microsoft.ContainerService/fleets/services/read | Layanan baca |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/30b27cfc-9c84-438e-b0ce-70e35255df80",
"name": "30b27cfc-9c84-438e-b0ce-70e35255df80",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ContainerService/fleets/read",
"Microsoft.ContainerService/fleets/listCredentials/action"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/fleets/apps/controllerrevisions/read",
"Microsoft.ContainerService/fleets/apps/daemonsets/read",
"Microsoft.ContainerService/fleets/apps/deployments/read",
"Microsoft.ContainerService/fleets/apps/statefulsets/read",
"Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/read",
"Microsoft.ContainerService/fleets/batch/cronjobs/read",
"Microsoft.ContainerService/fleets/batch/jobs/read",
"Microsoft.ContainerService/fleets/configmaps/read",
"Microsoft.ContainerService/fleets/endpoints/read",
"Microsoft.ContainerService/fleets/events.k8s.io/events/read",
"Microsoft.ContainerService/fleets/events/read",
"Microsoft.ContainerService/fleets/extensions/daemonsets/read",
"Microsoft.ContainerService/fleets/extensions/deployments/read",
"Microsoft.ContainerService/fleets/extensions/ingresses/read",
"Microsoft.ContainerService/fleets/extensions/networkpolicies/read",
"Microsoft.ContainerService/fleets/limitranges/read",
"Microsoft.ContainerService/fleets/namespaces/read",
"Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/read",
"Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/read",
"Microsoft.ContainerService/fleets/persistentvolumeclaims/read",
"Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/read",
"Microsoft.ContainerService/fleets/replicationcontrollers/read",
"Microsoft.ContainerService/fleets/replicationcontrollers/read",
"Microsoft.ContainerService/fleets/resourcequotas/read",
"Microsoft.ContainerService/fleets/serviceaccounts/read",
"Microsoft.ContainerService/fleets/services/read"
],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Fleet Manager RBAC Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penulis RBAC Manajer Armada Azure Kubernetes
Mengizinkan akses read/write ke sebagian besar objek dalam sebuah namespace layanan. Peran ini tidak memungkinkan melihat atau memodifikasi peran atau pengikatan peran. Namun, peran ini memungkinkan mengakses Rahasia sebagai ServiceAccount apa pun di namespace layanan, sehingga dapat digunakan untuk mendapatkan tingkat akses API dari ServiceAccount apa pun di namespace layanan. Menerapkan peran ini pada lingkup kluster akan memberikan akses ke semua namespace.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ContainerService/fleets/read | Dapatkan armada |
| Microsoft.ContainerService/fleets/listCredentials/action | Mencantumkan info masuk armada |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.ContainerService/fleets/apps/controllerrevisions/read | Membaca controllerrevisions |
| Microsoft.ContainerService/fleets/apps/daemonsets/* | |
| Microsoft.ContainerService/fleets/apps/deployments/* | |
| Microsoft.ContainerService/fleets/apps/statefulsets/* | |
| Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/* | |
| Microsoft.ContainerService/fleets/batch/cronjobs/* | |
| Microsoft.ContainerService/fleets/batch/jobs/* | |
| Microsoft.ContainerService/fleets/configmaps/* | |
| Microsoft.ContainerService/fleets/endpoints/* | |
| Microsoft.ContainerService/fleets/events.k8s.io/events/read | Membaca kejadian |
| Microsoft.ContainerService/fleets/events/read | Membaca kejadian |
| Microsoft.ContainerService/fleets/extensions/daemonsets/* | |
| Microsoft.ContainerService/fleets/extensions/deployments/* | |
| Microsoft.ContainerService/fleets/extensions/ingresses/* | |
| Microsoft.ContainerService/fleets/extensions/networkpolicies/* | |
| Microsoft.ContainerService/fleets/limitranges/read | Membaca limitranges |
| Microsoft.ContainerService/fleets/namespaces/read | Membaca namespace |
| Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/* | |
| Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/* | |
| Microsoft.ContainerService/fleets/persistentvolumeclaims/* | |
| Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/* | |
| Microsoft.ContainerService/fleets/replicationcontrollers/* | |
| Microsoft.ContainerService/fleets/replicationcontrollers/* | |
| Microsoft.ContainerService/fleets/resourcequotas/read | Membaca resourcequotas |
| Microsoft.ContainerService/fleets/secrets/* | |
| Microsoft.ContainerService/fleets/serviceaccounts/* | |
| Microsoft.ContainerService/fleets/services/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5af6afb3-c06c-4fa4-8848-71a8aee05683",
"name": "5af6afb3-c06c-4fa4-8848-71a8aee05683",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ContainerService/fleets/read",
"Microsoft.ContainerService/fleets/listCredentials/action"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/fleets/apps/controllerrevisions/read",
"Microsoft.ContainerService/fleets/apps/daemonsets/*",
"Microsoft.ContainerService/fleets/apps/deployments/*",
"Microsoft.ContainerService/fleets/apps/statefulsets/*",
"Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/*",
"Microsoft.ContainerService/fleets/batch/cronjobs/*",
"Microsoft.ContainerService/fleets/batch/jobs/*",
"Microsoft.ContainerService/fleets/configmaps/*",
"Microsoft.ContainerService/fleets/endpoints/*",
"Microsoft.ContainerService/fleets/events.k8s.io/events/read",
"Microsoft.ContainerService/fleets/events/read",
"Microsoft.ContainerService/fleets/extensions/daemonsets/*",
"Microsoft.ContainerService/fleets/extensions/deployments/*",
"Microsoft.ContainerService/fleets/extensions/ingresses/*",
"Microsoft.ContainerService/fleets/extensions/networkpolicies/*",
"Microsoft.ContainerService/fleets/limitranges/read",
"Microsoft.ContainerService/fleets/namespaces/read",
"Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/*",
"Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/*",
"Microsoft.ContainerService/fleets/persistentvolumeclaims/*",
"Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/*",
"Microsoft.ContainerService/fleets/replicationcontrollers/*",
"Microsoft.ContainerService/fleets/replicationcontrollers/*",
"Microsoft.ContainerService/fleets/resourcequotas/read",
"Microsoft.ContainerService/fleets/secrets/*",
"Microsoft.ContainerService/fleets/serviceaccounts/*",
"Microsoft.ContainerService/fleets/services/*"
],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Fleet Manager RBAC Writer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Admin kluster Azure Kubernetes Service
Tindakan buat daftar kredensial admin kluster. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ContainerService/managedClusters/listClusterAdminCredential/tindakan | Mencantumkan klusterMenambahkan kredensial kluster terkelola |
| Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/tindakan | Dapatkan profil akses klaster terkelola berdasarkan nama peran menggunakan kredensial daftar |
| Microsoft.ContainerService/managedClusters/baca | Membuat kluster terkelola |
| Microsoft.ContainerService/managedClusters/runcommand/action | Jalankan perintah yang dikeluarkan pengguna terhadap server kubernetes terkelola. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "List cluster admin credential action.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
"name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
"Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action",
"Microsoft.ContainerService/managedClusters/read",
"Microsoft.ContainerService/managedClusters/runcommand/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service Cluster Admin Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Pengguna kluster Azure Kubernetes Service
Tindakan buat daftar kredensial pengguna kluster. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ContainerService/managedClusters/listClusterAdminCredential/tindakan | Mencantumkan klusterMenambahkan kredensial kluster terkelola |
| Microsoft.ContainerService/managedClusters/baca | Membuat kluster terkelola |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "List cluster user credential action.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
"name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/listClusterUserCredential/action",
"Microsoft.ContainerService/managedClusters/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service Cluster User Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Kontributor Azure Kubernetes Service
Memberikan akses untuk membaca dan menulis klaster Azure Kubernetes Service Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ContainerService/managedClusters/baca | Membuat kluster terkelola |
| Microsoft.ContainerService/managedClusters/tulis | Membuat kluster terkelola baru atau memperbarui klaster yang sudah ada |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read and write Azure Kubernetes Service clusters",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
"name": "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/read",
"Microsoft.ContainerService/managedClusters/write",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service Contributor Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Admin RBAC Azure Kubernetes Service
Memungkinkan Anda mengelola semua sumber daya dalam kluster/namespace layanan, kecuali memperbarui atau menghapus kuota dan namespace. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ContainerService/managedClusters/listClusterAdminCredential/tindakan | Mencantumkan klusterMenambahkan kredensial kluster terkelola |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.ContainerService/managedClusters/* | |
| NotDataActions | |
| Microsoft.ContainerService/managedClusters/resourcequotas/tulis | Menulis resourcequotas |
| Microsoft.ContainerService/managedClusters/resourcequotas/hapus | Menghapus resourcequotas |
| Microsoft.ContainerService/managedClusters/namespaces/tulis | Menulis namespaces |
| Microsoft.ContainerService/managedClusters/namespaces/hapus | Menghapus namespaces |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7",
"name": "3498e952-d568-435e-9b2c-8d77e338d7f7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/managedClusters/*"
],
"notDataActions": [
"Microsoft.ContainerService/managedClusters/resourcequotas/write",
"Microsoft.ContainerService/managedClusters/resourcequotas/delete",
"Microsoft.ContainerService/managedClusters/namespaces/write",
"Microsoft.ContainerService/managedClusters/namespaces/delete"
]
}
],
"roleName": "Azure Kubernetes Service RBAC Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Admin Klaster RBAC Azure Kubernetes Service
Memungkinkan Anda mengelola semua sumber daya dalam kluster. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.ContainerService/managedClusters/listClusterAdminCredential/tindakan | Mencantumkan klusterMenambahkan kredensial kluster terkelola |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.ContainerService/managedClusters/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage all resources in the cluster.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
"name": "b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/managedClusters/*"
],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service RBAC Cluster Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca RBAC Azure Kubernetes Service
Izinkan akses read-only untuk melihat sebagian besar objek di namespace layanan. Hal ini tidak mengizinkan untuk menampilkan peran atau pengikatan peran. Peran ini tidak memungkinkan penayangan, karena membaca konten Rahasia memungkinkan akses ke kredensial ServiceAccount di namespace, yang akan memungkinkan akses API sebagai ServiceAccount apa pun di namespace (bentuk eskalasi hak istimewa). Menerapkan peran ini pada lingkup kluster akan memberikan akses ke semua namespace. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.ContainerService/managedClusters/aplikasi/controllerrevisions/baca | Membaca controllerrevisions |
| Microsoft.ContainerService/managedClusters/apps/daemonsets/baca | Membaca daemonset |
| Microsoft.ContainerService/managedClusters/apps/daemonsets/baca | Membaca penyebaran |
| Microsoft.ContainerService/managedClusters/apps/daemonsets/baca | Membaca replikasi |
| Microsoft.ContainerService/managedClusters/apps/daemonsets/baca | Membaca statefulset |
| Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/baca | Membaca horizontalpodautoscalers |
| Microsoft.ContainerService/managedClusters/batch/cronjobs/baca | Membaca cronjobs |
| Microsoft.ContainerService/managedClusters/batch/cronjobs/baca | Membaca tugas |
| Microsoft.ContainerService/managedClusters/configmaps/baca | Membaca peta konfigurasi |
| Microsoft.ContainerService/managedClusters/endpoints/baca | Membaca titik akhir |
| Microsoft.ContainerService/managedClusters/events.k8s.io/acara/baca | Membaca acara |
| Microsoft.ContainerService/managedClusters/endpoints/baca | Membaca acara |
| Microsoft.ContainerService/managedClusters/extensions/daemonsets/baca | Membaca daemonset |
| Microsoft.ContainerService/managedClusters/extensions/daemonsets/baca | Membaca penyebaran |
| Microsoft.ContainerService/managedClusters/extensions/ingresses/baca | Membaca ingresses |
| Microsoft.ContainerService/managedClusters/extensions/networkpolicies/baca | NetworkPolicies |
| Microsoft.ContainerService/managedClusters/extensions/replicasets/baca | Membaca replikasi |
| Microsoft.ContainerService/managedClusters/batasa/baca | Membaca batasan |
| Microsoft.ContainerService/managedClusters/namespaces/baca | Membaca namespaces |
| Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/baca | Membaca ingresses |
| Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/baca | NetworkPolicies |
| Microsoft.ContainerService/managedClusters/persistentvolumeclaims/baca | Membaca persistentvolumeclaims |
| Microsoft.ContainerService/managedClusters/baca | Membaca Pod |
| Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/baca | Membaca poddisruptionbudgets |
| Microsoft.ContainerService/managedClusters/replicationcontrollers/baca | Membaca replikasikontroler |
| Microsoft.ContainerService/managedClusters/replicationcontrollers/baca | Membaca replikasikontroler |
| Microsoft.ContainerService/managedClusters/resourcequotas/tulis | Membaca resourcequotas |
| Microsoft.ContainerService/managedClusters/serviceaccounts/baca | Membaca serviceaccounts |
| Microsoft.ContainerService/managedClusters/layanan/baca | Layanan baca |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db",
"name": "7f6c6a51-bcf8-42ba-9220-52d62157d7db",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
"Microsoft.ContainerService/managedClusters/apps/daemonsets/read",
"Microsoft.ContainerService/managedClusters/apps/deployments/read",
"Microsoft.ContainerService/managedClusters/apps/replicasets/read",
"Microsoft.ContainerService/managedClusters/apps/statefulsets/read",
"Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read",
"Microsoft.ContainerService/managedClusters/batch/cronjobs/read",
"Microsoft.ContainerService/managedClusters/batch/jobs/read",
"Microsoft.ContainerService/managedClusters/configmaps/read",
"Microsoft.ContainerService/managedClusters/endpoints/read",
"Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
"Microsoft.ContainerService/managedClusters/events/read",
"Microsoft.ContainerService/managedClusters/extensions/daemonsets/read",
"Microsoft.ContainerService/managedClusters/extensions/deployments/read",
"Microsoft.ContainerService/managedClusters/extensions/ingresses/read",
"Microsoft.ContainerService/managedClusters/extensions/networkpolicies/read",
"Microsoft.ContainerService/managedClusters/extensions/replicasets/read",
"Microsoft.ContainerService/managedClusters/limitranges/read",
"Microsoft.ContainerService/managedClusters/namespaces/read",
"Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read",
"Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read",
"Microsoft.ContainerService/managedClusters/persistentvolumeclaims/read",
"Microsoft.ContainerService/managedClusters/pods/read",
"Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read",
"Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
"Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
"Microsoft.ContainerService/managedClusters/resourcequotas/read",
"Microsoft.ContainerService/managedClusters/serviceaccounts/read",
"Microsoft.ContainerService/managedClusters/services/read"
],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service RBAC Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penulis RBAC Azure Kubernetes Service
Mengizinkan akses read/write ke sebagian besar objek dalam sebuah namespace layanan. Peran ini tidak memungkinkan melihat atau memodifikasi peran atau pengikatan peran. Namun, peran ini memungkinkan akses Rahasia dan menjalankan Pod sebagai ServiceAccount mana pun di namespace, sehingga dapat digunakan untuk mendapatkan level akses API dari ServiceAccount apa pun di namespace. Menerapkan peran ini pada lingkup kluster akan memberikan akses ke semua namespace. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.ContainerService/managedClusters/aplikasi/controllerrevisions/baca | Membaca controllerrevisions |
| Microsoft.ContainerService/managedClusters/apps/daemonsets/* | |
| Microsoft.ContainerService/managedClusters/aplikasi/penyebaran/* | |
| Microsoft.ContainerService/managedClusters/apps/replicasets/* | |
| Microsoft.ContainerService/managedClusters/apps/statefulsets/* | |
| Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/* | |
| Microsoft.ContainerService/managedClusters/batch/cronjobs/* | |
| Microsoft.ContainerService/managedClusters/batch/pekerjaan/* | |
| Microsoft.ContainerService/managedClusters/configmaps/* | |
| Microsoft.ContainerService/managedClusters/endpoints/* | |
| Microsoft.ContainerService/managedClusters/events.k8s.io/acara/baca | Membaca acara |
| Microsoft.ContainerService/managedClusters/endpoints/baca | Membaca acara |
| Microsoft.ContainerService/managedClusters/ekstensi/daemonsets/* | |
| Microsoft.ContainerService/managedClusters/ekstensi/penyebaran/* | |
| Microsoft.ContainerService/managedClusters/ekstensi/ingresses/* | |
| Microsoft.ContainerService/managedClusters/ekstensi/networkpolicies/* | |
| Microsoft.ContainerService/managedClusters/extensions/replicasets/* | |
| Microsoft.ContainerService/managedClusters/batasa/baca | Membaca batasan |
| Microsoft.ContainerService/managedClusters/namespaces/baca | Membaca namespaces |
| Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/* | |
| Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/* | |
| Microsoft.ContainerService/managedClusters/persistentvolumeclaims/* | |
| Microsoft.ContainerService/managedClusters/pods/* | |
| Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/* | |
| Microsoft.ContainerService/managedClusters/replicationcontrollers/* | |
| Microsoft.ContainerService/managedClusters/replicationcontrollers/* | |
| Microsoft.ContainerService/managedClusters/resourcequotas/tulis | Membaca resourcequotas |
| Microsoft.ContainerService/managedClusters/secrets/* | |
| Microsoft.ContainerService/managedClusters/serviceaccounts/* | |
| Microsoft.ContainerService/managedClusters/layanan/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
"name": "a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
"Microsoft.ContainerService/managedClusters/apps/daemonsets/*",
"Microsoft.ContainerService/managedClusters/apps/deployments/*",
"Microsoft.ContainerService/managedClusters/apps/replicasets/*",
"Microsoft.ContainerService/managedClusters/apps/statefulsets/*",
"Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*",
"Microsoft.ContainerService/managedClusters/batch/cronjobs/*",
"Microsoft.ContainerService/managedClusters/batch/jobs/*",
"Microsoft.ContainerService/managedClusters/configmaps/*",
"Microsoft.ContainerService/managedClusters/endpoints/*",
"Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
"Microsoft.ContainerService/managedClusters/events/read",
"Microsoft.ContainerService/managedClusters/extensions/daemonsets/*",
"Microsoft.ContainerService/managedClusters/extensions/deployments/*",
"Microsoft.ContainerService/managedClusters/extensions/ingresses/*",
"Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*",
"Microsoft.ContainerService/managedClusters/extensions/replicasets/*",
"Microsoft.ContainerService/managedClusters/limitranges/read",
"Microsoft.ContainerService/managedClusters/namespaces/read",
"Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*",
"Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*",
"Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*",
"Microsoft.ContainerService/managedClusters/pods/*",
"Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*",
"Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
"Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
"Microsoft.ContainerService/managedClusters/resourcequotas/read",
"Microsoft.ContainerService/managedClusters/secrets/*",
"Microsoft.ContainerService/managedClusters/serviceaccounts/*",
"Microsoft.ContainerService/managedClusters/services/*"
],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service RBAC Writer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Database
Onboarding SQL Server yang Terhubung ke Azure
Memungkinkan untuk membaca dan menulis akses ke sumber daya Azure untuk SQL Server pada server arc-enabled. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.AzureArcData/sqlServerInstances/read | Mengambil sumber daya Instans SQL Server |
| Microsoft.AzureArcData/sqlServerInstances/write | Memperbarui sumber daya Instans SQL Server |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Microsoft.AzureArcData service role to access the resources of Microsoft.AzureArcData stored with RPSAAS.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e8113dce-c529-4d33-91fa-e9b972617508",
"name": "e8113dce-c529-4d33-91fa-e9b972617508",
"permissions": [
{
"actions": [
"Microsoft.AzureArcData/sqlServerInstances/read",
"Microsoft.AzureArcData/sqlServerInstances/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected SQL Server Onboarding",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Cosmos DB Account Reader
Dapat membaca data Akun Azure Cosmos DB. Lihat Kontributor Akun DocumentDB untuk mengelola akun Azure Cosmos DB. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.DocumentDB/*/baca | Baca koleksi apa pun |
| Microsoft.DocumentDB/databaseAccounts/readonlykeys/tindakan | Membaca akun database dengan mudah. |
| Microsoft.Insights/MetricDefinitions/baca | Baca definisi metrik |
| Microsoft.Insights/Metrics/baca | Membaca metrik |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can read Azure Cosmos DB Accounts data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
"name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DocumentDB/*/read",
"Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
"Microsoft.Insights/MetricDefinitions/read",
"Microsoft.Insights/Metrics/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cosmos DB Account Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Cosmos DB
Memungkinkan Anda mengelola akun Azure Cosmos DB, tetapi tidak mengakses data di dalamnya. Mencegah akses ke kunci akun dan string koneksi. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DocumentDb/databaseAccounts/* | |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/tindakan | Bergabung dengan sumber daya seperti akun penyimpanan atau database SQL ke subnet. Tidak bisa diperingatkan. |
| Bukan Tindakan | |
| Microsoft.DocumentDB/databaseAccounts/readonlyKeys/* | |
| Microsoft.DocumentDB/databaseAccounts/regenerateKey/* | |
| Microsoft.DocumentDB/databaseAccounts/listKeys/* | |
| Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/* | |
| Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/tulis | Membuat atau memperbarui Definisi Peran SQL |
| Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/hapus | Menghapus Definisi Peran SQL |
| Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/tulis | Membuat atau memperbarui Penetapan Peran SQL |
| Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/hapus | Menghapus Penetapan Peran SQL |
| Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/write | Membuat atau memperbarui Definisi Peran Mongo |
| Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/delete | Menghapus Definisi Peran MongoDB |
| Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/write | Membuat atau memperbarui Definisi Pengguna MongoDB |
| Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/delete | Menghapus Definisi Pengguna MongoDB |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
"name": "230815da-be43-4aae-9cb4-875f7bd000aa",
"permissions": [
{
"actions": [
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
],
"notActions": [
"Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
"Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
"Microsoft.DocumentDB/databaseAccounts/listKeys/*",
"Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*",
"Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write",
"Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/delete",
"Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write",
"Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/delete",
"Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/write",
"Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/delete",
"Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/write",
"Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cosmos DB Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CosmosBackupOperator
Dapat mengirimkan permintaan pemulihan untuk database Cosmos DB atau kontainer untuk akun Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DocumentDB/databaseAccounts/backup/tindakan | Kirim permintaan untuk mengonfigurasi pencadangan |
| Microsoft.DocumentDB/databaseAccounts/backup/tindakan | Mengirimkan permintaan pemulihan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can submit restore request for a Cosmos DB database or a container for an account",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
"name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
"permissions": [
{
"actions": [
"Microsoft.DocumentDB/databaseAccounts/backup/action",
"Microsoft.DocumentDB/databaseAccounts/restore/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CosmosBackupOperator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CosmosRestoreOperator
Dapat melakukan tindakan pemulihan untuk akun database Cosmos DB dengan mode pencadangan kontinu
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DocumentDB/locations/restorableDatabaseAccounts/pemulihan/tindakan | Mengirimkan permintaan pemulihan |
| Microsoft.DocumentDB/lokasi/restorableDatabaseAccounts/pulihkan/tindakan | |
| Microsoft.DocumentDB/lokasi/restorableDatabaseAccounts/baca | Membaca akun database yang dapat dipulihkan atau Mencantumkan semua akun database yang dapat dipulihkan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can perform restore action for Cosmos DB database account with continuous backup mode",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5432c526-bc82-444a-b7ba-57c5b0b5b34f",
"name": "5432c526-bc82-444a-b7ba-57c5b0b5b34f",
"permissions": [
{
"actions": [
"Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action",
"Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/read",
"Microsoft.DocumentDB/locations/restorableDatabaseAccounts/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CosmosRestoreOperator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Akun DocumentDB
Dapat mengelola akun Azure Cosmos DB. Azure Cosmos DB sebelumnya dikenal sebagai DocumentDB. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.DocumentDb/databaseAccounts/* | Membuat dan mengelola akun Azure Cosmos DB |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/tindakan | Bergabung dengan sumber daya seperti akun penyimpanan atau database SQL ke subnet. Tidak bisa diperingatkan. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage DocumentDB accounts, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
"name": "5bd9cd88-fe45-4216-938b-f97437e15450",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DocumentDB Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Redis Cache
Memungkinkan Anda mengelola Redis cache, tetapi tidak dapat mengaksesnya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Cache/register/action | Mendaftarkan penyedia sumber daya 'Microsoft.Cache' dengan langganan |
| Microsoft.Cache/redis/* | Membuat dan mengelola singgahan Redis |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Redis caches, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
"name": "e0f68234-74aa-48ed-b826-c38b57376e17",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cache/register/action",
"Microsoft.Cache/redis/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Redis Cache Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor DB SQL
Memungkinkan Anda mengelola database SQL, tetapi tidak mengaksesnya. Selain itu, Anda tidak dapat mengelola kebijakan terkait keamanan atau server SQL induk mereka. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Sql/locations/*/baca | |
| Microsoft.Sql/servers/databases/* | Membuat dan mengelola database SQL |
| Microsoft.Sql/servers/baca | Kembalikan daftar server atau dapatkan properti untuk server yang ditentukan. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Insights/metrik/baca | Membaca metrik |
| Microsoft.Insights/metricDefinitions/baca | Baca definisi metrik |
| Bukan Tindakan | |
| Microsoft.Sql/servers/databases/ledgerDigestUploads/write | Mengaktifkan pengunggahan hash ledger |
| Microsoft.Sql/servers/databases/ledgerDigestUploads/disable/action | Menonaktifkan pengunggahan hash ledger |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
| Microsoft.SQL/servers/databases/auditingSettings/* | Mengedit pengaturan audit |
| Microsoft.SQL/servers/databases/auditRecords/baca | Mengambil catatan audit blob database |
| Microsoft.Sql/server/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/server/database/dataMaskingPolicies/* | Mengedit kebijakan masking data |
| Microsoft.SQL/servers/extendedAuditingSettings/* | |
| Microsoft.Sql/server/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/server/database/skema/tabel/kolom/sensitivitasLabels/* | |
| Microsoft.Sql/server/databases/securityAlertPolicies/* | Mengedit kebijakan pemberitahuan keamanan |
| Microsoft.Sql/server/database/securityMetrics/* | Mengedit metrik keamanan |
| Microsoft.Sql/server/database/sensitivitasLabels/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/server/database/vulnerabilityAssessmentScans/* | |
| Microsoft.Sql/server/database/vulnerabilityAssessmentSettings/* | |
| Microsoft.Sql/server/vulnerabilityAssessments/* | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
"name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/servers/databases/*",
"Microsoft.Sql/servers/read",
"Microsoft.Support/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [
"Microsoft.Sql/servers/databases/ledgerDigestUploads/write",
"Microsoft.Sql/servers/databases/ledgerDigestUploads/disable/action",
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL DB Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor SQL Managed Instance
Memungkinkan Anda mengelola SQL Managed Instances dan konfigurasi jaringan yang diperlukan, tetapi tidak dapat memberikan akses kepada orang lain.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Network/networkSecurityGroups/* | |
| Microsoft.Network/routeTables/* | |
| Microsoft.Sql/lokasi/*/baca | |
| Microsoft.Sql/lokasi/instanceFailoverGroups/* | |
| Microsoft.Sql/managedInstances/* | |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Network/virtualNetworks/subnets/* | |
| Microsoft.Network/virtualNetworks/* | |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/metrik/baca | Membaca metrik |
| Microsoft.Insights/metricDefinitions/baca | Baca definisi metrik |
| Bukan Tindakan | |
| Microsoft.Sql/managedInstances/azureADOnlyAuthentications/hapus | Menghapus server terkelola tertentu Azure Active Directory hanya objek autentikasi |
| Microsoft.Sql/managedInstances/azureADOnlyAuthentications/tulis | Menghapus server terkelola tertentu Azure Active Directory hanya objek autentikasi |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
"name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
"permissions": [
{
"actions": [
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Network/networkSecurityGroups/*",
"Microsoft.Network/routeTables/*",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/locations/instanceFailoverGroups/*",
"Microsoft.Sql/managedInstances/*",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/*",
"Microsoft.Network/virtualNetworks/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [
"Microsoft.Sql/managedInstances/azureADOnlyAuthentications/delete",
"Microsoft.Sql/managedInstances/azureADOnlyAuthentications/write"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Managed Instance Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengelola Keamanan SQL
Memungkinkan Anda mengelola kebijakan terkait keamanan dari server dan database SQL, tetapi tidak dapat mengaksesnya. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/tindakan | Bergabung dengan sumber daya seperti akun penyimpanan atau database SQL ke subnet. Tidak bisa diperingatkan. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Sql/locations/administratorAzureAsyncOperation/baca | Mendapatkan hasil operasi administrator azure async instans terkelola. |
| Microsoft.Sql/managedInstances/advancedThreatProtectionSettings/read | Mengambil daftar pengaturan Perlindungan Ancaman Tingkat Lanjut instans terkelola yang dikonfigurasi untuk instans tertentu |
| Microsoft.Sql/managedInstances/advancedThreatProtectionSettings/write | Mengubah pengaturan Perlindungan Ancaman Tingkat Lanjut instans terkelola untuk instans terkelola tertentu |
| Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings/read | Mengambil daftar pengaturan Perlindungan Ancaman Tingkat Lanjut database terkelola yang dikonfigurasi untuk database terkelola tertentu |
| Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings/write | Mengubah pengaturan Perlindungan Ancaman Tingkat Lanjut database untuk database terkelola tertentu |
| Microsoft.Sql/managedInstances/advancedThreatProtectionSettings/read | Mengambil daftar pengaturan Perlindungan Ancaman Tingkat Lanjut instans terkelola yang dikonfigurasi untuk instans tertentu |
| Microsoft.Sql/managedInstances/advancedThreatProtectionSettings/write | Mengubah pengaturan Perlindungan Ancaman Tingkat Lanjut instans terkelola untuk instans terkelola tertentu |
| Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings/read | Mengambil daftar pengaturan Perlindungan Ancaman Tingkat Lanjut database terkelola yang dikonfigurasi untuk database terkelola tertentu |
| Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings/write | Mengubah pengaturan Perlindungan Ancaman Tingkat Lanjut database untuk database terkelola tertentu |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/advancedThreatProtectionSettings/read | Mengambil daftar pengaturan Perlindungan Ancaman Tingkat Lanjut server yang dikonfigurasi untuk server tertentu |
| Microsoft.Sql/servers/advancedThreatProtectionSettings/write | Mengubah pengaturan Perlindungan Ancaman Tingkat Lanjut server untuk server tertentu |
| Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/transparentDataEncryption/* | |
| Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
| Microsoft.Sql/managedInstances/serverConfigurationOptions/read | Mendapatkan properti untuk Opsi Konfigurasi Server Azure SQL Managed Instance yang ditentukan. |
| Microsoft.Sql/managedInstances/serverConfigurationOptions/write | Updates Azure SQL Managed Instance properti Opsi Konfigurasi Server untuk instans yang ditentukan. |
| Microsoft.Sql/locations/serverConfigurationOptionAzureAsyncOperation/read | Mendapatkan status operasi asinkron Azure Opsi Konfigurasi Server Azure SQL Managed Instance. |
| Microsoft.Sql/servers/advancedThreatProtectionSettings/read | Mengambil daftar pengaturan Perlindungan Ancaman Tingkat Lanjut server yang dikonfigurasi untuk server tertentu |
| Microsoft.Sql/servers/advancedThreatProtectionSettings/write | Mengubah pengaturan Perlindungan Ancaman Tingkat Lanjut server untuk server tertentu |
| Microsoft.SQL/server/auditingSettings/* | Membuat dan mengelola pengaturan audit server SQL |
| Microsoft.Sql/servers/extendedAuditingSettings/baca | Mengambil detail kebijakan audit gumpalan server yang diperluas yang dikonfigurasi pada server tertentu |
| Microsoft.Sql/servers/databases/advancedThreatProtectionSettings/read | Mengambil daftar pengaturan Perlindungan Ancaman Tingkat Lanjut database yang dikonfigurasi untuk database tertentu |
| Microsoft.Sql/servers/databases/advancedThreatProtectionSettings/write | Mengubah pengaturan Perlindungan Ancaman Tingkat Lanjut database untuk database tertentu |
| Microsoft.Sql/servers/databases/advancedThreatProtectionSettings/read | Mengambil daftar pengaturan Perlindungan Ancaman Tingkat Lanjut database yang dikonfigurasi untuk database tertentu |
| Microsoft.Sql/servers/databases/advancedThreatProtectionSettings/write | Mengubah pengaturan Perlindungan Ancaman Tingkat Lanjut database untuk database tertentu |
| Microsoft.SQL/servers/databases/auditingSettings/* | Membuat dan mengelola pengaturan audit database server SQL |
| Microsoft.SQL/servers/databases/auditRecords/baca | Mengambil catatan audit blob database |
| Microsoft.Sql/server/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/server/database/dataMaskingPolicies/* | Membuat dan mengelola kebijakan masking data database server SQL |
| Microsoft.Sql/server/databases/extendedAuditingSettings/baca | Mengambil detail kebijakan audit gumpalan server yang diperluas yang dikonfigurasi pada server tertentu |
| Microsoft.Sql/server/databases/baca | Kembalikan daftar server atau dapatkan properti untuk server yang ditentukan. |
| Microsoft.Sql/server/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/server/database/skema/read | Dapatkan skema database. |
| Microsoft.Sql/server/database/skema/tabel/kolom/baca | Dapatkan kolom database. |
| Microsoft.Sql/server/database/skema/tabel/kolom/sensitivitasLabels/* | |
| Microsoft.Sql/server/database/skema/tabel/kolom/baca | Dapatkan tabel database. |
| Microsoft.Sql/server/databases/securityAlertPolicies/* | Membuat dan mengelola kebijakan pemberitahuan keamanan database server SQL |
| Microsoft.Sql/server/database/securityMetrics/* | Membuat dan mengelola metrik keamanan database server SQL |
| Microsoft.Sql/server/database/sensitivitasLabels/* | |
| Microsoft.Sql/server/databases/transparentDataEncryption/* | |
| Microsoft.Sql/servers/databases/sqlvulnerabilityAssessments/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/server/database/vulnerabilityAssessmentScans/* | |
| Microsoft.Sql/server/database/vulnerabilityAssessmentSettings/* | |
| Microsoft.Sql/servers/devOpsAuditingSettings/* | |
| Microsoft.Sql/servers/firewallRules/* | |
| Microsoft.Sql/servers/baca | Kembalikan daftar server atau dapatkan properti untuk server yang ditentukan. |
| Microsoft.Sql/servers/securityAlertPolicies/* | Membuat dan mengelola kebijakan pemberitahuan keamanan database server SQL |
| Microsoft.Sql/servers/sqlvulnerabilityAssessments/* | |
| Microsoft.Sql/server/vulnerabilityAssessments/* | |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Sql/server/azureADOnlyAuthentications/* | |
| Microsoft.Sql/managedInstances/baca | Mengembalikan daftar instans terkelola atau dapatkan properti untuk instans terkelola yang ditentukan. |
| Microsoft.Sql/managedInstances/azureADOnlyAuthentications/* | |
| Microsoft.Security/sqlVulnerabilityAssessments/* | |
| Microsoft.Sql/managedInstances/administrator/baca | Mendapatkan daftar administrator instans terkelola. |
| Microsoft.Sql/servers/administrators/baca | Mendapatkan objek administrator Azure Active Directory tertentu |
| Microsoft.Sql/servers/databases/ledgerDigestUploads/* | |
| Microsoft.Sql/locations/ledgerDigestUploadsAzureAsyncOperation/read | Mendapatkan operasi yang sedang berlangsung dari pengaturan pengunggahan hash ledger |
| Microsoft.Sql/locations/ledgerDigestUploadsOperationResults/read | Mendapatkan operasi yang sedang berlangsung dari pengaturan pengunggahan hash ledger |
| Microsoft.Sql/servers/externalPolicyBasedAuthorizations/* | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
"name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/locations/administratorAzureAsyncOperation/read",
"Microsoft.Sql/managedInstances/advancedThreatProtectionSettings/read",
"Microsoft.Sql/managedInstances/advancedThreatProtectionSettings/write",
"Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings/read",
"Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings/write",
"Microsoft.Sql/managedInstances/advancedThreatProtectionSettings/read",
"Microsoft.Sql/managedInstances/advancedThreatProtectionSettings/write",
"Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings/read",
"Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings/write",
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/advancedThreatProtectionSettings/read",
"Microsoft.Sql/servers/advancedThreatProtectionSettings/write",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/serverConfigurationOptions/read",
"Microsoft.Sql/managedInstances/serverConfigurationOptions/write",
"Microsoft.Sql/locations/serverConfigurationOptionAzureAsyncOperation/read",
"Microsoft.Sql/servers/advancedThreatProtectionSettings/read",
"Microsoft.Sql/servers/advancedThreatProtectionSettings/write",
"Microsoft.Sql/servers/auditingSettings/*",
"Microsoft.Sql/servers/extendedAuditingSettings/read",
"Microsoft.Sql/servers/databases/advancedThreatProtectionSettings/read",
"Microsoft.Sql/servers/databases/advancedThreatProtectionSettings/write",
"Microsoft.Sql/servers/databases/advancedThreatProtectionSettings/read",
"Microsoft.Sql/servers/databases/advancedThreatProtectionSettings/write",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
"Microsoft.Sql/servers/databases/read",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/read",
"Microsoft.Sql/servers/databases/schemas/tables/columns/read",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/read",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/transparentDataEncryption/*",
"Microsoft.Sql/servers/databases/sqlvulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/devOpsAuditingSettings/*",
"Microsoft.Sql/servers/firewallRules/*",
"Microsoft.Sql/servers/read",
"Microsoft.Sql/servers/securityAlertPolicies/*",
"Microsoft.Sql/servers/sqlvulnerabilityAssessments/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*",
"Microsoft.Support/*",
"Microsoft.Sql/servers/azureADOnlyAuthentications/*",
"Microsoft.Sql/managedInstances/read",
"Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*",
"Microsoft.Security/sqlVulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/administrators/read",
"Microsoft.Sql/servers/administrators/read",
"Microsoft.Sql/servers/databases/ledgerDigestUploads/*",
"Microsoft.Sql/locations/ledgerDigestUploadsAzureAsyncOperation/read",
"Microsoft.Sql/locations/ledgerDigestUploadsOperationResults/read",
"Microsoft.Sql/servers/externalPolicyBasedAuthorizations/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Security Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor SQL Server
Memungkinkan Anda mengelola server dan database SQL, tetapi tidak dapat mengaksesnya, dan bukan kebijakan terkait keamanannya. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Sql/lokasi/*/baca | |
| Microsoft.Sql/servers/* | Membuat dan mengelola server SQL |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Insights/metrik/baca | Membaca metrik |
| Microsoft.Insights/metricDefinitions/baca | Baca definisi metrik |
| Bukan Tindakan | |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
| Microsoft.SQL/server/auditingSettings/* | Mengedit pengaturan audit server SQL |
| Microsoft.SQL/servers/databases/auditingSettings/* | Mengedit pengaturan audit database server SQL |
| Microsoft.SQL/servers/databases/auditRecords/baca | Mengambil catatan audit blob database |
| Microsoft.Sql/server/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/server/database/dataMaskingPolicies/* | Mengedit kebijakan masking data database server SQL |
| Microsoft.SQL/servers/extendedAuditingSettings/* | |
| Microsoft.Sql/server/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/server/database/skema/tabel/kolom/sensitivitasLabels/* | |
| Microsoft.Sql/server/databases/securityAlertPolicies/* | Mengedit kebijakan pemberitahuan keamanan database server SQL |
| Microsoft.Sql/server/database/securityMetrics/* | Mengedit metrik keamanan database server SQL |
| Microsoft.Sql/server/database/sensitivitasLabels/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/server/database/vulnerabilityAssessmentScans/* | |
| Microsoft.Sql/server/database/vulnerabilityAssessmentSettings/* | |
| Microsoft.Sql/servers/devOpsAuditingSettings/* | |
| Microsoft.SQL/servers/extendedAuditingSettings/* | |
| Microsoft.Sql/servers/securityAlertPolicies/* | Mengedit kebijakan pemberitahuan keamanan database server SQL |
| Microsoft.Sql/server/vulnerabilityAssessments/* | |
| Microsoft.Sql/server/azureADOnlyAuthentications/hapus | Menghapus server terkelola tertentu Azure Active Directory hanya objek autentikasi |
| Microsoft.Sql/server/azureADOnlyAuthentications/baca | Menghapus server terkelola tertentu Azure Active Directory hanya objek autentikasi |
| Microsoft.Sql/servers/externalPolicyBasedAuthorizations/delete | Menghapus properti otorisasi berbasis kebijakan eksternal server tertentu |
| Microsoft.Sql/servers/externalPolicyBasedAuthorizations/write | Menambahkan atau memperbarui properti otorisasi berbasis kebijakan eksternal server tertentu |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
"name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/servers/*",
"Microsoft.Support/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/devOpsAuditingSettings/*",
"Microsoft.Sql/servers/extendedAuditingSettings/*",
"Microsoft.Sql/servers/securityAlertPolicies/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/azureADOnlyAuthentications/delete",
"Microsoft.Sql/servers/azureADOnlyAuthentications/write",
"Microsoft.Sql/servers/externalPolicyBasedAuthorizations/delete",
"Microsoft.Sql/servers/externalPolicyBasedAuthorizations/write"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Server Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Analitik
Pemilik Data Azure Event Hubs
Memungkinkan akses penuh ke sumber daya Azure Event Hubs. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.EventHub/* | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.EventHub/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
"name": "f526a384-b230-433a-b45c-95f59c4a2dec",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penerima Data Azure Event Hubs
Memungkinkan penerimaan akses ke sumber daya Azure Event Hubs. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.EventHub/*/eventhubs/consumergroups/baca | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.EventHub/*/terima/tindakan | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows receive access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/consumergroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Service Bus Data Sender
Memungkinkan untuk mengirim akses ke sumber daya Azure Event Hubs. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.EventHub/*/eventhubs/baca | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.EventHub/*/kirim/tindakan | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows send access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
"name": "2b629674-e913-4c01-ae53-ef4638d8f975",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Data Factory
Buat dan kelola pabrik data, serta sumber daya turunan di dalamnya. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.DataFactory/dataFactories/* | Buat dan kelola pabrik data, serta sumber daya turunan di dalamnya. |
| Microsoft.DataFactory/factories/* | Buat dan kelola pabrik data, serta sumber daya turunan di dalamnya. |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.EventGrid/eventSubscriptions/tulis | Membuat atau memperbarui kejadianSubscription |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Create and manage data factories, as well as child resources within them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
"name": "673868aa-7521-48a0-acc6-0f60742d39f5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DataFactory/dataFactories/*",
"Microsoft.DataFactory/factories/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.EventGrid/eventSubscriptions/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Factory Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penghapus Seluruh Data
Menghapus data pribadi dari ruang kerja Analitik Log. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Insights/komponen/*/baca | |
| Microsoft.Insights/komponen/pembersihan/tindakan | Membersihkan data dari Application Insights |
| Microsoft.OperationalInsights/ruang kerja/*/baca | Menampilkan data analitik log |
| Microsoft.OperationalInsights/ruang kerja/pembersihan/tindakan | Hapus data yang ditentukan berdasarkan kueri dari ruang kerja. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can purge analytics data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"permissions": [
{
"actions": [
"Microsoft.Insights/components/*/read",
"Microsoft.Insights/components/purge/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/purge/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Purger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Kluster HDInsight
Memungkinkan Anda membaca dan mengubah konfigurasi kluster HDInsight. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.HDInsight/*/baca | |
| Microsoft.HDInsight/kluster/getGatewaySettings/tindakan | Dapatkan pengaturan gateway untuk Klaster HDInsight |
| Microsoft.HDInsight/kluster/getGatewaySettings/tindakan | Dapatkan pengaturan gateway untuk Klaster HDInsight |
| Microsoft.HDInsight/kluster/configurations/* | |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and modify HDInsight cluster configurations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
"name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
"permissions": [
{
"actions": [
"Microsoft.HDInsight/*/read",
"Microsoft.HDInsight/clusters/getGatewaySettings/action",
"Microsoft.HDInsight/clusters/updateGatewaySettings/action",
"Microsoft.HDInsight/clusters/configurations/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Cluster Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Layanan Domain HDInsight
Dapat Membaca, Membuat, Memodifikasi, dan Menghapus Layanan Domain terkait operasi yang diperlukan untuk Paket Keamanan HDInsight Enterprise Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.AAD/*/baca | |
| Microsoft.AAD/domainLayanan/*/baca | |
| Microsoft.AAD/domainLayanan/oucontainer/* | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
"name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
"permissions": [
{
"actions": [
"Microsoft.AAD/*/read",
"Microsoft.AAD/domainServices/*/read",
"Microsoft.AAD/domainServices/oucontainer/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Domain Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Analitik Log
Kontributor Analitik Log dapat membaca semua data pemantauan dan mengedit pengaturan pemantauan. Pengaturan pemantauan pengeditan termasuk menambahkan ekstensi VM ke VM; membaca kunci akun penyimpanan untuk dapat mengonfigurasi koleksi log dari Azure Storage; menambahkan solusi; dan mengonfigurasi diagnostik Azure pada semua sumber daya Azure. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| Microsoft.ClassicCompute/virtualMachines/ekstensi/* | |
| Microsoft.ClassicStorage/storageAccounts/listKeys/tindakan | Mencantumkan kunci akses untuk akun penyimpanan. |
| Microsoft.Compute/virtualMachines/ekstensi/* | |
| Microsoft.HybridCompute/mesin/ekstensi/tulis | Menginstal atau Memperbarui ekstensi Azure Arc |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/diagnosticSettings/* | Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis |
| Microsoft.OperationalInsights/* | |
| Microsoft.OperationsManagement/* | |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/subscriptions/resourcegroups/penyebaran/* | |
| Microsoft.Storage/storageAccounts/listKeys/tindakan | Mengembalikan kunci akses untuk akun penyimpanan tertentu. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.ClassicCompute/virtualMachines/extensions/*",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.Compute/virtualMachines/extensions/*",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/*",
"Microsoft.OperationsManagement/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Analitik Log
Pembaca Analitik Log dapat melihat dan mencari semua data pemantauan serta melihat pengaturan pemantauan, termasuk melihat konfigurasi diagnostik Azure di semua sumber daya Azure. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| Microsoft.OperationalInsights/ruang kerja/analitik/kueri/tindakan | Cari menggunakan mesin baru. |
| Microsoft.OperationalInsights/ruang kerja/pencarian/tindakan | Menjalankan kueri pencarian |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Microsoft.OperationalInsights/ruang kerja/sharedKeys/baca | Mengambil kunci bersama untuk ruang kerja. Kunci ini digunakan untuk menghubungkan agen Microsoft Operational Insights ke ruang kerja. |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
"name": "73c42c96-874c-492b-b04d-ab87d138a893",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.OperationalInsights/workspaces/sharedKeys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Schema Registry (Pratinjau)
Membaca, menulis, dan menghapus grup dan skema Schema Registry.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.EventHub/namespaces/skemagroups/* | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.EventHub/namespaces/skema/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read, write, and delete Schema Registry groups and schemas.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
"name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/*"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Contributor (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Schema Registry (Pratinjau)
Membaca dan membuat daftar grup dan skema Schema Registry.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.EventHub/namespaces/skemagroups/baca | Dapatkan daftar Deskripsi Sumber Daya SkemaGroup |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.EventHub/namespaces/skema/baca | Ambil skema |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read and list Schema Registry groups and schemas.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/read"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penguji Kueri Azure Stream Analytics
Memungkinkan Anda melakukan pengujian kueri tanpa membuat pekerjaan analisis aliran terlebih dahulu
| Tindakan | Deskripsi |
|---|---|
| Microsoft.StreamAnalytics/locations/TestQuery/action | Menguji Kueri untuk Penyedia Sumber Azure Stream Analytics |
| Microsoft.StreamAnalytics/locations/OperationResults/read | Membaca Hasil Operasi Azure Stream Analytics |
| Microsoft.StreamAnalytics/locations/SampleInput/action | Input Sampel untuk Penyedia Sumber Daya Azure Stream Analytics |
| Microsoft.StreamAnalytics/locations/CompileQuery/action | Mengompilasi Kueri untuk Penyedia Sumber Daya Azure Stream Analytics |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform query testing without creating a stream analytics job first",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf",
"name": "1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf",
"permissions": [
{
"actions": [
"Microsoft.StreamAnalytics/locations/TestQuery/action",
"Microsoft.StreamAnalytics/locations/OperationResults/read",
"Microsoft.StreamAnalytics/locations/SampleInput/action",
"Microsoft.StreamAnalytics/locations/CompileQuery/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Stream Analytics Query Tester",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AI + pembelajaran mesin
Ilmuwan Data AzureML
Dapat melakukan semua tindakan dalam ruang kerja Azure Machine Learning, kecuali untuk membuat atau menghapus sumber daya komputasi dan memodifikasi ruang kerja itu sendiri.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.MachineLearningServices/workspaces/*/read | |
| Microsoft.MachineLearningServices/workspaces/*/action | |
| Microsoft.MachineLearningServices/workspaces/*/delete | |
| Microsoft.MachineLearningServices/workspaces/*/write | |
| Microsoft.MachineLearningServices/featurestores/read | Mendapatkan Penyimpanan Fitur Layanan Pembelajaran Mesin |
| Microsoft.MachineLearningServices/featurestores/checkNameAvailability/read | Memeriksa ketersediaan nama Penyimpanan Fitur Layanan Pembelajaran Mesin |
| NotActions | |
| Microsoft.MachineLearningServices/workspaces/delete | Menghapus Ruang Kerja Layanan Pembelajaran Mesin |
| Microsoft.MachineLearningServices/workspaces/write | Membuat atau memperbarui Ruang Kerja Layanan Pembelajaran Mesin |
| Microsoft.MachineLearningServices/workspaces/computes/*/write | |
| Microsoft.MachineLearningServices/workspaces/computes/*/delete | |
| Microsoft.MachineLearningServices/workspaces/computes/listKeys/action | Membuat daftar rahasia untuk sumber daya komputasi di Ruang Kerja Layanan Pembelajaran Mesin |
| Microsoft.MachineLearningServices/workspaces/listKeys/action | Membuat daftar rahasia untuk Ruang Kerja Layanan Pembelajaran Mesin |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f6c7c914-8db3-469d-8ca1-694a8f32e121",
"name": "f6c7c914-8db3-469d-8ca1-694a8f32e121",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/workspaces/*/read",
"Microsoft.MachineLearningServices/workspaces/*/action",
"Microsoft.MachineLearningServices/workspaces/*/delete",
"Microsoft.MachineLearningServices/workspaces/*/write",
"Microsoft.MachineLearningServices/featurestores/read",
"Microsoft.MachineLearningServices/featurestores/checkNameAvailability/read"
],
"notActions": [
"Microsoft.MachineLearningServices/workspaces/delete",
"Microsoft.MachineLearningServices/workspaces/write",
"Microsoft.MachineLearningServices/workspaces/computes/*/write",
"Microsoft.MachineLearningServices/workspaces/computes/*/delete",
"Microsoft.MachineLearningServices/workspaces/computes/listKeys/action",
"Microsoft.MachineLearningServices/workspaces/listKeys/action"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AzureML Data Scientist",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Cognitive Services
Memungkinkan Anda membuat, membaca, memperbarui, menghapus, dan mengelola kunci Cognitive Services. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.CognitiveServices/* | |
| Microsoft.Features/features/read | Mendapatkan fitur dari langganan. |
| Microsoft.Features/penyedia/fitur/baca | Mendapatkan fitur langganan di penyedia sumber daya yang diberikan. |
| Microsoft.Features/providers/features/register/action | Mendaftarkan fitur untuk langganan di penyedia sumber daya tertentu. |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/diagnosticSettings/* | Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis |
| Microsoft.Insights/logDefinisi/baca | Baca definisi log |
| Microsoft.Insights/metricdefinisi/baca | Baca definisi metrik |
| Microsoft.Insights/metrik/baca | Membaca metrik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/subscriptions/resourcegroups/penyebaran/* | |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.CognitiveServices/*",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Features/providers/features/register/action",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cognitive Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Visi Kustom Cognitive Services
Akses penuh ke proyek, termasuk kemampuan untuk melihat, membuat, mengedit, atau menghapus proyek. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.CognitiveServices/*/baca | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.CognitiveServices/akun/CustomVision/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Full access to the project, including the ability to view, create, edit, or delete projects.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
"name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Custom Vision Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penyebaran Visi Kustom Cognitive Services
Publikasikan, batal terbitkan, atau ekspor model. Penyebaran dapat melihat proyek tetapi tidak dapat memperbarui. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.CognitiveServices/*/baca | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.CognitiveServices/akun/CustomVision/*/baca | |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/prediksi/* | |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/perulangan/terbitkan/* | |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/perulangan/ekspor/* | |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/uji cepat/* | |
| Microsoft.CognitiveServices/akun/CustomVision/klasifikasikan/* | |
| Microsoft.CognitiveServices/akun/CustomVision/deteksi/* | |
| NotDataActions | |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/ekspor/baca | Mengekspor proyek. |
{
"assignableScopes": [
"/"
],
"description": "Publish, unpublish or export models. Deployment can view the project but can't update.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f",
"name": "5c4089e1-6d96-4d2f-b296-c1bc7137275f",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*",
"Microsoft.CognitiveServices/accounts/CustomVision/classify/*",
"Microsoft.CognitiveServices/accounts/CustomVision/detect/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Deployment",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemberi Label Custom Vision Cognitive Services
Lihat, edit gambar pelatihan dan buat, tambahkan, hapus, atau hapus tag gambar. Pelabel dapat melihat proyek tetapi tidak dapat memperbarui apa pun selain gambar dan tag pelatihan. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.CognitiveServices/*/baca | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.CognitiveServices/akun/CustomVision/*/baca | |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/prediksi/kueri/tindakan | Dapatkan gambar yang dikirim ke endpoint prediksi Anda. |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/gambar/* | |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/tag/* | |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/gambar/disarankan/* | |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/tagsandregions/saran/tindakan | API ini akan mendapatkan tag dan wilayah yang disarankan untuk array/batch gambar yang tidak disa dikembalikan bersama dengan konfidensi untuk tag. Mengembalikan array kosong jika tidak ada tag yang ditemukan. |
| NotDataActions | |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/ekspor/baca | Mengekspor proyek. |
{
"assignableScopes": [
"/"
],
"description": "View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c",
"name": "88424f51-ebe7-446f-bc41-7fa16989e96c",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Labeler",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Custom Vision Cognitive Services
Tindakan baca-saja di ruang kerja. Pembaca tidak dapat membuat atau memperbarui aset ini. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.CognitiveServices/*/baca | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.CognitiveServices/akun/CustomVision/*/baca | |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/prediksi/kueri/tindakan | Dapatkan gambar yang dikirim ke endpoint prediksi Anda. |
| NotDataActions | |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/ekspor/baca | Mengekspor proyek. |
{
"assignableScopes": [
"/"
],
"description": "Read-only actions in the project. Readers can't create or update the project.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/93586559-c37d-4a6b-ba08-b9f0940c2d73",
"name": "93586559-c37d-4a6b-ba08-b9f0940c2d73",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pelatih Custom Vision Cognitive Services
Lihat, edit proyek, dan latih model, termasuk kemampuan untuk menerbitkan, membatalkan penerbitan, mengekspor model. Pelatih tidak dapat membuat atau menghapus proyek. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.CognitiveServices/*/baca | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.CognitiveServices/akun/CustomVision/* | |
| NotDataActions | |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/tindakan | Membuat proyek. |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/hapus | Menghapus proyek tertentu. |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/impor/tindakan | Mengimpor proyek. |
| Microsoft.CognitiveServices/akun/CustomVision/proyek/ekspor/baca | Mengekspor proyek. |
{
"assignableScopes": [
"/"
],
"description": "View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can't create or delete the project.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
"name": "0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/delete",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Trainer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data Cognitive Services (Pratinjau)
Memungkinkan Anda membaca data Cognitive Services.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.CognitiveServices/*/baca | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you read Cognitive Services data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
"name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Data Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengenal Wajah Cognitive Services
Memungkinkan Anda melakukan deteksi, verifikasi, identifikasi, kelompokkan, dan temukan operasi serupa di Face API. Peran ini tidak memungkinkan operasi buat atau hapus, yang membuatnya sangat cocok untuk titik akhir yang hanya perlu kemampuan yang lebih rendah, mengikuti praktik terbaik 'hak istimewa paling sedikit'.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.CognitiveServices/akun/Wajah/deteksi/tindakan | Deteksi wajah manusia dalam gambar, kembalikan persegi panjang wajah, dan opsional dengan faceId, landmark, dan atribut. |
| Microsoft.CognitiveServices/akun/Wajah/verifikasi/tindakan | Verifikasi apakah dua wajah milik orang yang sama atau apakah satu wajah milik seseorang. |
| Microsoft.CognitiveServices/akun/Wajah/identifikasi/tindakan | Identifikasi 1-ke-banyak untuk menemukan kecocokan terdekat dari wajah orang kueri tertentu dari grup orang atau kelompok orang besar. |
| Microsoft.CognitiveServices/akun/Wajah/grup/tindakan | Bagilah wajah kandidat menjadi kelompok-kelompok berdasarkan kesamaan wajah. |
| Microsoft.CognitiveServices/akun/Wajah/temukan kesaman/tindakan | Mengingat faceId wajah kueri, untuk mencari wajah yang tampak serupa dari array faceId, daftar wajah, atau daftar wajah besar. faceId |
| Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action | Melakukan deteksi keaktifan pada wajah target dalam urutan gambar inframerah, warna, dan/atau kedalaman, dan mengembalikan klasifikasi keaktifan wajah target sebagai 'wajah nyata', 'wajah spoof', atau 'tidak pasti' jika klasifikasi tidak dapat dilakukan dengan input yang diberikan. |
| Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action | Melakukan deteksi keaktifan pada wajah target dalam urutan gambar dengan modalitas yang sama (misalnya warna atau inframerah), dan mengembalikan klasifikasi keaktifan wajah target sebagai 'wajah nyata', 'spoof face', atau 'uncertain' jika klasifikasi tidak dapat dilakukan dengan input yang diberikan. |
| Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action | Mendeteksi keaktifan wajah target dalam urutan gambar dengan jenis aliran yang sama (misalnya warna) lalu membandingkan dengan VerifyImage untuk mengembalikan skor keyakinan untuk skenario identitas. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9894cab4-e18a-44aa-828b-cb588cd6f2d7",
"name": "9894cab4-e18a-44aa-828b-cb588cd6f2d7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/Face/detect/action",
"Microsoft.CognitiveServices/accounts/Face/verify/action",
"Microsoft.CognitiveServices/accounts/Face/identify/action",
"Microsoft.CognitiveServices/accounts/Face/group/action",
"Microsoft.CognitiveServices/accounts/Face/findsimilars/action",
"Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action",
"Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action",
"Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Face Recognizer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Penasihat Metrik Cognitive Services
Akses penuh ke proyek, termasuk konfigurasi tingkat sistem. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.CognitiveServices/*/baca | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/MetricsAdvisor/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Full access to the project, including the system level configuration.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cb43c632-a144-4ec5-977c-e80c4affc34a",
"name": "cb43c632-a144-4ec5-977c-e80c4affc34a",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/MetricsAdvisor/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Metrics Advisor Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor OpenAI Cognitive Services
Akses penuh termasuk kemampuan untuk menyempurnakan, menyebarkan, dan menghasilkan teks
| Tindakan | Deskripsi |
|---|---|
| Microsoft.CognitiveServices/*/baca | |
| Microsoft.Authorization/roleAssignments/baca | Mendapatkan informasi tentang penetapan peran. |
| Microsoft.Authorization/roleDefinisi/baca | Mendapatkan informasi tentang definisi peran. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/OpenAI/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Full access including the ability to fine-tune, deploy and generate text",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a001fd3d-188f-4b5d-821b-7da978bf7442",
"name": "a001fd3d-188f-4b5d-821b-7da978bf7442",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services OpenAI Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengguna OpenAI Cognitive Services
Akses baca untuk melihat file, model, penyebaran. Kemampuan untuk membuat penyelesaian dan menyematkan panggilan.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.CognitiveServices/*/baca | |
| Microsoft.Authorization/roleAssignments/baca | Mendapatkan informasi tentang penetapan peran. |
| Microsoft.Authorization/roleDefinisi/baca | Mendapatkan informasi tentang definisi peran. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.CognitiveServices/accounts/OpenAI/*/read | |
| Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action | Membuat penyelesaian model yang dipilih |
| Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action | Mencari dokumen yang paling relevan menggunakan mesin saat ini. |
| Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action | (Ditujukan hanya untuk browser.) Streaming teks yang dihasilkan dari model melalui permintaan GET. Metode ini disediakan karena metode EventSource asli browser hanya dapat mengirim permintaan GET. Ini mendukung serangkaian opsi konfigurasi yang lebih terbatas daripada varian POST. |
| Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/write | |
| Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action | Mencari dokumen yang paling relevan menggunakan mesin saat ini. |
| Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action | Buat penyelesaian dari model yang dipilih. |
| Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action | Membuat penyelesaian untuk pesan obrolan |
| Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action | Mengembalikan penyematan untuk perintah tertentu. |
| Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/write | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Ability to view files, models, deployments. Readers can't make any changes They can inference",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e0bd9bd-7b93-4f28-af87-19fc36ad61bd",
"name": "5e0bd9bd-7b93-4f28-af87-19fc36ad61bd",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*/read",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/write",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/write"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services OpenAI User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Editor Pembuat QnA Cognitive Services
Mari kita membuat, mengedit, mengimpor, dan mengekspor KB. Anda tidak dapat menerbitkan atau menghapus KB. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.CognitiveServices/*/baca | |
| Microsoft.Authorization/roleAssignments/baca | Mendapatkan informasi tentang penetapan peran. |
| Microsoft.Authorization/roleDefinisi/baca | Mendapatkan informasi tentang definisi peran. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/baca | Mendapatkan Daftar Basis Pengetahuan atau detail knowledgebaser tertentu. |
| Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/unduh/baca | Unduh knowledgebase. |
| Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/buat/tulis | Operasi asinkron untuk menciptakan basis pengetahuan baru. |
| Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/baca | Operasi asinkron untuk memodifikasi basis pengetahuan atau Mengganti konten basis pengetahuan. |
| Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/generateanswer/tindakan | GenerateAnswer panggilan untuk meminta basis pengetahuan. |
| Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/latih/baca | Latih panggilan untuk menambahkan saran ke basis pengetahuan. |
| Microsoft.CognitiveServices/akun/QnAMaker/perubahan/baca | Unduh perubahan dari runtime. |
| Microsoft.CognitiveServices/akun/QnAMaker/perubahan/tulis | Mengganti data perubahan. |
| Microsoft.CognitiveServices/akun/QnAMaker/endpointkeys/baca | Mendapatkan tombol endpoint untuk titik akhir |
| Microsoft.CognitiveServices/akun/QnAMaker/endpointkeys/refreshkeys/tindakan | Menghasilkan kembali kunci endpoint. |
| Microsoft.CognitiveServices/akun/QnAMaker/endpointsettings/baca | Mendapatkan pengaturan endpoint untuk endpoint |
| Microsoft.CognitiveServices/akun/QnAMaker/endpointsettings/tulis | Perbarui endpoint seettings untuk titik akhir. |
| Microsoft.CognitiveServices/akun/QnAMaker/operasi/baca | Mendapatkan detail operasi jangka panjang tertentu. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/baca | Mendapatkan Daftar Basis Pengetahuan atau detail knowledgebaser tertentu. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/unduh/baca | Unduh knowledgebase. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/buat/tulis | Operasi asinkron untuk menciptakan basis pengetahuan baru. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/tulis | Operasi asinkron untuk memodifikasi basis pengetahuan atau Mengganti konten basis pengetahuan. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/generateanswer/tindakan | GenerateAnswer panggilan untuk meminta basis pengetahuan. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/latih/baca | Latih panggilan untuk menambahkan saran ke basis pengetahuan. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/perubahan/baca | Unduh perubahan dari runtime. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/perubahan/tulis | Mengganti data perubahan. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/endpointkeys/baca | Mendapatkan tombol endpoint untuk titik akhir |
| Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/tindakan | Menghasilkan kembali kunci endpoint. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/endpointsettings/baca | Mendapatkan pengaturan endpoint untuk endpoint |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/endpointsettings/tulis | Perbarui endpoint seettings untuk titik akhir. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/operasi/baca | Mendapatkan detail operasi jangka panjang tertentu. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/baca | Mendapatkan Daftar Basis Pengetahuan atau detail knowledgebaser tertentu. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/unduh/baca | Unduh knowledgebase. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/buat/tulis | Operasi asinkron untuk menciptakan basis pengetahuan baru. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/tulis | Operasi asinkron untuk memodifikasi basis pengetahuan atau Mengganti konten basis pengetahuan. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/generateanswer/tindakan | GenerateAnswer panggilan untuk meminta basis pengetahuan. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/latih/tulis | Latih panggilan untuk menambahkan saran ke basis pengetahuan. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/perubahan/baca | Unduh perubahan dari runtime. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/perubahan/tulis | Mengganti data perubahan. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/endpointkeys/baca | Mendapatkan tombol endpoint untuk titik akhir |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/tindakan | Menghasilkan kembali kunci endpoint. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/endpointsettings/baca | Mendapatkan pengaturan endpoint untuk endpoint |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/endpointsettings/tulis | Perbarui endpoint seettings untuk titik akhir. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/operasi/baca | Mendapatkan detail operasi jangka panjang tertentu. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Let's you create, edit, import and export a KB. You cannot publish or delete a KB.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f4cc2bf9-21be-47a1-bdf1-5c5804381025",
"name": "f4cc2bf9-21be-47a1-bdf1-5c5804381025",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/operations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services QnA Maker Editor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca QnA Maker Cognitive Services
Memungkinkan Anda membaca dan menguji KB saja. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.CognitiveServices/*/baca | |
| Microsoft.Authorization/roleAssignments/baca | Mendapatkan informasi tentang penetapan peran. |
| Microsoft.Authorization/roleDefinisi/baca | Mendapatkan informasi tentang definisi peran. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/baca | Mendapatkan Daftar Basis Pengetahuan atau detail knowledgebaser tertentu. |
| Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/unduh/baca | Unduh knowledgebase. |
| Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/generateanswer/tindakan | GenerateAnswer panggilan untuk meminta basis pengetahuan. |
| Microsoft.CognitiveServices/akun/QnAMaker/perubahan/baca | Unduh perubahan dari runtime. |
| Microsoft.CognitiveServices/akun/QnAMaker/endpointkeys/baca | Mendapatkan tombol endpoint untuk titik akhir |
| Microsoft.CognitiveServices/akun/QnAMaker/endpointsettings/baca | Mendapatkan pengaturan endpoint untuk endpoint |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/baca | Mendapatkan Daftar Basis Pengetahuan atau detail knowledgebaser tertentu. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/unduh/baca | Unduh knowledgebase. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/generateanswer/tindakan | GenerateAnswer panggilan untuk meminta basis pengetahuan. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/perubahan/baca | Unduh perubahan dari runtime. |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/endpointkeys/baca | Mendapatkan tombol endpoint untuk titik akhir |
| Microsoft.CognitiveServices/akun/QnAMaker.v2/endpointsettings/baca | Mendapatkan pengaturan endpoint untuk endpoint |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/baca | Mendapatkan Daftar Basis Pengetahuan atau detail knowledgebaser tertentu. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/unduh/baca | Unduh knowledgebase. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/generateanswer/tindakan | GenerateAnswer panggilan untuk meminta basis pengetahuan. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/perubahan/baca | Unduh perubahan dari runtime. |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/endpointkeys/baca | Mendapatkan tombol endpoint untuk titik akhir |
| Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/endpointsettings/baca | Mendapatkan pengaturan endpoint untuk endpoint |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Let's you read and test a KB only.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/466ccd10-b268-4a11-b098-b4849f024126",
"name": "466ccd10-b268-4a11-b098-b4849f024126",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services QnA Maker Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengguna Cognitive Services
Memungkinkan Anda membaca dan mencantumkan kunci Cognitive Services. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.CognitiveServices/*/baca | |
| Microsoft.CognitiveServices/akun/listkeys/tindakan | Membuat daftar kunci |
| Microsoft.Insights/alertRules/baca | Membaca pemberitahuan metrik klasik |
| Microsoft.Insights /DiagnosticSettings/baca | Membaca pengaturan diagnostik sumber daya |
| Microsoft.Insights/logDefinisi/baca | Baca definisi log |
| Microsoft.Insights/metricdefinisi/baca | Baca definisi metrik |
| Microsoft.Insights/metrik/baca | Membaca metrik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.CognitiveServices/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and list keys of Cognitive Services.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
"name": "a97b65f3-24c7-4388-baec-2e87135dc908",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/listkeys/action",
"Microsoft.Insights/alertRules/read",
"Microsoft.Insights/diagnosticSettings/read",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Internet of things
Administrator Pembaruan Perangkat
Memberi Anda akses penuh ke manajemen dan operasi konten Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.DeviceUpdate/akun/instans/pembaruan/baca | Melakukan operasi baca yang terkait dengan pembaruan |
| Microsoft.DeviceUpdate/akun/instans/pembaruan/tulis | Melakukan operasi tulis yang terkait dengan pembaruan |
| Microsoft.DeviceUpdate/akun/instans/pembaruan/hapus | Melakukan operasi hapus yang terkait dengan pembaruan |
| Microsoft.DeviceUpdate/akun/instans/manajemen/baca | Melakukan operasi baca yang terkait dengan manajemen |
| Microsoft.DeviceUpdate/akun/instans/manajemen/tulis | Melakukan operasi tulis yang terkait dengan manajemen |
| Microsoft.DeviceUpdate/akun/instans/manajemen/hapus | Melakukan operasi hapus yang terkait dengan manajemen |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Gives you full access to management and content operations",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/02ca0879-e8e4-47a5-a61e-5c618b76e64a",
"name": "02ca0879-e8e4-47a5-a61e-5c618b76e64a",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/updates/read",
"Microsoft.DeviceUpdate/accounts/instances/updates/write",
"Microsoft.DeviceUpdate/accounts/instances/updates/delete",
"Microsoft.DeviceUpdate/accounts/instances/management/read",
"Microsoft.DeviceUpdate/accounts/instances/management/write",
"Microsoft.DeviceUpdate/accounts/instances/management/delete"
],
"notDataActions": []
}
],
"roleName": "Device Update Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Konten Pembaruan Perangkat
Memberi Anda akses penuh ke operasi konten Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.DeviceUpdate/akun/instans/pembaruan/baca | Melakukan operasi baca yang terkait dengan pembaruan |
| Microsoft.DeviceUpdate/akun/instans/pembaruan/tulis | Melakukan operasi tulis yang terkait dengan pembaruan |
| Microsoft.DeviceUpdate/akun/instans/pembaruan/hapus | Melakukan operasi hapus yang terkait dengan pembaruan |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Gives you full access to content operations",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0378884a-3af5-44ab-8323-f5b22f9f3c98",
"name": "0378884a-3af5-44ab-8323-f5b22f9f3c98",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/updates/read",
"Microsoft.DeviceUpdate/accounts/instances/updates/write",
"Microsoft.DeviceUpdate/accounts/instances/updates/delete"
],
"notDataActions": []
}
],
"roleName": "Device Update Content Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Konten Pembaruan Perangkat
Memberi Anda akses baca ke operasi konten, tetapi tidak memperbolehkan membuat perubahan Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.DeviceUpdate/akun/instans/pembaruan/baca | Melakukan operasi baca yang terkait dengan pembaruan |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Gives you read access to content operations, but does not allow making changes",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d1ee9a80-8b14-47f0-bdc2-f4a351625a7b",
"name": "d1ee9a80-8b14-47f0-bdc2-f4a351625a7b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/updates/read"
],
"notDataActions": []
}
],
"roleName": "Device Update Content Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Penyebaran Pembaruan Perangkat
Memberi Anda akses penuh ke operasi manajemen Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.DeviceUpdate/akun/instans/manajemen/baca | Melakukan operasi baca yang terkait dengan manajemen |
| Microsoft.DeviceUpdate/akun/instans/manajemen/tulis | Melakukan operasi tulis yang terkait dengan manajemen |
| Microsoft.DeviceUpdate/akun/instans/manajemen/hapus | Melakukan operasi hapus yang terkait dengan manajemen |
| Microsoft.DeviceUpdate/akun/instans/pembaruan/baca | Melakukan operasi baca yang terkait dengan pembaruan |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Gives you full access to management operations",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e4237640-0e3d-4a46-8fda-70bc94856432",
"name": "e4237640-0e3d-4a46-8fda-70bc94856432",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/management/read",
"Microsoft.DeviceUpdate/accounts/instances/management/write",
"Microsoft.DeviceUpdate/accounts/instances/management/delete",
"Microsoft.DeviceUpdate/accounts/instances/updates/read"
],
"notDataActions": []
}
],
"roleName": "Device Update Deployments Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Penyebaran Pembaruan Perangkat
Memberi Anda akses baca ke operasi manajemen, tetapi tidak memungkinkan membuat perubahan Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.DeviceUpdate/akun/instans/manajemen/baca | Melakukan operasi baca yang terkait dengan manajemen |
| Microsoft.DeviceUpdate/akun/instans/pembaruan/baca | Melakukan operasi baca yang terkait dengan pembaruan |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Gives you read access to management operations, but does not allow making changes",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/49e2f5d2-7741-4835-8efa-19e1fe35e47f",
"name": "49e2f5d2-7741-4835-8efa-19e1fe35e47f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/management/read",
"Microsoft.DeviceUpdate/accounts/instances/updates/read"
],
"notDataActions": []
}
],
"roleName": "Device Update Deployments Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Pembaruan Perangkat
Memberi Anda akses baca ke operasi konten, tetapi tidak memperbolehkan membuat perubahan Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.DeviceUpdate/akun/instans/pembaruan/baca | Melakukan operasi baca yang terkait dengan pembaruan |
| Microsoft.DeviceUpdate/akun/instans/manajemen/baca | Melakukan operasi baca yang terkait dengan manajemen |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Gives you read access to management and content operations, but does not allow making changes",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f",
"name": "e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/updates/read",
"Microsoft.DeviceUpdate/accounts/instances/management/read"
],
"notDataActions": []
}
],
"roleName": "Device Update Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Data IoT Hub
Memungkinkan akses penuh ke operasi pesawat data IoT Hub. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Devices/IotHubs/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to IoT Hub data plane operations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4fc6c259-987e-4a07-842e-c321cc9d413f",
"name": "4fc6c259-987e-4a07-842e-c321cc9d413f",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/IotHubs/*"
],
"notDataActions": []
}
],
"roleName": "IoT Hub Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data IoT Hub
Memungkinkan akses baca penuh ke properti pesawat data IoT Hub Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Devices/IotHubs/*/baca | |
| Microsoft.Devices/IotHubs/fileUpload/pemberitahuan/tindakan | Menerima, melengkapi, atau meninggalkan pemberitahuan unggahan file |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for full read access to IoT Hub data-plane properties",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b447c946-2db7-41ec-983d-d8bf3b1c77e3",
"name": "b447c946-2db7-41ec-983d-d8bf3b1c77e3",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/IotHubs/*/read",
"Microsoft.Devices/IotHubs/fileUpload/notifications/action"
],
"notDataActions": []
}
],
"roleName": "IoT Hub Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Registri IoT Hub
Memungkinkan akses penuh ke registri perangkat IoT Hub. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Devices/IotHubs/perangkat/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to IoT Hub device registry.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4ea46cd5-c1b2-4a8e-910b-273211f9ce47",
"name": "4ea46cd5-c1b2-4a8e-910b-273211f9ce47",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/IotHubs/devices/*"
],
"notDataActions": []
}
],
"roleName": "IoT Hub Registry Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Kembar IoT Hub
Memungkinkan untuk membaca dan menulis akses ke semua perangkat IoT Hub dan modul kembar. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Devices/IotHubs/kembar/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for read and write access to all IoT Hub device and module twins.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/494bdba2-168f-4f31-a0a1-191d2f7c028c",
"name": "494bdba2-168f-4f31-a0a1-191d2f7c028c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/IotHubs/twins/*"
],
"notDataActions": []
}
],
"roleName": "IoT Hub Twin Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Realitas campuran
Administrator Remote Rendering
Menyediakan kemampuan konversi, kelola sesi, rendering, dan diagnostik pengguna untuk Azure Remote Rendering Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.MixedReality/RemoteRenderingAccounts/convert/tindakan | Mulai konversi aset |
| Microsoft.MixedReality/RemoteRenderingAccounts/convert/baca | Dapatkan properti konversi aset |
| Microsoft.MixedReality/RemoteRenderingAccounts/convert/hapus | Mulai konversi aset |
| Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/baca | Dapatkan properti sesi |
| Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/tindakan | Memulai sesi |
| Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/hapus | Menghentikan sesi |
| Microsoft.MixedReality/RemoteRenderingAccounts/render/baca | Menyambungkan ke sesi |
| Microsoft.MixedReality/RemoteRenderingAccounts/diagnostik/baca | Sambungkan ke inspektur Remote Rendering |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3df8b902-2a6f-47c7-8cc5-360e9b272a7e",
"name": "3df8b902-2a6f-47c7-8cc5-360e9b272a7e",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/RemoteRenderingAccounts/convert/action",
"Microsoft.MixedReality/RemoteRenderingAccounts/convert/read",
"Microsoft.MixedReality/RemoteRenderingAccounts/convert/delete",
"Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/read",
"Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/action",
"Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/delete",
"Microsoft.MixedReality/RemoteRenderingAccounts/render/read",
"Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/read"
],
"notDataActions": []
}
],
"roleName": "Remote Rendering Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Klien Remote Rendering
Memberi pengguna kemampuan mengelola sesi, perenderan, dan diagnostik untuk Azure Remote Rendering. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/baca | Dapatkan properti sesi |
| Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/tindakan | Memulai sesi |
| Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/hapus | Menghentikan sesi |
| Microsoft.MixedReality/RemoteRenderingAccounts/render/baca | Menyambungkan ke sesi |
| Microsoft.MixedReality/RemoteRenderingAccounts/diagnostik/baca | Sambungkan ke inspektur Remote Rendering |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d39065c4-c120-43c9-ab0a-63eed9795f0a",
"name": "d39065c4-c120-43c9-ab0a-63eed9795f0a",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/read",
"Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/action",
"Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/delete",
"Microsoft.MixedReality/RemoteRenderingAccounts/render/read",
"Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/read"
],
"notDataActions": []
}
],
"roleName": "Remote Rendering Client",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Akun Spatial Anchors
Memungkinkan Anda mengelola jangkar spasial di akun Anda, tetapi tidak menghapusnya Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.MixedReality/SpatialAnchorsAccounts/buat/tindakan | Azure Spatial Anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/temukan/baca | Temukan jangkar spasial terdekat |
| Microsoft.MixedReality/SpatialAnchorsAccounts/properti/baca | Dapatkan properti jangkar spasial |
| Microsoft.MixedReality/SpatialAnchorsAccounts/kueri/baca | Azure Spatial Anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/baca | Kirim data diagnostik untuk membantu meningkatkan kualitas layanan Azure Spatial Anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/baca | Memperbarui properti jangkar spasial |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage spatial anchors in your account, but not delete them",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
"name": "8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
"Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/write"
],
"notDataActions": []
}
],
"roleName": "Spatial Anchors Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik Akun Spatial Anchors
Memungkinkan Anda mengelola jangkar spasial di akun Anda, termasuk menghapusnya Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.MixedReality/SpatialAnchorsAccounts/buat/tindakan | Azure Spatial Anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/hapus | Menghapus jangkar spasial |
| Microsoft.MixedReality/SpatialAnchorsAccounts/temukan/baca | Temukan jangkar spasial terdekat |
| Microsoft.MixedReality/SpatialAnchorsAccounts/properti/baca | Dapatkan properti jangkar spasial |
| Microsoft.MixedReality/SpatialAnchorsAccounts/kueri/baca | Azure Spatial Anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/baca | Kirim data diagnostik untuk membantu meningkatkan kualitas layanan Azure Spatial Anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/baca | Memperbarui properti jangkar spasial |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage spatial anchors in your account, including deleting them",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/70bbe301-9835-447d-afdd-19eb3167307c",
"name": "70bbe301-9835-447d-afdd-19eb3167307c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
"Microsoft.MixedReality/SpatialAnchorsAccounts/delete",
"Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/write"
],
"notDataActions": []
}
],
"roleName": "Spatial Anchors Account Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Akun Spatial Anchors
Memungkinkan Anda menemukan dan membaca properti jangkar spasial di akun Anda Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.MixedReality/SpatialAnchorsAccounts/temukan/baca | Temukan jangkar spasial terdekat |
| Microsoft.MixedReality/SpatialAnchorsAccounts/properti/baca | Dapatkan properti jangkar spasial |
| Microsoft.MixedReality/SpatialAnchorsAccounts/kueri/baca | Azure Spatial Anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/baca | Kirim data diagnostik untuk membantu meningkatkan kualitas layanan Azure Spatial Anchors |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you locate and read properties of spatial anchors in your account",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d51204f-eb77-4b1c-b86a-2ec626c49413",
"name": "5d51204f-eb77-4b1c-b86a-2ec626c49413",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read"
],
"notDataActions": []
}
],
"roleName": "Spatial Anchors Account Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Integrasi
Kontributor Layanan API Management
Dapat mengelola layanan dan API Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ApiManagement/layanan/* | Membuat dan mengelola layanan API Management |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can manage service and the APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c",
"name": "312a565d-c81f-4fd8-895a-4e21e48d571c",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Operator Layanan API Management
Dapat mengelola layanan tetapi bukan API Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ApiManagement/layanan/*/baca | Baca instans API Management Service |
| Microsoft.ApiManagement/layanan/cadangan/tindakan | Backup API Management Service ke kontainer yang ditentukan dalam akun penyimpanan yang disediakan pengguna |
| Microsoft.ApiManagement/layanan/hapus | Hapus instan Layanan API Management |
| Microsoft.ApiManagement/service/managedeployments/tindakan | Ubah SKU/unit, tambahkan/hapus penyebaran regional API Management Service |
| Microsoft.ApiManagement/layanan/baca | Membaca metadata untuk instans API Management Service |
| Microsoft.ApiMenammanman/layanan/pemulihan/tindakan | Pulihkan API Management Service dari kontainer yang ditentukan dalam akun penyimpanan yang disediakan pengguna |
| Microsoft.ApiManagement/layanan/updatecertificate/tindakan | Mengunggah sertifikat TLS/SSL untuk API Management Service |
| Microsoft.ApiManagement/layanan/updatehostname/tindakan | Menyiapkan, memperbarui, atau menghapus nama domain kustom untuk API Management Service |
| Microsoft.ApiManagement/layanan/tulis | Membuat atau Memperbarui instance Layanan API Management |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Microsoft.ApiManagement/layanan/pengguna/kunci/baca | Mendapatkan kunci yang terkait dengan pengguna |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can manage service but not the APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61",
"name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*/read",
"Microsoft.ApiManagement/service/backup/action",
"Microsoft.ApiManagement/service/delete",
"Microsoft.ApiManagement/service/managedeployments/action",
"Microsoft.ApiManagement/service/read",
"Microsoft.ApiManagement/service/restore/action",
"Microsoft.ApiManagement/service/updatecertificate/action",
"Microsoft.ApiManagement/service/updatehostname/action",
"Microsoft.ApiManagement/service/write",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.ApiManagement/service/users/keys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Pembaca Layanan API Management
Akses baca-saja ke layanan dan API Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ApiManagement/layanan/*/baca | Baca instans API Management Service |
| Microsoft.ApiManagement/layanan/baca | Membaca metadata untuk instans API Management Service |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Microsoft.ApiManagement/layanan/pengguna/kunci/baca | Mendapatkan kunci yang terkait dengan pengguna |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read-only access to service and APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d",
"name": "71522526-b88f-4d52-b57f-d31fc3546d0d",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*/read",
"Microsoft.ApiManagement/service/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.ApiManagement/service/users/keys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengembang API Ruang Kerja Layanan API Management
Memiliki akses baca ke tag dan produk dan akses tulis untuk memungkinkan: menetapkan API ke produk, menetapkan tag ke produk dan API. Peran ini harus ditetapkan pada cakupan layanan. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ApiManagement/service/tags/read | Mencantumkan kumpulan tag yang ditentukan dalam instans layanan. atau Mendapatkan detail tag yang ditentukan oleh pengenalnya. |
| Microsoft.ApiManagement/service/tags/apiLinks/* | |
| Microsoft.ApiManagement/service/tags/operationLinks/* | |
| Microsoft.ApiManagement/service/tags/productLinks/* | |
| Microsoft.ApiManagement/service/products/read | Mencantumkan kumpulan produk dalam contoh layanan yang ditentukan. atau Mendapatkan detail produk yang ditentukan oleh pengenalnya. |
| Microsoft.ApiManagement/service/products/apiLinks/* | |
| Microsoft.ApiManagement/layanan/baca | Membaca metadata untuk instans API Management Service |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Has read access to tags and products and write access to allow: assigning APIs to products, assigning tags to products and APIs. This role should be assigned on the service scope.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9565a273-41b9-4368-97d2-aeb0c976a9b3",
"name": "9565a273-41b9-4368-97d2-aeb0c976a9b3",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/tags/read",
"Microsoft.ApiManagement/service/tags/apiLinks/*",
"Microsoft.ApiManagement/service/tags/operationLinks/*",
"Microsoft.ApiManagement/service/tags/productLinks/*",
"Microsoft.ApiManagement/service/products/read",
"Microsoft.ApiManagement/service/products/apiLinks/*",
"Microsoft.ApiManagement/service/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Workspace API Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API Management Service Workspace API Product Manager
Memiliki akses yang sama dengan API Management Service Workspace API Developer serta akses baca ke pengguna dan akses tulis untuk memungkinkan penetapan pengguna ke grup. Peran ini harus ditetapkan pada cakupan layanan. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ApiManagement/service/users/read | Mencantumkan kumpulan pengguna terdaftar dalam instans layanan yang ditentukan. atau Mendapatkan detail pengguna yang ditentukan oleh pengidentifikasinya. |
| Microsoft.ApiManagement/service/tags/read | Mencantumkan kumpulan tag yang ditentukan dalam instans layanan. atau Mendapatkan detail tag yang ditentukan oleh pengenalnya. |
| Microsoft.ApiManagement/service/tags/apiLinks/* | |
| Microsoft.ApiManagement/service/tags/operationLinks/* | |
| Microsoft.ApiManagement/service/tags/productLinks/* | |
| Microsoft.ApiManagement/service/products/read | Mencantumkan kumpulan produk dalam contoh layanan yang ditentukan. atau Mendapatkan detail produk yang ditentukan oleh pengenalnya. |
| Microsoft.ApiManagement/service/products/apiLinks/* | |
| Microsoft.ApiManagement/service/groups/users/* | |
| Microsoft.ApiManagement/layanan/baca | Membaca metadata untuk instans API Management Service |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da",
"name": "d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/users/read",
"Microsoft.ApiManagement/service/tags/read",
"Microsoft.ApiManagement/service/tags/apiLinks/*",
"Microsoft.ApiManagement/service/tags/operationLinks/*",
"Microsoft.ApiManagement/service/tags/productLinks/*",
"Microsoft.ApiManagement/service/products/read",
"Microsoft.ApiManagement/service/products/apiLinks/*",
"Microsoft.ApiManagement/service/groups/users/*",
"Microsoft.ApiManagement/service/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Workspace API Product Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengembang API Ruang Kerja API Management
Memiliki akses baca ke entitas di ruang kerja dan membaca dan menulis akses ke entitas untuk mengedit API. Peran ini harus ditetapkan pada cakupan ruang kerja. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ApiManagement/service/workspaces/*/read | |
| Microsoft.ApiManagement/service/workspaces/apis/* | |
| Microsoft.ApiManagement/service/workspaces/apiVersionSets/* | |
| Microsoft.ApiManagement/service/workspaces/policies/* | |
| Microsoft.ApiManagement/service/workspaces/schemas/* | |
| Microsoft.ApiManagement/service/workspaces/products/* | |
| Microsoft.ApiManagement/service/workspaces/policyFragments/* | |
| Microsoft.ApiManagement/service/workspaces/namedValues/* | |
| Microsoft.ApiManagement/service/workspaces/tags/* | |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Has read access to entities in the workspace and read and write access to entities for editing APIs. This role should be assigned on the workspace scope.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/56328988-075d-4c6a-8766-d93edd6725b6",
"name": "56328988-075d-4c6a-8766-d93edd6725b6",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/workspaces/*/read",
"Microsoft.ApiManagement/service/workspaces/apis/*",
"Microsoft.ApiManagement/service/workspaces/apiVersionSets/*",
"Microsoft.ApiManagement/service/workspaces/policies/*",
"Microsoft.ApiManagement/service/workspaces/schemas/*",
"Microsoft.ApiManagement/service/workspaces/products/*",
"Microsoft.ApiManagement/service/workspaces/policyFragments/*",
"Microsoft.ApiManagement/service/workspaces/namedValues/*",
"Microsoft.ApiManagement/service/workspaces/tags/*",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Workspace API Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API Management Workspace API Product Manager
Memiliki akses baca ke entitas di ruang kerja dan membaca dan menulis akses ke entitas untuk menerbitkan API. Peran ini harus ditetapkan pada cakupan ruang kerja. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ApiManagement/service/workspaces/*/read | |
| Microsoft.ApiManagement/service/workspaces/products/* | |
| Microsoft.ApiManagement/service/workspaces/subscriptions/* | |
| Microsoft.ApiManagement/service/workspaces/groups/* | |
| Microsoft.ApiManagement/service/workspaces/tags/* | |
| Microsoft.ApiManagement/service/workspaces/notifications/* | |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Has read access to entities in the workspace and read and write access to entities for publishing APIs. This role should be assigned on the workspace scope.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c2c328-d004-4c5e-938c-35c6f5679a1f",
"name": "73c2c328-d004-4c5e-938c-35c6f5679a1f",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/workspaces/*/read",
"Microsoft.ApiManagement/service/workspaces/products/*",
"Microsoft.ApiManagement/service/workspaces/subscriptions/*",
"Microsoft.ApiManagement/service/workspaces/groups/*",
"Microsoft.ApiManagement/service/workspaces/tags/*",
"Microsoft.ApiManagement/service/workspaces/notifications/*",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Workspace API Product Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Ruang Kerja API Management
Dapat mengelola ruang kerja dan tampilan, tetapi tidak mengubah anggotanya. Peran ini harus ditetapkan pada cakupan ruang kerja. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ApiManagement/service/workspaces/* | |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can manage the workspace and view, but not modify its members. This role should be assigned on the workspace scope.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c34c906-8d99-4cb7-8bb7-33f5b0a1a799",
"name": "0c34c906-8d99-4cb7-8bb7-33f5b0a1a799",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/workspaces/*",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Workspace Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Ruang Kerja API Management
Memiliki akses baca-saja ke entitas di ruang kerja. Peran ini harus ditetapkan pada cakupan ruang kerja. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ApiManagement/service/workspaces/*/read | |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Has read-only access to entities in the workspace. This role should be assigned on the workspace scope.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2",
"name": "ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/workspaces/*/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Workspace Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik Data App Configuration
Memungkinkan akses penuh ke data App Configuration. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.AppConfiguration/configurationStores/*/baca | |
| Microsoft.AppConfiguration/configurationStores/*/tulis | |
| Microsoft.AppConfiguration/configurationStores/*/hapus | |
| Microsoft.AppConfiguration/configurationStores/*/action | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows full access to App Configuration data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
"name": "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppConfiguration/configurationStores/*/read",
"Microsoft.AppConfiguration/configurationStores/*/write",
"Microsoft.AppConfiguration/configurationStores/*/delete",
"Microsoft.AppConfiguration/configurationStores/*/action"
],
"notDataActions": []
}
],
"roleName": "App Configuration Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data App Configuration
Memungkinkan akses baca ke data App Configuration. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.AppConfiguration/configurationStores/*/baca | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to App Configuration data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071",
"name": "516239f1-63e1-4d78-a4de-a74fb236a071",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppConfiguration/configurationStores/*/read"
],
"notDataActions": []
}
],
"roleName": "App Configuration Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pendengar Azure Relay
Memungkinkan untuk mendengarkan akses ke sumber daya Azure Relay.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Relay/*/wcfRelays/read | |
| Microsoft.Relay/*/hybridConnections/read | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Relay/*/listen/action | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for listen access to Azure Relay resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/26e0b698-aa6d-4085-9386-aadae190014d",
"name": "26e0b698-aa6d-4085-9386-aadae190014d",
"permissions": [
{
"actions": [
"Microsoft.Relay/*/wcfRelays/read",
"Microsoft.Relay/*/hybridConnections/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Relay/*/listen/action"
],
"notDataActions": []
}
],
"roleName": "Azure Relay Listener",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik Azure Relay
Memungkinkan akses penuh ke sumber daya Azure Relay.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Relay/* | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Relay/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Relay resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2787bf04-f1f5-4bfe-8383-c8a24483ee38",
"name": "2787bf04-f1f5-4bfe-8383-c8a24483ee38",
"permissions": [
{
"actions": [
"Microsoft.Relay/*"
],
"notActions": [],
"dataActions": [
"Microsoft.Relay/*"
],
"notDataActions": []
}
],
"roleName": "Azure Relay Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengirim Azure Relay
Memungkinkan untuk mengirimkan akses ke sumber daya Azure Relay.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Relay/*/wcfRelays/read | |
| Microsoft.Relay/*/hybridConnections/read | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.Relay/*/send/action | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for send access to Azure Relay resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/26baccc8-eea7-41f1-98f4-1762cc7f685d",
"name": "26baccc8-eea7-41f1-98f4-1762cc7f685d",
"permissions": [
{
"actions": [
"Microsoft.Relay/*/wcfRelays/read",
"Microsoft.Relay/*/hybridConnections/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Relay/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Relay Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik Data Azure Service Bus
Memungkinkan akses penuh ke sumber daya Azure Service Bus. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ServiceBus/* | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.ServiceBus/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Service Bus resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419",
"name": "090c5cfd-751d-490a-894a-3ce6f1109419",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penerima Data Azure Service Bus
Memungkinkan untuk menerima akses ke sumber daya Azure Service Bus. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ServiceBus/*/antrean/baca | |
| Microsoft.ServiceBus/*/topik/baca | |
| Microsoft.ServiceBus/*/topik/langganan/baca | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.ServiceBus/*/terima/tindakan | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for receive access to Azure Service Bus resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
"name": "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*/queues/read",
"Microsoft.ServiceBus/*/topics/read",
"Microsoft.ServiceBus/*/topics/subscriptions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Service Bus Data Sender
Memungkinkan untuk mengirim akses ke sumber daya Azure Service Bus. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ServiceBus/*/antrean/baca | |
| Microsoft.ServiceBus/*/topik/baca | |
| Microsoft.ServiceBus/*/topik/langganan/baca | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.ServiceBus/*/kirim/tindakan | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for send access to Azure Service Bus resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
"name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*/queues/read",
"Microsoft.ServiceBus/*/topics/read",
"Microsoft.ServiceBus/*/topics/subscriptions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik Pendaftaran Azure Stack Hub
Memungkinkan Anda mengelola pendaftaran Azure Stack Hub.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.AzureStack/edgeSubscriptions/baca | |
| Microsoft.AzureStack/registrasi/produk/*/tindakan | |
| Microsoft.AzureStack/registrasi/produk/*/baca | Mendapatkan properti produk Azure Stack Marketplace |
| Microsoft.AzureStack/registrasi/baca | Mendapatkan properti pendaftaran Azure Stack |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Stack registrations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"permissions": [
{
"actions": [
"Microsoft.AzureStack/edgeSubscriptions/read",
"Microsoft.AzureStack/registrations/products/*/action",
"Microsoft.AzureStack/registrations/products/read",
"Microsoft.AzureStack/registrations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack Registration Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor EventGrid
Memungkinkan Anda mengelola operasi EventGrid.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.EventGrid/* | Membuat dan mengelola sumber daya Event Grid |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage EventGrid operations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de",
"name": "1e241071-0855-49ea-94dc-649edcd759de",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengirim Data EventGrid
Memungkinkan mengirim akses ke acara grid acara.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.EventGrid/topics/read | Membaca topik |
| Microsoft.EventGrid/domains/read | Membaca domain |
| Microsoft.EventGrid/partnerNamespaces/read | Membaca namespace mitra |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.EventGrid/events/send/action | Kirim kejadian ke topik |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows send access to event grid events.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d5a91429-5739-47e2-a06b-3470a27159e7",
"name": "d5a91429-5739-47e2-a06b-3470a27159e7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/topics/read",
"Microsoft.EventGrid/domains/read",
"Microsoft.EventGrid/partnerNamespaces/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventGrid/events/send/action"
],
"notDataActions": []
}
],
"roleName": "EventGrid Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor EventSubscription EventGrid
Memungkinkan Anda mengelola operasi langganan kejadian EventGrid. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.EventGrid/eventSubscriptions/* | Membuat dan mengelola langganan acara regional |
| Microsoft.EventGrid/topicTypes/eventSubscriptions/baca | Daftar langganan acara global menurut tipe topik |
| Microsoft.EventGrid/lokasi/eventSubscriptions/baca | Daftar langganan acara regional |
| Microsoft.EventGrid/lokasi/topicTypes/eventSubscriptions/baca | Daftar langganan acara regional menurut tipe topik |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage EventGrid event subscription operations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
"name": "428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/eventSubscriptions/*",
"Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
"Microsoft.EventGrid/locations/eventSubscriptions/read",
"Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid EventSubscription Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca EventSubscription EventGrid
Memungkinkan Anda membaca langganan kejadian EventGrid. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.EventGrid/eventSubscriptions/baca | Membaca sebuah eventSubscription |
| Microsoft.EventGrid/topicTypes/eventSubscriptions/baca | Daftar langganan acara global menurut tipe topik |
| Microsoft.EventGrid/lokasi/eventSubscriptions/baca | Daftar langganan acara regional |
| Microsoft.EventGrid/lokasi/topicTypes/eventSubscriptions/baca | Daftar langganan acara regional menurut tipe topik |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you read EventGrid event subscriptions.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405",
"name": "2414bbcf-6497-4faf-8c65-045460748405",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/eventSubscriptions/read",
"Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
"Microsoft.EventGrid/locations/eventSubscriptions/read",
"Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid EventSubscription Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Data FHIR
Peran memungkinkan pengguna atau prinsipal akses penuh ke Data FHIR Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.HealthcareApis/layanan/fhir/sumber daya/* | |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal full access to FHIR Data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5a1fc7df-4bf1-4951-a576-89034ee01acd",
"name": "5a1fc7df-4bf1-4951-a576-89034ee01acd",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/*",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/*"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengimpor Data FHIR
Peran memungkinkan pengguna atau prinsipal untuk membaca dan mengimpor Data FHIR Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.HealthcareApis/layanan/fhir/sumber daya/baca | Baca sumber daya FHIR (termasuk pencarian dan riwayat versi). |
| Microsoft.HealthcareApis/services/fhir/resources/import/action | Operasi impor ($export). |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | Baca sumber daya FHIR (termasuk pencarian dan riwayat versi). |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action | Operasi impor ($export). |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to read and import FHIR Data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4465e953-8ced-4406-a58e-0f6e3f3b530b",
"name": "4465e953-8ced-4406-a58e-0f6e3f3b530b",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/read",
"Microsoft.HealthcareApis/services/fhir/resources/import/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/read",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Importer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengekspor Data FHIR
Peran memungkinkan pengguna atau prinsipal untuk membaca dan mengekspor Data FHIR Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.HealthcareApis/layanan/fhir/sumber daya/baca | Baca sumber daya FHIR (termasuk pencarian dan riwayat versi). |
| Microsoft.HealthcareApis/layanan/fhir/sumber daya/ekspor/tindakan | Operasi ekspor ($export). |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | Baca sumber daya FHIR (termasuk pencarian dan riwayat versi). |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action | Operasi ekspor ($export). |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to read and export FHIR Data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3db33094-8700-4567-8da5-1501d4e7e843",
"name": "3db33094-8700-4567-8da5-1501d4e7e843",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/read",
"Microsoft.HealthcareApis/services/fhir/resources/export/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/read",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Exporter",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Data FHIR
Peran memungkinkan pengguna atau prinsipal untuk membaca Data FHIR Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.HealthcareApis/layanan/fhir/sumber daya/baca | Baca sumber daya FHIR (termasuk pencarian dan riwayat versi). |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | Baca sumber daya FHIR (termasuk pencarian dan riwayat versi). |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to read FHIR Data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4c8d0bbc-75d3-4935-991f-5f3c56d81508",
"name": "4c8d0bbc-75d3-4935-991f-5f3c56d81508",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/read",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/read"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penulis Data FHIR
Peran memungkinkan pengguna atau prinsipal untuk membaca dan menulis Data FHIR Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.HealthcareApis/layanan/fhir/sumber daya/* | |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/* | |
| NotDataActions | |
| Microsoft.HealthcareApis/layanan/fhir/sumber daya/hardDelete/tindakan | Penghapusan Keras (termasuk riwayat versi). |
| Microsoft.HealthcareApis/workspaces/fhirservices/resources/hardDelete/action | Penghapusan Keras (termasuk riwayat versi). |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to read and write FHIR Data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3f88fce4-5892-4214-ae73-ba5294559913",
"name": "3f88fce4-5892-4214-ae73-ba5294559913",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/*",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/*"
],
"notDataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/hardDelete/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/hardDelete/action"
]
}
],
"roleName": "FHIR Data Writer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Lingkungan Layanan Integrasi
Memungkinkan Anda mengelola lingkungan layanan integrasi, tetapi tidak dapat mengaksesnya. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Logic/integrationServiceEnvironments/* | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage integration service environments, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a41e2c5b-bd99-4a07-88f4-9bf657a760b8",
"name": "a41e2c5b-bd99-4a07-88f4-9bf657a760b8",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Support/*",
"Microsoft.Logic/integrationServiceEnvironments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Integration Service Environment Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengembang Lingkungan Layanan Integrasi
Memungkinkan pengembang untuk membuat dan memperbarui alur kerja, akun integrasi, dan koneksi API dalam lingkungan layanan integrasi. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Logic/integrationServiceEnvironments/baca | Membaca lingkungan layanan integrasi. |
| Microsoft.Logic/integrasiServiceEnvironments/*/gabung/tindakan | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows developers to create and update workflows, integration accounts and API connections in integration service environments.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c7aa55d3-1abb-444a-a5ca-5e51e485d6ec",
"name": "c7aa55d3-1abb-444a-a5ca-5e51e485d6ec",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Support/*",
"Microsoft.Logic/integrationServiceEnvironments/read",
"Microsoft.Logic/integrationServiceEnvironments/*/join/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Integration Service Environment Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Akun Sistem Cerdas
Memungkinkan Anda mengelola akun Intelligent Systems, tetapi tidak dapat mengaksesnya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.IntelligentSystems/akun/* | Membuat dan mengelola akun sistem cerdas |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Intelligent Systems accounts, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e",
"name": "03a6d094-3444-4b3d-88af-7477090a9e5e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.IntelligentSystems/accounts/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Intelligent Systems Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Aplikasi Logika
Memungkinkan Anda mengelola aplikasi logika, tetapi tidak mengubah akses ke aplikasi tersebut. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.ClassicStorage/storageAccounts/listKeys/tindakan | Mencantumkan kunci akses untuk akun penyimpanan. |
| Microsoft.ClassicStorage/storageAccounts/baca | Kembalikan akun penyimpanan dengan akun yang diberikan. |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/metricAlerts/* | |
| Microsoft.Insights/diagnosticSettings/* | Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis |
| Microsoft.Insights/logdefinitions/* | Izin ini diperlukan bagi pengguna yang membutuhkan akses ke Log Aktivitas melalui portal. Mencantumkan kategori log di Log Aktivitas. |
| Microsoft.Insights/metricDefinitions/* | Membaca definisi metrik (daftar tipe metrik yang tersedia untuk sumber daya). |
| Microsoft.Logic/* | Mengelola sumber daya Logic Apps. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/storageAccounts/listKeys/tindakan | Mengembalikan kunci akses untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Web/connectionGateways/* | Membuat dan mengelola Gateway Koneksi. |
| Microsoft.Web/koneksi/* | Membuat dan mengelola Koneksi. |
| Microsoft.Web/customApis/* | Membuat dan mengelola API Kustom. |
| Microsoft.Web/serverFarms/gabung/tindakan | Bergabung dengan App Service Plan |
| Microsoft.Web/serverFarms/baca | Dapatkan properti di App Service Plan |
| Microsoft.Web/situs/fungsi/listSecrets/tindakan | Daftar Rahasia fungsi. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage logic app, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e",
"name": "87a39d53-fc1b-424a-814c-f7e04687dc9e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.ClassicStorage/storageAccounts/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/logdefinitions/*",
"Microsoft.Insights/metricDefinitions/*",
"Microsoft.Logic/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*",
"Microsoft.Web/connectionGateways/*",
"Microsoft.Web/connections/*",
"Microsoft.Web/customApis/*",
"Microsoft.Web/serverFarms/join/action",
"Microsoft.Web/serverFarms/read",
"Microsoft.Web/sites/functions/listSecrets/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic App Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Aplikasi Logika
Memungkinkan Anda membaca, mengaktifkan, dan menonaktifkan aplikasi logika, tetapi tidak mengedit atau memperbaruinya. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/baca | Membaca aturan peringatan Insights |
| Microsoft.Insights/metricAlerts/*/baca | |
| Microsoft.Insights /DiagnosticSettings/baca | Mendapatkan pengaturan diagnostik untuk Logic Apps |
| Microsoft.Insights/metricDefinitions/*/read | Mendapatkan metrik yang tersedia untuk Logic Apps. |
| Microsoft.Logic/*/baca | Membaca sumber daya Aplikasi Logika. |
| Microsoft.Logic/alur kerja/nonaktifkan/tindakan | Menonaktifkan alur kerja. |
| Microsoft.Logic/alur kerja/aktifkan/tindakan | Mengaktifkan alur kerja. |
| Microsoft.Logic/alur kerja/validasi/tindakan | Memvalidasi alur kerja. |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Web/connectionGateways/*/baca | Baca Gateway Koneksi. |
| Microsoft.Web/koneksi/*/baca | Baca Koneksi. |
| Microsoft.Web/customApis/*/baca | Baca API Kustom. |
| Microsoft.Web/serverFarms/baca | Dapatkan properti di App Service Plan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you read, enable and disable logic app.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
"name": "515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*/read",
"Microsoft.Insights/metricAlerts/*/read",
"Microsoft.Insights/diagnosticSettings/*/read",
"Microsoft.Insights/metricDefinitions/*/read",
"Microsoft.Logic/*/read",
"Microsoft.Logic/workflows/disable/action",
"Microsoft.Logic/workflows/enable/action",
"Microsoft.Logic/workflows/validate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/connectionGateways/*/read",
"Microsoft.Web/connections/*/read",
"Microsoft.Web/customApis/*/read",
"Microsoft.Web/serverFarms/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic App Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Identitas
Kontributor Layanan Domain
Dapat mengelola Azure AD Domain Services dan konfigurasi jaringan terkait Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/penyebaran/baca | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Resources/penyebaran/tulis | Membuat atau memperbarui penyebaran. |
| Microsoft.Resources/deployments/delete | Menghapus penyebaran. |
| Microsoft.Resources/deployments/cancel/action | Membatalkan penyebaran. |
| Microsoft.Resources/deployments/validate/action | Memvalidasi penyebaran. |
| Microsoft.Resources/deployments/whatIf/action | Memprediksi perubahan penyebaran templat. |
| Microsoft.Resources/deployments/exportTemplate/action | Mengekspor templat untuk penyebaran |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/deployments/operationstatuses/read | Mendapatkan atau mencantumkan status operasi penyebaran. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Insights/AlertRules/Write | Membuat atau memperbarui pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Delete | Menghapus pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Read | Membaca pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Activated/Action | Pemberitahuan metrik klasik diaktifkan |
| Microsoft.Insights/AlertRules/Resolved/Action | Pemberitahuan metrik klasik diselesaikan |
| Microsoft.Insights/AlertRules/Throttled/Action | Aturan pemberitahuan metrik klasik dibatasi |
| Microsoft.Insights/AlertRules/Incidents/Read | Membaca insiden pemberitahuan metrik klasik |
| Microsoft.Insights/Logs/Read | Membaca data dari semua log Anda |
| Microsoft.Insights/Metrics/Read | Membaca metrik |
| Microsoft.Insights/DiagnosticSettings/* | Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis |
| Microsoft.Insights/DiagnosticSettingsCategories/Read | Membaca kategori pengaturan diagnostik |
| Microsoft.AAD/register/action | Mendaftarkan Layanan Domain |
| Microsoft.AAD/unregister/action | Membatalkan pendaftaran Layanan Domain |
| Microsoft.AAD/domainServices/* | |
| Microsoft.Network/register/action | Mendaftarkan langganan |
| Microsoft.Network/unregister/action | Membatalkan pendaftaran langganan |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/virtualNetworks/write | Membuat jaringan virtual atau memperbarui jaringan virtual yang ada |
| Microsoft.Network/virtualNetworks/delete | Menghapus jaringan virtual |
| Microsoft.Network/virtualNetworks/peer/action | Sandingkan jaringan virtual dengan jaringan virtual lain |
| Microsoft.Network/virtualNetworks/gabung/tindakan | Bergabung dengan jaringan virtual. Tidak dapat diberi tahu. |
| Microsoft.Network/virtualNetworks/subnets/baca | Mendapatkan definisi subnet jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/write | Membuat subnet jaringan virtual atau memperbarui subnet jaringan virtual yang ada |
| Microsoft.Network/virtualNetworks/subnets/delete | Menghapus subnet jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/gabung/tindakan | Bergabung dengan jaringan virtual. Tidak dapat diberi tahu. |
| Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read | Mendapat definisi peering jaringan virtual |
| Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write | Membuat peering jaringan virtual atau memperbarui peering jaringan virtual yang ada |
| Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete | Menghapus peering jaringan virtual |
| Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read | Dapatkan pengaturan diagnostik Microsoft Azure Virtual Network |
| Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read | Mendapatkan metrik yang tersedia untuk PingMesh |
| Microsoft.Network/azureFirewalls/read | Mendapatkan Azure Firewall |
| Microsoft.Network/ddosProtectionPlans/read | Mendapatkan Paket Azure DDoS Protection |
| Microsoft.Network/ddosProtectionPlans/join/action | Menggabungkan Paket Azure DDoS Protection. Tidak dapat diberi tahu. |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/loadBalancers/delete | Menghapus penyeimbang beban |
| Microsoft.Network/loadBalancers/*/read | |
| Microsoft.Network/loadBalancers/backendAddressPools/gabung/tindakan | Bergabung dengan kumpulan alamat backend penyeimbang muatan. Tidak bisa diperingatkan. |
| Microsoft.Network/loadBalancers/inboundNatRules/gabung/tindakan | Bergabung dengan kumpulan NAT masuk penyeimbang muatan. Tidak dapat diberi tahu. |
| Microsoft.Network/natGateways/join/action | Menggabungkan NAT Gateway |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Network/networkInterfaces/tulis | Membuat antarmuka jaringan atau memperbarui antarmuka jaringan yang ada. |
| Microsoft.Network/networkInterfaces/delete | Menghapus antarmuka jaringan |
| Microsoft.Network/networkInterfaces/gabung/tindakan | Melampirkan antarmuka jaringan ke komputer virtual. Tidak dapat diberi tahu. |
| Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read | Mendapatkan definisi aturan keamanan default |
| Microsoft.Network/networkSecurityGroups/baca | Mendapatkan grup keamanan jaringan |
| Microsoft.Network/networkSecurityGroups/write | Membuat kelompok keamanan jaringan atau memperbarui kelompok keamanan jaringan yang ada |
| Microsoft.Network/networkSecurityGroups/delete | Menghapus kelompok keamanan jaringan |
| Microsoft.Network/networkSecurityGroups/gabung/tindakan | Mendapatkan grup keamanan jaringan. Tidak dapat diberi tahu. |
| Microsoft.Network/networkSecurityGroups/securityRules/read | Mendapatkan definisi aturan keamanan |
| Microsoft.Network/networkSecurityGroups/securityRules/write | Membuat aturan keamanan atau memperbarui aturan keamanan yang sudah ada |
| Microsoft.Network/networkSecurityGroups/securityRules/delete | Menghapus aturan keamanan |
| Microsoft.Network/routeTables/read | Mendapat definisi tabel rute |
| Microsoft.Network/routeTables/write | Membuat tabel rute atau Memperbarui tabel rute yang ada |
| Microsoft.Network/routeTables/delete | Menghapus definisi tabel rute |
| Microsoft.Network/routeTables/join/action | Menggabungkan tabel rute. Tidak dapat diberi tahu. |
| Microsoft.Network/routeTables/routes/read | Mendapat definisi rute |
| Microsoft.Network/routeTables/routes/write | Membuat rute atau Memperbarui rute yang ada |
| Microsoft.Network/routeTables/routes/delete | Menghapus definisi rute |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can manage Azure AD Domain Services and related network configurations",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/eeaeda52-9324-47f6-8069-5d5bade478b2",
"name": "eeaeda52-9324-47f6-8069-5d5bade478b2",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/delete",
"Microsoft.Resources/deployments/cancel/action",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/whatIf/action",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Insights/Logs/Read",
"Microsoft.Insights/Metrics/Read",
"Microsoft.Insights/DiagnosticSettings/*",
"Microsoft.Insights/DiagnosticSettingsCategories/Read",
"Microsoft.AAD/register/action",
"Microsoft.AAD/unregister/action",
"Microsoft.AAD/domainServices/*",
"Microsoft.Network/register/action",
"Microsoft.Network/unregister/action",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/write",
"Microsoft.Network/virtualNetworks/delete",
"Microsoft.Network/virtualNetworks/peer/action",
"Microsoft.Network/virtualNetworks/join/action",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/write",
"Microsoft.Network/virtualNetworks/subnets/delete",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete",
"Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read",
"Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/azureFirewalls/read",
"Microsoft.Network/ddosProtectionPlans/read",
"Microsoft.Network/ddosProtectionPlans/join/action",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/loadBalancers/delete",
"Microsoft.Network/loadBalancers/*/read",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/natGateways/join/action",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/networkInterfaces/delete",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/write",
"Microsoft.Network/networkSecurityGroups/delete",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/securityRules/read",
"Microsoft.Network/networkSecurityGroups/securityRules/write",
"Microsoft.Network/networkSecurityGroups/securityRules/delete",
"Microsoft.Network/routeTables/read",
"Microsoft.Network/routeTables/write",
"Microsoft.Network/routeTables/delete",
"Microsoft.Network/routeTables/join/action",
"Microsoft.Network/routeTables/routes/read",
"Microsoft.Network/routeTables/routes/write",
"Microsoft.Network/routeTables/routes/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Domain Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Layanan Domain
Dapat melihat Azure AD Domain Services dan konfigurasi jaringan terkait
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/penyebaran/baca | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/deployments/operationstatuses/read | Mendapatkan atau mencantumkan status operasi penyebaran. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Insights/AlertRules/Read | Membaca pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Incidents/Read | Membaca insiden pemberitahuan metrik klasik |
| Microsoft.Insights/Logs/Read | Membaca data dari semua log Anda |
| Microsoft.Insights/Metrics/baca | Membaca metrik |
| Microsoft.Insights/DiagnosticSettings/read | Membaca pengaturan diagnostik sumber daya |
| Microsoft.Insights/DiagnosticSettingsCategories/Read | Membaca kategori pengaturan diagnostik |
| Microsoft.AAD/domainLayanan/*/baca | |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/baca | Mendapatkan definisi subnet jaringan virtual |
| Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read | Mendapat definisi peering jaringan virtual |
| Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read | Dapatkan pengaturan diagnostik Microsoft Azure Virtual Network |
| Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read | Mendapatkan metrik yang tersedia untuk PingMesh |
| Microsoft.Network/azureFirewalls/read | Mendapatkan Azure Firewall |
| Microsoft.Network/ddosProtectionPlans/read | Mendapatkan Paket Azure DDoS Protection |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/loadBalancers/*/read | |
| Microsoft.Network/natGateways/read | Mendapatkan Definisi Nat Gateway |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read | Mendapatkan definisi aturan keamanan default |
| Microsoft.Network/networkSecurityGroups/baca | Mendapatkan grup keamanan jaringan |
| Microsoft.Network/networkSecurityGroups/securityRules/read | Mendapatkan definisi aturan keamanan |
| Microsoft.Network/routeTables/read | Mendapat definisi tabel rute |
| Microsoft.Network/routeTables/routes/read | Mendapat definisi rute |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can view Azure AD Domain Services and related network configurations",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/361898ef-9ed1-48c2-849c-a832951106bb",
"name": "361898ef-9ed1-48c2-849c-a832951106bb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Insights/Logs/Read",
"Microsoft.Insights/Metrics/read",
"Microsoft.Insights/DiagnosticSettings/read",
"Microsoft.Insights/DiagnosticSettingsCategories/Read",
"Microsoft.AAD/domainServices/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
"Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read",
"Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/azureFirewalls/read",
"Microsoft.Network/ddosProtectionPlans/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/loadBalancers/*/read",
"Microsoft.Network/natGateways/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/securityRules/read",
"Microsoft.Network/routeTables/read",
"Microsoft.Network/routeTables/routes/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Domain Services Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Identitas Terkelola
Membuat, Membaca, Memperbarui, dan Menghapus Identitas Yang Ditetapkan Pengguna Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ManagedIdentity/userAssignedIdentities/baca | Mendapatkan identitas pengguna yang ditetapkan yang sudah ada |
| Microsoft.ManagedIdentity/userAssignedIdentities/tulis | Membuat identitas pengguna baru yang ditetapkan atau memperbarui tag yang terkait dengan identitas pengguna yang ditetapkan yang sudah ada |
| Microsoft.ManagedIdentity/userAssignedIdentities/hapus | Menghapus identitas pengguna yang ditetapkan pengguna yang sudah ada |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Create, Read, Update, and Delete User Assigned Identity",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
"name": "e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
"permissions": [
{
"actions": [
"Microsoft.ManagedIdentity/userAssignedIdentities/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/write",
"Microsoft.ManagedIdentity/userAssignedIdentities/delete",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Identity Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Identitas Terkelola
Baca dan Tetapkan Identitas Pengguna yang Ditetapkan Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ManagedIdentity/userAssignedIdentities/baca | |
| Microsoft.ManagedIdentity/userAssignedIdentities/tindakan | |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read and Assign User Assigned Identity",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830",
"name": "f1a07417-d97a-45cb-824c-7a7467783830",
"permissions": [
{
"actions": [
"Microsoft.ManagedIdentity/userAssignedIdentities/*/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Identity Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Keamanan
Kontributor Attestation
Dapat membaca tulis atau menghapus instance penyedia pengesahan Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Attestation/attestationProviders/pengesahan/baca | |
| Microsoft.Attestation/attestationProviders/pengesahan/tulis | |
| Microsoft.Attestation/attestationProviders/pengesahan/hapus | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can read write or delete the attestation provider instance",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/bbf86eb8-f7b4-4cce-96e4-18cddf81d86e",
"name": "bbf86eb8-f7b4-4cce-96e4-18cddf81d86e",
"permissions": [
{
"actions": [
"Microsoft.Attestation/attestationProviders/attestation/read",
"Microsoft.Attestation/attestationProviders/attestation/write",
"Microsoft.Attestation/attestationProviders/attestation/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Attestation Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Pengesahan
Dapat membaca properti penyedia pengesahan Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Attestation/attestationProviders/pengesahan/baca | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can read the attestation provider properties",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fd1bd22b-8476-40bc-a0bc-69b95687b9f3",
"name": "fd1bd22b-8476-40bc-a0bc-69b95687b9f3",
"permissions": [
{
"actions": [
"Microsoft.Attestation/attestationProviders/attestation/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Attestation Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Key Vault
Lakukan semua operasi bidang data pada brankas kunci dan semua objek di dalamnya, termasuk sertifikat, kunci, dan rahasia. Tidak dapat mengelola sumber daya brankas kunci atau mengelola penetapan peran. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.KeyVault/checkNameAvailability/baca | Periksa bahwa nama key vault valid dan sedang tidak digunakan |
| Microsoft.KeyVault/deletedVaults/baca | Lihat properti key vault yang dihapus sementara |
| Microsoft.KeyVault/lokasi/*/baca | |
| Microsoft.KeyVault/vaults/*/baca | |
| Microsoft.KeyVault/operasi/baca | Mencantumkan operasi yang tersedia di penyedia sumber daya Microsoft.KeyVault |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.KeyVault/vaults/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Cannot manage key vault resources or manage role assignments. Only works for key vaults that use the 'Azure role-based access control' permission model.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00482a5a-887f-4fb3-b363-3b7fe8e74483",
"name": "00482a5a-887f-4fb3-b363-3b7fe8e74483",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.KeyVault/checkNameAvailability/read",
"Microsoft.KeyVault/deletedVaults/read",
"Microsoft.KeyVault/locations/*/read",
"Microsoft.KeyVault/vaults/*/read",
"Microsoft.KeyVault/operations/read"
],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/vaults/*"
],
"notDataActions": []
}
],
"roleName": "Key Vault Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Petugas Sertifikat Key Vault
Lakukan tindakan apa pun pada sertifikat brankas kunci, kecuali izin kelola. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.KeyVault/checkNameAvailability/baca | Periksa bahwa nama key vault valid dan sedang tidak digunakan |
| Microsoft.KeyVault/deletedVaults/baca | Lihat properti key vault yang dihapus sementara |
| Microsoft.KeyVault/lokasi/*/baca | |
| Microsoft.KeyVault/vaults/*/baca | |
| Microsoft.KeyVault/operasi/baca | Mencantumkan operasi yang tersedia di penyedia sumber daya Microsoft.KeyVault |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.KeyVault/vaults/certificatecas/* | |
| Microsoft.KeyVault/vaults/sertifikat/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Perform any action on the certificates of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4417e6f-fecd-4de8-b567-7b0420556985",
"name": "a4417e6f-fecd-4de8-b567-7b0420556985",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.KeyVault/checkNameAvailability/read",
"Microsoft.KeyVault/deletedVaults/read",
"Microsoft.KeyVault/locations/*/read",
"Microsoft.KeyVault/vaults/*/read",
"Microsoft.KeyVault/operations/read"
],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/vaults/certificatecas/*",
"Microsoft.KeyVault/vaults/certificates/*"
],
"notDataActions": []
}
],
"roleName": "Key Vault Certificates Officer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Key Vault
Kelola kubah utama, tetapi tidak memungkinkan Anda untuk menetapkan peran di Azure RBAC, dan tidak memungkinkan Anda mengakses rahasia, kunci, atau sertifikat. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.KeyVault/* | |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Microsoft.KeyVault/lokasi/deletedVaults/hapus menyeluruh/tindakan | Hapus menyeluruh brankas kunci yang dihapus sementara |
| Microsoft.KeyVault/hsmPools/* | |
| Microsoft.KeyVault/managedHsms/* | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage key vaults, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395",
"name": "f25e0fa2-a7c8-4377-a976-54943a77a395",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.KeyVault/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.KeyVault/locations/deletedVaults/purge/action",
"Microsoft.KeyVault/hsmPools/*",
"Microsoft.KeyVault/managedHsms/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Key Vault Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Petugas Kripto Key Vault
Lakukan tindakan apa pun pada kunci brankas kunci, kecuali izin kelola. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.KeyVault/checkNameAvailability/baca | Periksa bahwa nama key vault valid dan sedang tidak digunakan |
| Microsoft.KeyVault/deletedVaults/baca | Lihat properti key vault yang dihapus sementara |
| Microsoft.KeyVault/lokasi/*/baca | |
| Microsoft.KeyVault/vaults/*/baca | |
| Microsoft.KeyVault/operasi/baca | Mencantumkan operasi yang tersedia di penyedia sumber daya Microsoft.KeyVault |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.KeyVault/vaults/kunci/* | |
| Microsoft.KeyVault/vaults/keyrotationpolicies/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Perform any action on the keys of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/14b46e9e-c2b7-41b4-b07b-48a6ebf60603",
"name": "14b46e9e-c2b7-41b4-b07b-48a6ebf60603",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.KeyVault/checkNameAvailability/read",
"Microsoft.KeyVault/deletedVaults/read",
"Microsoft.KeyVault/locations/*/read",
"Microsoft.KeyVault/vaults/*/read",
"Microsoft.KeyVault/operations/read"
],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/vaults/keys/*",
"Microsoft.KeyVault/vaults/keyrotationpolicies/*"
],
"notDataActions": []
}
],
"roleName": "Key Vault Crypto Officer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengguna Enkripsi Layanan Kripto Key Vault
Baca metadata kunci dan lakukan operasi bungkus/buka bungkus. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.EventGrid/eventSubscriptions/tulis | Membuat atau memperbarui kejadianSubscription |
| Microsoft.EventGrid/eventSubscriptions/baca | Membaca sebuah eventSubscription |
| Microsoft.EventGrid/eventSubscriptions/hapus | Membaca sebuah eventSubscription |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.KeyVault/vaults/kunci/baca | Daftar kunci dalam kubah yang ditentukan, atau properti baca dan materi publik kunci. Untuk kunci asimetris, operasi ini memaparkan kunci publik dan mencakup kemampuan untuk menjalankan algoritma kunci publik seperti mengenkripsi dan memverifikasi tanda tangan. Kunci pribadi dan kunci simetris tidak pernah terekspos. |
| Microsoft.KeyVault/vaults/keys/bungkus/tindakan | Membuka bungkus kunci simetris dengan kunci Key Vault. Perhatikan bahwa jika kunci Vault Kunci adalah asimetris, operasi ini dapat dilakukan oleh prinsipal dengan akses baca. |
| Microsoft.KeyVault/vaults/kunci/buka bungkus/tindakan | Membuka bungkus kunci simetris dengan kunci Key Vault. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the 'Azure role-based access control' permission model.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e147488a-f6f5-4113-8e2d-b22465e65bf6",
"name": "e147488a-f6f5-4113-8e2d-b22465e65bf6",
"permissions": [
{
"actions": [
"Microsoft.EventGrid/eventSubscriptions/write",
"Microsoft.EventGrid/eventSubscriptions/read",
"Microsoft.EventGrid/eventSubscriptions/delete"
],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/vaults/keys/read",
"Microsoft.KeyVault/vaults/keys/wrap/action",
"Microsoft.KeyVault/vaults/keys/unwrap/action"
],
"notDataActions": []
}
],
"roleName": "Key Vault Crypto Service Encryption User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengguna Kripto Key Vault
Lakukan operasi kriptografi menggunakan kunci. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.KeyVault/vaults/kunci/baca | Daftar kunci dalam kubah yang ditentukan, atau properti baca dan materi publik kunci. Untuk kunci asimetris, operasi ini memaparkan kunci publik dan mencakup kemampuan untuk menjalankan algoritma kunci publik seperti mengenkripsi dan memverifikasi tanda tangan. Kunci pribadi dan kunci simetris tidak pernah terekspos. |
| Microsoft.KeyVault/vaults/kunci/pembaruan/tindakan | Memperbarui atribut yang ditentukan dan terkait dengan kunci tertentu. |
| Microsoft.KeyVault/vaults/kunci/cadangan/tindakan | Membuat berkas cadangan kunci. File dapat digunakan untuk memulihkan kunci di Key Vault dengan langganan yang sama. Pembatasan mungkin berlaku. |
| Microsoft.KeyVault/vaults/kunci/enkripsi/tindakan | Mengenkripsi plaintext dengan kunci. Perhatikan bahwa jika kunci Vault Kunci adalah asimetris, operasi ini dapat dilakukan oleh prinsipal dengan akses baca. |
| Microsoft.KeyVault/vaults/kunci/deinkripsi/tindakan | Mendekripsikan ciphertext dengan kunci. |
| Microsoft.KeyVault/vaults/keys/bungkus/tindakan | Membuka bungkus kunci simetris dengan kunci Key Vault. Perhatikan bahwa jika kunci Vault Kunci adalah asimetris, operasi ini dapat dilakukan oleh prinsipal dengan akses baca. |
| Microsoft.KeyVault/vaults/kunci/buka bungkus/tindakan | Membuka bungkus kunci simetris dengan kunci Key Vault. |
| Microsoft.KeyVault/vaults/kunci/tanda/tindakan | Menandai pesan yang dicerna (hash) dengan kunci. |
| Microsoft.KeyVault/vaults/keys/verifikasi/tindakan | Memverifikasi tanda tangan pesan yang dicerna (hash) dengan kunci. Perhatikan bahwa jika kunci Vault Kunci adalah asimetris, operasi ini dapat dilakukan oleh prinsipal dengan akses baca. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Perform cryptographic operations using keys. Only works for key vaults that use the 'Azure role-based access control' permission model.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/12338af0-0e69-4776-bea7-57ae8d297424",
"name": "12338af0-0e69-4776-bea7-57ae8d297424",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/vaults/keys/read",
"Microsoft.KeyVault/vaults/keys/update/action",
"Microsoft.KeyVault/vaults/keys/backup/action",
"Microsoft.KeyVault/vaults/keys/encrypt/action",
"Microsoft.KeyVault/vaults/keys/decrypt/action",
"Microsoft.KeyVault/vaults/keys/wrap/action",
"Microsoft.KeyVault/vaults/keys/unwrap/action",
"Microsoft.KeyVault/vaults/keys/sign/action",
"Microsoft.KeyVault/vaults/keys/verify/action"
],
"notDataActions": []
}
],
"roleName": "Key Vault Crypto User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Key Vault
Baca metadata brankas kunci serta sertifikat, kunci, dan rahasianya. Tidak dapat membaca nilai sensitif seperti konten rahasia atau materi kunci. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.KeyVault/checkNameAvailability/baca | Periksa bahwa nama key vault valid dan sedang tidak digunakan |
| Microsoft.KeyVault/deletedVaults/baca | Lihat properti key vault yang dihapus sementara |
| Microsoft.KeyVault/lokasi/*/baca | |
| Microsoft.KeyVault/vaults/*/baca | |
| Microsoft.KeyVault/operasi/baca | Mencantumkan operasi yang tersedia di penyedia sumber daya Microsoft.KeyVault |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.KeyVault/vaults/*/baca | |
| Microsoft.KeyVault/vaults/rahasia/readMetadata/tindakan | Cantumkan atau tampilkan properti rahasia, tetapi bukan nilainya. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read metadata of key vaults and its certificates, keys, and secrets. Cannot read sensitive values such as secret contents or key material. Only works for key vaults that use the 'Azure role-based access control' permission model.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/21090545-7ca7-4776-b22c-e363652d74d2",
"name": "21090545-7ca7-4776-b22c-e363652d74d2",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.KeyVault/checkNameAvailability/read",
"Microsoft.KeyVault/deletedVaults/read",
"Microsoft.KeyVault/locations/*/read",
"Microsoft.KeyVault/vaults/*/read",
"Microsoft.KeyVault/operations/read"
],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/vaults/*/read",
"Microsoft.KeyVault/vaults/secrets/readMetadata/action"
],
"notDataActions": []
}
],
"roleName": "Key Vault Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Petugas Rahasia Key Vault
Lakukan tindakan apa pun pada rahasia brankas kunci, kecuali izin kelola. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.KeyVault/checkNameAvailability/baca | Periksa bahwa nama key vault valid dan sedang tidak digunakan |
| Microsoft.KeyVault/deletedVaults/baca | Lihat properti key vault yang dihapus sementara |
| Microsoft.KeyVault/lokasi/*/baca | |
| Microsoft.KeyVault/vaults/*/baca | |
| Microsoft.KeyVault/operasi/baca | Mencantumkan operasi yang tersedia di penyedia sumber daya Microsoft.KeyVault |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.KeyVault/vaults/rahasia/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Perform any action on the secrets of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b86a8fe4-44ce-4948-aee5-eccb2c155cd7",
"name": "b86a8fe4-44ce-4948-aee5-eccb2c155cd7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.KeyVault/checkNameAvailability/read",
"Microsoft.KeyVault/deletedVaults/read",
"Microsoft.KeyVault/locations/*/read",
"Microsoft.KeyVault/vaults/*/read",
"Microsoft.KeyVault/operations/read"
],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/vaults/secrets/*"
],
"notDataActions": []
}
],
"roleName": "Key Vault Secrets Officer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengguna Rahasia Key Vault
Baca konten rahasia. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.KeyVault/vaults/rahasia/getSecret/tindakan | Mendapatkan nilai rahasia. |
| Microsoft.KeyVault/vaults/rahasia/readMetadata/tindakan | Cantumkan atau tampilkan properti rahasia, tetapi bukan nilainya. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read secret contents. Only works for key vaults that use the 'Azure role-based access control' permission model.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4633458b-17de-408a-b874-0445c86b69e6",
"name": "4633458b-17de-408a-b874-0445c86b69e6",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/vaults/secrets/getSecret/action",
"Microsoft.KeyVault/vaults/secrets/readMetadata/action"
],
"notDataActions": []
}
],
"roleName": "Key Vault Secrets User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor HSM Terkelola
Memungkinkan Anda mengelola kumpulan HSM terkelola, tetapi tidak dapat mengaksesnya. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.KeyVault/managedHSMs/* | |
| Microsoft.KeyVault/deletedManagedHsms/read | Melihat properti hsm terkelola yang dihapus |
| Microsoft.KeyVault/locations/deletedManagedHsms/read | Melihat properti hsm terkelola yang dihapus |
| Microsoft.KeyVault/locations/deletedManagedHsms/purge/action | Menghapus menyeluruh HSM terkelola yang dihapus sementara |
| Microsoft.KeyVault/locations/managedHsmOperationResults/read | Memeriksa hasil operasi yang berjalan lama |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage managed HSM pools, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18500a29-7fe2-46b2-a342-b16a415e101d",
"name": "18500a29-7fe2-46b2-a342-b16a415e101d",
"permissions": [
{
"actions": [
"Microsoft.KeyVault/managedHSMs/*",
"Microsoft.KeyVault/deletedManagedHsms/read",
"Microsoft.KeyVault/locations/deletedManagedHsms/read",
"Microsoft.KeyVault/locations/deletedManagedHsms/purge/action",
"Microsoft.KeyVault/locations/managedHsmOperationResults/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed HSM contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Automasi Microsoft Azure Sentinel
Kontributor Automasi Microsoft Azure Sentinel Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Logic/workflows/pemicu/baca | Membaca pemicunya. |
| Microsoft.Logic/alur kerja/pemicu/listCallbackUrl/tindakan | URL panggilan balik yang dihasilkan untuk pemicu. |
| Microsoft.Logic/alur kerja/berjalan/baca | Membaca alur kerja berjalan. |
| Microsoft.Web/sites/hostruntime/webhooks/api/workflows/triggers/read | Daftar Web Apps Pemicu Alur Kerja Hostruntime. |
| Microsoft.Web/sites/hostruntime/webhooks/api/workflows/triggers/listCallbackUrl/action | Dapatkan Web Apps Uri Pemicu Alur Kerja Hostruntime. |
| Microsoft.Web/sites/hostruntime/webhooks/api/workflows/runs/read | Daftar Web Apps Eksekusi Alur Kerja Hostruntime. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Microsoft Sentinel Automation Contributor",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f4c81013-99ee-4d62-a7ee-b3f1f648599a",
"name": "f4c81013-99ee-4d62-a7ee-b3f1f648599a",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Logic/workflows/triggers/read",
"Microsoft.Logic/workflows/triggers/listCallbackUrl/action",
"Microsoft.Logic/workflows/runs/read",
"Microsoft.Web/sites/hostruntime/webhooks/api/workflows/triggers/read",
"Microsoft.Web/sites/hostruntime/webhooks/api/workflows/triggers/listCallbackUrl/action",
"Microsoft.Web/sites/hostruntime/webhooks/api/workflows/runs/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Microsoft Sentinel Automation Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Microsoft Azure Sentinel
Kontributor Microsoft Azure Sentinel Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.SecurityInsights/* | |
| Microsoft.OperationalInsights/ruang kerja/analitik/kueri/tindakan | Cari menggunakan mesin baru. |
| Microsoft.OperationalInsights/ruang kerja/*/baca | Menampilkan data analitik log |
| Microsoft.OperationalInsights/ruang kerja/savedSearches/* | |
| Microsoft.OperationsMenemanase/solusi/baca | Dapatkan solusi keluar dari OMS |
| Microsoft.OperationalInsights/ruang kerja/kueri/baca | Menjalankan kueri di atas data di ruang kerja |
| Microsoft.OperationalInsights/ruang kerja/kueri/*/baca | |
| Microsoft.OperationalInsights/ruang kerja/dataSources/baca | Mendapatkan sumber data di bawah ruang kerja. |
| Microsoft.OperationalInsights/querypacks/*/read | |
| Microsoft.Insights/buku kerja/* | |
| Microsoft.Insights/buku kerja saya/baca | Membaca Buku Kerja pribadi |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Microsoft.SecurityInsights/ConfidentialWatchlists/* | |
| Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/* | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Microsoft Sentinel Contributor",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade",
"name": "ab8e14d6-4a74-4a29-9ba8-549422addade",
"permissions": [
{
"actions": [
"Microsoft.SecurityInsights/*",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/savedSearches/*",
"Microsoft.OperationsManagement/solutions/read",
"Microsoft.OperationalInsights/workspaces/query/read",
"Microsoft.OperationalInsights/workspaces/query/*/read",
"Microsoft.OperationalInsights/workspaces/dataSources/read",
"Microsoft.OperationalInsights/querypacks/*/read",
"Microsoft.Insights/workbooks/*",
"Microsoft.Insights/myworkbooks/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.SecurityInsights/ConfidentialWatchlists/*",
"Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Microsoft Sentinel Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Microsoft Sentinel Playbook Operator
Operator Playbook Microsoft Azure Sentinel Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Logic/workflows/read | Membaca alur kerja. |
| Microsoft.Logic/alur kerja/pemicu/listCallbackUrl/tindakan | URL panggilan balik yang dihasilkan untuk pemicu. |
| Microsoft.Web/sites/hostruntime/webhooks/api/workflows/triggers/listCallbackUrl/action | Dapatkan Web Apps Uri Pemicu Alur Kerja Hostruntime. |
| Microsoft.Web/sites/read | Mendapatkan properti Aplikasi Web |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Microsoft Sentinel Playbook Operator",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/51d6186e-6489-4900-b93f-92e23144cca5",
"name": "51d6186e-6489-4900-b93f-92e23144cca5",
"permissions": [
{
"actions": [
"Microsoft.Logic/workflows/read",
"Microsoft.Logic/workflows/triggers/listCallbackUrl/action",
"Microsoft.Web/sites/hostruntime/webhooks/api/workflows/triggers/listCallbackUrl/action",
"Microsoft.Web/sites/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Microsoft Sentinel Playbook Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Microsoft Azure Sentinel
Pembaca Microsoft Azure Sentinel Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.SecurityInsights/*/baca | |
| Microsoft.SecurityInsights/dataConnectorsCheckRequirements/tindakan | Periksa otorisasi dan lisensi pengguna |
| Microsoft.SecurityInsights/threatIntelligence/indikator/kueri/tindakan | Indikator Kecerdasan Query Threat |
| Microsoft.SecurityInsights/threatIntelligence/queryIndicators/tindakan | Indikator Kecerdasan Query Threat |
| Microsoft.OperationalInsights/ruang kerja/analitik/kueri/tindakan | Cari menggunakan mesin baru. |
| Microsoft.OperationalInsights/ruang kerja/*/baca | Menampilkan data analitik log |
| Microsoft.OperationalInsights/ruang kerja/LinkedServices/baca | Dapatkan layanan tertaut di bawah ruang kerja tertentu. |
| Microsoft.OperationalInsights/ruang kerja/savedSearches/baca | Mendapatkan kueri pencarian tersimpan. |
| Microsoft.OperationsMenemanase/solusi/baca | Dapatkan solusi keluar dari OMS |
| Microsoft.OperationalInsights/ruang kerja/kueri/baca | Menjalankan kueri di atas data di ruang kerja |
| Microsoft.OperationalInsights/ruang kerja/kueri/*/baca | |
| Microsoft.OperationalInsights/querypacks/*/read | |
| Microsoft.OperationalInsights/ruang kerja/dataSources/baca | Mendapatkan sumber data di bawah ruang kerja. |
| Microsoft.Insights/buku kerja/baca | Membaca buku kerja |
| Microsoft.Insights/buku kerja saya/baca | Membaca Buku Kerja pribadi |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/templateSpecs/*/read | Mendapatkan atau mencantumkan spesifikasi templat dan versi spesifikasi templat |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Microsoft.SecurityInsights/ConfidentialWatchlists/* | |
| Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/* | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Microsoft Sentinel Reader",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d289c81-5878-46d4-8554-54e1e3d8b5cb",
"name": "8d289c81-5878-46d4-8554-54e1e3d8b5cb",
"permissions": [
{
"actions": [
"Microsoft.SecurityInsights/*/read",
"Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action",
"Microsoft.SecurityInsights/threatIntelligence/indicators/query/action",
"Microsoft.SecurityInsights/threatIntelligence/queryIndicators/action",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/LinkedServices/read",
"Microsoft.OperationalInsights/workspaces/savedSearches/read",
"Microsoft.OperationsManagement/solutions/read",
"Microsoft.OperationalInsights/workspaces/query/read",
"Microsoft.OperationalInsights/workspaces/query/*/read",
"Microsoft.OperationalInsights/querypacks/*/read",
"Microsoft.OperationalInsights/workspaces/dataSources/read",
"Microsoft.Insights/workbooks/read",
"Microsoft.Insights/myworkbooks/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/templateSpecs/*/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.SecurityInsights/ConfidentialWatchlists/*",
"Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Microsoft Sentinel Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penanggap Microsoft Azure Sentinel
Penanggap Microsoft Azure Sentinel Pelajari selengkapnya
| Tindakan | Deskripsi |
|---|---|
| Microsoft.SecurityInsights/*/baca | |
| Microsoft.SecurityInsights/dataConnectorsCheckRequirements/tindakan | Periksa otorisasi dan lisensi pengguna |
| Microsoft.SecurityInsights/automationRules/* | |
| Microsoft.SecurityInsights/kasus/* | |
| Microsoft.SecurityInsights/insiden/* | |
| Microsoft.SecurityInsights/threatIntelligence/indikator/appendTags/tindakan | Tambahkan tag ke Indikator Kecerdasan Ancaman |
| Microsoft.SecurityInsights/threatIntelligence/indikator/kueri/tindakan | Indikator Kecerdasan Query Threat |
| Microsoft.SecurityInsights/threatIntelligence/bulkTag/tindakan | Data Massal Kecerdasan Ancaman |
| Microsoft.SecurityInsights/threatIntelligence/indikator/appendTags/tindakan | Tambahkan tag ke Indikator Kecerdasan Ancaman |
| Microsoft.SecurityInsights/threatIntelligence/indikator/replaceTags/tindakan | Ganti Tag Indikator Kecerdasan Ancaman |
| Microsoft.SecurityInsights/threatIntelligence/queryIndicators/tindakan | Indikator Kecerdasan Query Threat |
| Microsoft.OperationalInsights/ruang kerja/analitik/kueri/tindakan | Cari menggunakan mesin baru. |
| Microsoft.OperationalInsights/ruang kerja/*/baca | Menampilkan data analitik log |
| Microsoft.OperationalInsights/ruang kerja/dataSources/baca | Mendapatkan sumber data di bawah ruang kerja. |
| Microsoft.OperationalInsights/ruang kerja/savedSearches/baca | Mendapatkan kueri pencarian tersimpan. |
| Microsoft.OperationsMenemanase/solusi/baca | Dapatkan solusi keluar dari OMS |
| Microsoft.OperationalInsights/ruang kerja/kueri/baca | Menjalankan kueri di atas data di ruang kerja |
| Microsoft.OperationalInsights/ruang kerja/kueri/*/baca | |
| Microsoft.OperationalInsights/ruang kerja/dataSources/baca | Mendapatkan sumber data di bawah ruang kerja. |
| Microsoft.OperationalInsights/querypacks/*/read | |
| Microsoft.Insights/buku kerja/baca | Membaca buku kerja |
| Microsoft.Insights/buku kerja saya/baca | Membaca Buku Kerja pribadi |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Microsoft.SecurityInsights/kasus/*/Hapus | |
| Microsoft.SecurityInsights/incidents/*/Hapus | |
| Microsoft.SecurityInsights/ConfidentialWatchlists/* | |
| Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/* | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Microsoft Sentinel Responder",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3e150937-b8fe-4cfb-8069-0eaf05ecd056",
"name": "3e150937-b8fe-4cfb-8069-0eaf05ecd056",
"permissions": [
{
"actions": [
"Microsoft.SecurityInsights/*/read",
"Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action",
"Microsoft.SecurityInsights/automationRules/*",
"Microsoft.SecurityInsights/cases/*",
"Microsoft.SecurityInsights/incidents/*",
"Microsoft.SecurityInsights/threatIntelligence/indicators/appendTags/action",
"Microsoft.SecurityInsights/threatIntelligence/indicators/query/action",
"Microsoft.SecurityInsights/threatIntelligence/bulkTag/action",
"Microsoft.SecurityInsights/threatIntelligence/indicators/appendTags/action",
"Microsoft.SecurityInsights/threatIntelligence/indicators/replaceTags/action",
"Microsoft.SecurityInsights/threatIntelligence/queryIndicators/action",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/dataSources/read",
"Microsoft.OperationalInsights/workspaces/savedSearches/read",
"Microsoft.OperationsManagement/solutions/read",
"Microsoft.OperationalInsights/workspaces/query/read",
"Microsoft.OperationalInsights/workspaces/query/*/read",
"Microsoft.OperationalInsights/workspaces/dataSources/read",
"Microsoft.OperationalInsights/querypacks/*/read",
"Microsoft.Insights/workbooks/read",
"Microsoft.Insights/myworkbooks/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.SecurityInsights/cases/*/Delete",
"Microsoft.SecurityInsights/incidents/*/Delete",
"Microsoft.SecurityInsights/ConfidentialWatchlists/*",
"Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Microsoft Sentinel Responder",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Admin Keamanan
Menampilkan dan memperbarui izin untuk Microsoft Defender untuk Cloud. Izin yang sama dengan peran Pembaca Keamanan dan juga dapat memperbarui kebijakan keamanan dan menghilangkan peringatan dan rekomendasi.
Untuk Microsoft Defender untuk IoT, lihat Peran pengguna Azure untuk pemantauan OT dan Enterprise IoT. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Authorization/policyAssignments/* | Membuat dan mengelola penetapan kebijakan |
| Microsoft.Authorization/policyDefinitions/* | Membuat dan mengelola definisi kebijakan |
| Microsoft.Authorization/policyExemptions/* | Membuat dan mengelola pembebasan kebijakan |
| Microsoft.Authorization/policySetDefinisi/* | Membuat dan mengelola rangkaian kebijakan |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Management/managementGroups/baca | Grup manajemen daftar untuk pengguna yang diautentikasi. |
| Microsoft.operationalInsights/ruang kerja/*/baca | Menampilkan data analitik log |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Security/* | Membuat dan mengelola komponen dan kebijakan keamanan |
| Microsoft.IoTSecurity/* | |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Security Admin Role",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd",
"name": "fb1c8493-542b-48eb-b624-b4c8fea62acd",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/policyAssignments/*",
"Microsoft.Authorization/policyDefinitions/*",
"Microsoft.Authorization/policyExemptions/*",
"Microsoft.Authorization/policySetDefinitions/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Management/managementGroups/read",
"Microsoft.operationalInsights/workspaces/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Security/*",
"Microsoft.IoTSecurity/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Security Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Penilaian Keamanan
Memungkinkan Anda mendorong penilaian ke Microsoft Defender untuk Cloud
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Security/penilaian/tulis | Membuat atau memperbarui penilaian keamanan pada langganan Anda |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you push assessments to Security Center",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/612c2aa1-cb24-443b-ac28-3ab7272de6f5",
"name": "612c2aa1-cb24-443b-ac28-3ab7272de6f5",
"permissions": [
{
"actions": [
"Microsoft.Security/assessments/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Security Assessment Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengelola Keamanan (Legasi)
Ini adalah peran legasi. Silakan gunakan Admin Keamanan sebagai gantinya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.ClassicCompute/*/baca | Baca informasi konfigurasi mesin virtual klasik |
| Microsoft.ClassicCompute/virtualMachines/*/tulis | Konfigurasi tulis untuk mesin virtual klasik |
| Microsoft.ClassicNetwork/*/baca | Baca informasi konfigurasi tentang jaringan klasik |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Security/* | Membuat dan mengelola komponen dan kebijakan keamanan |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "This is a legacy role. Please use Security Administrator instead",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e3d13bf0-dd5a-482e-ba6b-9b8433878d10",
"name": "e3d13bf0-dd5a-482e-ba6b-9b8433878d10",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicCompute/*/read",
"Microsoft.ClassicCompute/virtualMachines/*/write",
"Microsoft.ClassicNetwork/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Security/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Security Manager (Legacy)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Keamanan
Lihat izin untuk Microsoft Defender untuk Cloud. Pengguna dapat melihat rekomendasi, pemberitahuan, kebijakan keamanan, status keamanan, tetapi tidak dapat mengubahnya.
Untuk Microsoft Defender untuk IoT, lihat Peran pengguna Azure untuk pemantauan OT dan Enterprise IoT. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/baca | Membaca pemberitahuan metrik klasik |
| Microsoft.operationalInsights/ruang kerja/*/baca | Menampilkan data analitik log |
| Microsoft.Resources/penyebaran/*/baca | |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Security/*/baca | Membaca komponen dan kebijakan keamanan |
| Microsoft.IoTSecurity/*/read | |
| Microsoft.Support/*/baca | |
| Microsoft.Security/iotDefenderSettings/packageDownloads/tindakan | Mendapatkan informasi paket IoT Defender yang dapat diunduh |
| Microsoft.Security/iotDefenderSettings/downloadManagerActivation/tindakan | Unduh file aktivasi manajer dengan data kuota langganan |
| Microsoft.Security/iotSensors/downloadResetPassword/tindakan | Unduhan reset file kata sandi untuk Sensor IoT |
| Microsoft.IoTSecurity/defenderSettings/packageDownloads/action | Mendapatkan informasi paket Pertahanan IoT yang dapat diunduh |
| Microsoft.IoTSecurity/defenderSettings/downloadManagerActivation/action | Unduh file aktivasi manajer |
| Microsoft.Management/managementGroups/baca | Grup manajemen daftar untuk pengguna yang diautentikasi. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Security Reader Role",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/39bc4728-0917-49c7-9d2c-d95423bc2eb4",
"name": "39bc4728-0917-49c7-9d2c-d95423bc2eb4",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/read",
"Microsoft.operationalInsights/workspaces/*/read",
"Microsoft.Resources/deployments/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Security/*/read",
"Microsoft.IoTSecurity/*/read",
"Microsoft.Support/*/read",
"Microsoft.Security/iotDefenderSettings/packageDownloads/action",
"Microsoft.Security/iotDefenderSettings/downloadManagerActivation/action",
"Microsoft.Security/iotSensors/downloadResetPassword/action",
"Microsoft.IoTSecurity/defenderSettings/packageDownloads/action",
"Microsoft.IoTSecurity/defenderSettings/downloadManagerActivation/action",
"Microsoft.Management/managementGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Security Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DevOps
Pengguna DevTest Labs
Memungkinkan Anda menyambungkan, memulai, memulai ulang, dan mematikan virtual machines Anda di Azure DevTest Labs. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Compute/availabilitySets/baca | Dapatkan properti dari kumpulan ketersediaan |
| Microsoft.Compute/virtualMachines/*/baca | Baca properti mesin virtual (ukuran VM, status runtime, ekstensi VM, dll.) |
| Microsoft.Compute/virtualMachines/deallocate/tindakan | Mematikan mesin virtual dan melepas sumber daya komputasi |
| Microsoft.Compute/virtualMachines/baca | Dapatkan properti mesin virtual |
| Microsoft.Compute/virtualMachines/restart/tindakan | Memulai ulang mesin virtual |
| Microsoft.Compute/virtualMachines/start/tindakan | Memulai mesin virtual |
| Microsoft.DevTestLab/*/baca | Membaca properti laboratorium |
| Microsoft.DevTestLab/labs/claimAnyVm/tindakan | Klaim mesin virtual acak yang dapat diklaim di laboratorium. |
| Microsoft.DevTestLab/labs/createEnvironment/tindakan | Buat mesin virtual di laboratorium. |
| Microsoft.DevTestLab/labs/ensureCurrentUserProfile/tindakan | Pastikan pengguna saat ini memiliki profil yang valid di laboratorium. |
| Microsoft.DevTestLab/labs/formulas/hapus | Menghapus rumus. |
| Microsoft.DevTestLab/labs/formulas/baca | Baca rumus. |
| Microsoft.DevTestLab/labs/formulas/tulis | Menambahkan atau mengubah rumus. |
| Microsoft.DevTestLab/labs/policySets/evaluatePolicies/tindakan | Mengevaluasi kebijakan lab. |
| Microsoft.DevTestLab/labs/virtualMachines/klaim/tindakan | Mengambil kepemilikan mesin virtual yang ada |
| Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/tindakan | Mencantumkan jadwal mulai/berhenti yang berlaku, jika ada. |
| Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/tindakan | Mendapatkan string yang mewakili konten file RDP untuk mesin virtual |
| Microsoft.Network/loadBalancers/backendAddressPools/gabung/tindakan | Bergabung dengan kumpulan alamat backend penyeimbang muatan. Tidak bisa diperingatkan. |
| Microsoft.Network/loadBalancers/inboundNatRules/gabung/tindakan | Bergabung dengan kumpulan NAT masuk penyeimbang muatan. Tidak bisa diperingatkan. |
| Microsoft.Network/networkInterfaces/*/read | Baca properti antarmuka jaringan (misalnya, semua penyeimbang muatan yang merupakan bagian dari antarmuka jaringan) |
| Microsoft.Network/networkInterfaces/gabung/tindakan | Melampirkan antarmuka jaringan ke komputer virtual. Tidak bisa diperingatkan. |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Network/networkInterfaces/tulis | Membuat antarmuka jaringan atau memperbarui antarmuka jaringan yang ada. |
| Microsoft.Network/publicIPAddresses/*/baca | Membaca properti alamat IP publik |
| Microsoft.Network/publicIPAddresses/gabung/tindakan | Tambahkan alamat ip publik. Tidak bisa diperingatkan. |
| Microsoft.Network/publicIPAddresses/baca | Mendapatkan definisi alamat ip publik. |
| Microsoft.Network/virtualNetworks/subnets/gabung/tindakan | Bergabung dengan jaringan virtual. Tidak bisa diperingatkan. |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/penyebaran/baca | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Storage/storageAccounts/listKeys/tindakan | Mengembalikan kunci akses untuk akun penyimpanan tertentu. |
| Bukan Tindakan | |
| Microsoft.Compute/virtualMachines/vmSizes/baca | Daftar ukuran yang tersedia yang dapat digunakan untuk memperbarui mesin virtual |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64",
"name": "76283e04-6283-4c54-8f91-bcf1374a3c64",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.Compute/virtualMachines/deallocate/action",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/restart/action",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.DevTestLab/*/read",
"Microsoft.DevTestLab/labs/claimAnyVm/action",
"Microsoft.DevTestLab/labs/createEnvironment/action",
"Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action",
"Microsoft.DevTestLab/labs/formulas/delete",
"Microsoft.DevTestLab/labs/formulas/read",
"Microsoft.DevTestLab/labs/formulas/write",
"Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action",
"Microsoft.DevTestLab/labs/virtualMachines/claim/action",
"Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action",
"Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/networkInterfaces/*/read",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/publicIPAddresses/*/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/listKeys/action"
],
"notActions": [
"Microsoft.Compute/virtualMachines/vmSizes/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DevTest Labs User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Asisten Lab
Memungkinkan Anda melihat lab yang ada, melakukan tindakan pada VM lab dan mengirim undangan ke lab. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.LabServices/labPlans/images/read | Mendapatkan properti dari gambar. |
| Microsoft.LabServices/labPlans/read | Mendapatkan properti dari paket lab. |
| Microsoft.LabServices/labs/read | Mendapatkan properti lab. |
| Microsoft.LabServices/labs/schedules/read | Mendapatkan properti dari jadwal. |
| Microsoft.LabServices/labs/users/read | Mendapatkan properti pengguna. |
| Microsoft.LabServices/labs/users/invite/action | Kirim undangan email ke pengguna untuk bergabung dengan lab. |
| Microsoft.LabServices/labs/virtualMachines/read | Mendapatkan properti dari komputer virtual. |
| Microsoft.LabServices/labs/virtualMachines/start/action | Mulai komputer virtual. |
| Microsoft.LabServices/labs/virtualMachines/stop/action | Hentikan dan batalkan alokasi komputer virtual. |
| Microsoft.LabServices/labs/virtualMachines/reimage/action | Reimage komputer virtual ke gambar terakhir yang diterbitkan. |
| Microsoft.LabServices/labs/virtualMachines/redeploy/action | Sebarkan ulang komputer virtual ke node komputasi yang berbeda. |
| Microsoft.LabServices/locations/usages/read | Mendapatkan Penggunaan di lokasi |
| Microsoft.LabServices/skus/read | Mendapatkan properti SKU Layanan Lab. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "The lab assistant role",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ce40b423-cede-4313-a93f-9b28290b72e1",
"name": "ce40b423-cede-4313-a93f-9b28290b72e1",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/users/invite/action",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/labs/virtualMachines/start/action",
"Microsoft.LabServices/labs/virtualMachines/stop/action",
"Microsoft.LabServices/labs/virtualMachines/reimage/action",
"Microsoft.LabServices/labs/virtualMachines/redeploy/action",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Lab Assistant",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Lab
Diterapkan pada tingkat lab, memungkinkan Anda mengelola lab. Diterapkan di grup sumber daya, memungkinkan Anda membuat dan mengelola lab. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.LabServices/labPlans/images/read | Mendapatkan properti dari gambar. |
| Microsoft.LabServices/labPlans/read | Mendapatkan properti dari paket lab. |
| Microsoft.LabServices/labPlans/saveImage/action | Membuat gambar dari komputer virtual di galeri yang dilampirkan ke rencana lab. |
| Microsoft.LabServices/labs/read | Mendapatkan properti lab. |
| Microsoft.LabServices/labs/write | Membuat baru atau perbarui lab yang ada. |
| Microsoft.LabServices/labs/delete | Menghapus lab dan semua penggunanya, jadwal, dan komputer virtualnya. |
| Microsoft.LabServices/labs/publish/action | Publikasikan lab dengan menyebarkan gambar komputer virtual templat ke semua komputer virtual di lab. |
| Microsoft.LabServices/labs/syncGroup/action | Memperbarui daftar pengguna dari grup Direktori Aktif yang ditetapkan ke lab. |
| Microsoft.LabServices/labs/schedules/read | Mendapatkan properti dari jadwal. |
| Microsoft.LabServices/labs/schedules/write | Membuat baru atau perbarui jadwal yang ada. |
| Microsoft.LabServices/labs/schedules/delete | Menghapus jadwal. |
| Microsoft.LabServices/labs/users/read | Mendapatkan properti pengguna. |
| Microsoft.LabServices/labs/users/write | Membuat baru atau perbarui pengguna yang ada. |
| Microsoft.LabServices/labs/users/delete | Menghapus pengguna. |
| Microsoft.LabServices/labs/users/invite/action | Kirim undangan email ke pengguna untuk bergabung dengan lab. |
| Microsoft.LabServices/labs/virtualMachines/read | Mendapatkan properti dari komputer virtual. |
| Microsoft.LabServices/labs/virtualMachines/start/action | Mulai komputer virtual. |
| Microsoft.LabServices/labs/virtualMachines/stop/action | Hentikan dan batalkan alokasi komputer virtual. |
| Microsoft.LabServices/labs/virtualMachines/reimage/action | Reimage komputer virtual ke gambar terakhir yang diterbitkan. |
| Microsoft.LabServices/labs/virtualMachines/redeploy/action | Sebarkan ulang komputer virtual ke node komputasi yang berbeda. |
| Microsoft.LabServices/labs/virtualMachines/resetPassword/action | Atur ulang kata sandi pengguna lokal di komputer virtual. |
| Microsoft.LabServices/locations/usages/read | Mendapatkan Penggunaan di lokasi |
| Microsoft.LabServices/skus/read | Mendapatkan properti SKU Layanan Lab. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.LabServices/labPlans/createLab/action | Membuat lab baru dari paket lab. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "The lab contributor role",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5daaa2af-1fe8-407c-9122-bba179798270",
"name": "5daaa2af-1fe8-407c-9122-bba179798270",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labPlans/saveImage/action",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/write",
"Microsoft.LabServices/labs/delete",
"Microsoft.LabServices/labs/publish/action",
"Microsoft.LabServices/labs/syncGroup/action",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/schedules/write",
"Microsoft.LabServices/labs/schedules/delete",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/users/write",
"Microsoft.LabServices/labs/users/delete",
"Microsoft.LabServices/labs/users/invite/action",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/labs/virtualMachines/start/action",
"Microsoft.LabServices/labs/virtualMachines/stop/action",
"Microsoft.LabServices/labs/virtualMachines/reimage/action",
"Microsoft.LabServices/labs/virtualMachines/redeploy/action",
"Microsoft.LabServices/labs/virtualMachines/resetPassword/action",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.LabServices/labPlans/createLab/action"
],
"notDataActions": []
}
],
"roleName": "Lab Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembuat Lab
Memungkinkan Anda membuat lab baru di bawah Akun Azure Lab. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.LabServices/labAccounts/*/baca | |
| Microsoft.LabServices/labAccounts/createLab/tindakan | Membuat jendela akun lab. |
| Microsoft.LabServices/labAccounts/getPricingAndAvailability/tindakan | Dapatkan harga dan ketersediaan kombinasi ukuran, geografi, dan sistem operasi untuk akun lab. |
| Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/tindakan | Dapatkan pembatasan dan penggunaan inti untuk langganan ini |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.LabServices/labPlans/images/read | Mendapatkan properti dari gambar. |
| Microsoft.LabServices/labPlans/read | Mendapatkan properti dari paket lab. |
| Microsoft.LabServices/labPlans/saveImage/action | Membuat gambar dari komputer virtual di galeri yang dilampirkan ke rencana lab. |
| Microsoft.LabServices/labs/read | Mendapatkan properti lab. |
| Microsoft.LabServices/labs/schedules/read | Mendapatkan properti dari jadwal. |
| Microsoft.LabServices/labs/users/read | Mendapatkan properti pengguna. |
| Microsoft.LabServices/labs/virtualMachines/read | Mendapatkan properti dari komputer virtual. |
| Microsoft.LabServices/locations/usages/read | Mendapatkan Penggunaan di lokasi |
| Microsoft.LabServices/skus/read | Mendapatkan properti SKU Layanan Lab. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.LabServices/labPlans/createLab/action | Membuat lab baru dari paket lab. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you create new labs under your Azure Lab Accounts.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
"name": "b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.LabServices/labAccounts/*/read",
"Microsoft.LabServices/labAccounts/createLab/action",
"Microsoft.LabServices/labAccounts/getPricingAndAvailability/action",
"Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labPlans/saveImage/action",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [
"Microsoft.LabServices/labPlans/createLab/action"
],
"notDataActions": []
}
],
"roleName": "Lab Creator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lab Operator
Memberi Anda kemampuan terbatas untuk mengelola lab yang ada. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.LabServices/labPlans/images/read | Mendapatkan properti dari gambar. |
| Microsoft.LabServices/labPlans/read | Mendapatkan properti dari paket lab. |
| Microsoft.LabServices/labPlans/saveImage/action | Membuat gambar dari komputer virtual di galeri yang dilampirkan ke rencana lab. |
| Microsoft.LabServices/labs/publish/action | Publikasikan lab dengan menyebarkan gambar komputer virtual templat ke semua komputer virtual di lab. |
| Microsoft.LabServices/labs/read | Mendapatkan properti lab. |
| Microsoft.LabServices/labs/schedules/read | Mendapatkan properti dari jadwal. |
| Microsoft.LabServices/labs/schedules/write | Membuat baru atau perbarui jadwal yang ada. |
| Microsoft.LabServices/labs/schedules/delete | Menghapus jadwal. |
| Microsoft.LabServices/labs/users/read | Mendapatkan properti pengguna. |
| Microsoft.LabServices/labs/users/write | Membuat baru atau perbarui pengguna yang ada. |
| Microsoft.LabServices/labs/users/delete | Menghapus pengguna. |
| Microsoft.LabServices/labs/users/invite/action | Kirim undangan email ke pengguna untuk bergabung dengan lab. |
| Microsoft.LabServices/labs/virtualMachines/read | Mendapatkan properti dari komputer virtual. |
| Microsoft.LabServices/labs/virtualMachines/start/action | Mulai komputer virtual. |
| Microsoft.LabServices/labs/virtualMachines/stop/action | Hentikan dan batalkan alokasi komputer virtual. |
| Microsoft.LabServices/labs/virtualMachines/reimage/action | Reimage komputer virtual ke gambar terakhir yang diterbitkan. |
| Microsoft.LabServices/labs/virtualMachines/redeploy/action | Sebarkan ulang komputer virtual ke node komputasi yang berbeda. |
| Microsoft.LabServices/labs/virtualMachines/resetPassword/action | Atur ulang kata sandi pengguna lokal di komputer virtual. |
| Microsoft.LabServices/locations/usages/read | Mendapatkan Penggunaan di lokasi |
| Microsoft.LabServices/skus/read | Mendapatkan properti SKU Layanan Lab. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "The lab operator role",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a36e6959-b6be-4b12-8e9f-ef4b474d304d",
"name": "a36e6959-b6be-4b12-8e9f-ef4b474d304d",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labPlans/saveImage/action",
"Microsoft.LabServices/labs/publish/action",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/schedules/write",
"Microsoft.LabServices/labs/schedules/delete",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/users/write",
"Microsoft.LabServices/labs/users/delete",
"Microsoft.LabServices/labs/users/invite/action",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/labs/virtualMachines/start/action",
"Microsoft.LabServices/labs/virtualMachines/stop/action",
"Microsoft.LabServices/labs/virtualMachines/reimage/action",
"Microsoft.LabServices/labs/virtualMachines/redeploy/action",
"Microsoft.LabServices/labs/virtualMachines/resetPassword/action",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Lab Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Layanan Lab
Memungkinkan Anda mengontrol sepenuhnya semua skenario Lab Services dalam grup sumber daya. Pelajari lebih lanjut
| Tindakan | Deskripsi |
|---|---|
| Microsoft.LabServices/* | Membuat dan mengelola komponen layanan lab |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Bukan Tindakan | |
| Tidak ada | |
| DataActions | |
| Microsoft.LabServices/labPlans/createLab/action | Membuat lab baru dari paket lab. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "The lab services contributor role",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f69b8690-cc87-41d6-b77a-a4bc3c0a966f",
"name": "f69b8690-cc87-41d6-b77a-a4bc3c0a966f",
"permissions": [
{
"actions": [
"Microsoft.LabServices/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notA