Bagikan melalui


Peran bawaan Azure untuk Analytics

Artikel ini mencantumkan peran bawaan Azure dalam kategori Analytics.

Pemilik Data Azure Event Hubs

Memungkinkan akses penuh ke sumber daya Azure Event Hubs.

Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.EventHub/*
NotActions
Tidak ada
DataActions
Microsoft.EventHub/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Event Hubs resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
  "name": "f526a384-b230-433a-b45c-95f59c4a2dec",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Penerima Data Azure Event Hubs

Memungkinkan penerimaan akses ke sumber daya Azure Event Hubs.

Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.EventHub/*/eventhubs/consumergroups/baca
NotActions
Tidak ada
DataActions
Microsoft.EventHub/*/terima/tindakan
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows receive access to Azure Event Hubs resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/consumergroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Service Bus Data Sender

Memungkinkan untuk mengirim akses ke sumber daya Azure Event Hubs.

Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.EventHub/*/eventhubs/baca
NotActions
Tidak ada
DataActions
Microsoft.EventHub/*/kirim/tindakan
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows send access to Azure Event Hubs resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
  "name": "2b629674-e913-4c01-ae53-ef4638d8f975",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Data Factory

Buat dan kelola pabrik data, serta sumber daya turunan di dalamnya.

Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.DataFactory/dataFactories/* Buat dan kelola pabrik data, serta sumber daya turunan di dalamnya.
Microsoft.DataFactory/factories/* Buat dan kelola pabrik data, serta sumber daya turunan di dalamnya.
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.EventGrid/eventSubscriptions/tulis Membuat atau memperbarui kejadianSubscription
NotActions
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and manage data factories, as well as child resources within them.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
  "name": "673868aa-7521-48a0-acc6-0f60742d39f5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DataFactory/dataFactories/*",
        "Microsoft.DataFactory/factories/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.EventGrid/eventSubscriptions/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Factory Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Penghapus Seluruh Data

Menghapus data pribadi dari ruang kerja Analitik Log.

Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Insights/komponen/*/baca
Microsoft.Insights/komponen/pembersihan/tindakan Membersihkan data dari Application Insights
Microsoft.OperationalInsights/ruang kerja/*/baca Menampilkan data analitik log
Microsoft.OperationalInsights/ruang kerja/pembersihan/tindakan Hapus data yang ditentukan berdasarkan kueri dari ruang kerja.
NotActions
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can purge analytics data",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/components/*/read",
        "Microsoft.Insights/components/purge/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/purge/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Purger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operator Kluster HDInsight

Memungkinkan Anda membaca dan mengubah konfigurasi kluster HDInsight.

Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.HDInsight/*/baca
Microsoft.HDInsight/kluster/getGatewaySettings/tindakan Mendapatkan pengaturan gateway untuk Kluster HDInsight
Microsoft.HDInsight/kluster/getGatewaySettings/tindakan Dapatkan pengaturan gateway untuk Klaster HDInsight
Microsoft.HDInsight/kluster/configurations/*
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Resources/penyebaran/operasi/baca Mendapatkan atau mencantumkan operasi penyebaran.
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
NotActions
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and modify HDInsight cluster configurations.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
  "name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
  "permissions": [
    {
      "actions": [
        "Microsoft.HDInsight/*/read",
        "Microsoft.HDInsight/clusters/getGatewaySettings/action",
        "Microsoft.HDInsight/clusters/updateGatewaySettings/action",
        "Microsoft.HDInsight/clusters/configurations/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Cluster Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Layanan Domain HDInsight

Dapat Membaca, Membuat, Mengubah, dan Menghapus operasi terkait Layanan Domain yang diperlukan untuk Paket Keamanan Perusahaan HDInsight

Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.AAD/*/baca
Microsoft.AAD/domainLayanan/*/baca
Microsoft.AAD/domainLayanan/oucontainer/*
NotActions
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "permissions": [
    {
      "actions": [
        "Microsoft.AAD/*/read",
        "Microsoft.AAD/domainServices/*/read",
        "Microsoft.AAD/domainServices/oucontainer/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Domain Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

HDInsight pada Admin Kluster AKS

Memberi pengguna/grup kemampuan untuk membuat, menghapus, dan mengelola kluster dalam kumpulan kluster tertentu. Admin Kluster juga dapat menjalankan beban kerja, memantau, dan mengelola semua aktivitas pengguna pada kluster ini.

Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.HDInsight/clusterPools/clusters/read Dapatkan detail tentang HDInsight di Kluster AKS
Microsoft.HDInsight/clusterPools/clusters/write Membuat atau Memperbarui HDInsight pada Kluster AKS
Microsoft.HDInsight/clusterPools/clusters/delete Menghapus HDInsight pada kluster AKS
Microsoft.HDInsight/clusterPools/clusters/resize/action Mengubah ukuran HDInsight pada Kluster AKS
Microsoft.HDInsight/clusterpools/clusters/instanceviews/read Mendapatkan detail tentang HDInsight pada Tampilan Instans Kluster AKS
Microsoft.HDInsight/clusterPools/clusters/jobs/read Mencantumkan HDInsight pada Pekerjaan Kluster AKS
Microsoft.HDInsight/clusterPools/clusters/runjob/action Menjalankan HDInsight pada Pekerjaan Kluster AKS
Microsoft.HDInsight/clusterpools/clusters/serviceconfigs/read Mendapatkan detail tentang HDInsight pada Konfigurasi Layanan Kluster AKS
Microsoft.HDInsight/clusterPools/clusters/availableupgrades/read Mendapatkan Peningkatan yang Dapat Valid untuk HDInsight pada Kluster AKS
Microsoft.HDInsight/clusterPools/clusters/upgrade/action Meningkatkan HDInsight pada Kluster AKS
Microsoft.HDInsight/clusterPools/clusters/rollback/action Rollback HDInsight pada Peningkatan Kluster AKS
Microsoft.HDInsight/clusterPools/clusters/upgradehistories/read Membaca HDInsight pada Riwayat Peningkatan Kluster AKS
Microsoft.HDInsight/clusterPools/clusters/libraries/read Membaca HDInsight di Libaries Kluster AKS
Microsoft.HDInsight/clusterPools/clusters/managelibraries/action Mengelola HDInsight pada Libaries Kluster AKS
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/operasi/baca Mendapatkan atau mencantumkan operasi penyebaran.
Microsoft.Resources/penyebaran/*/baca
Microsoft.Resources/penyebaran/baca Mendapatkan atau mencantumkan penyebaran.
Microsoft.Resources/deployments/validate/action Memvalidasi penyebaran.
Microsoft.Resources/penyebaran/tulis Membuat atau memperbarui penyebaran.
Microsoft.Resources/deployments/exportTemplate/action Mengekspor templat untuk penyebaran
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read Mendapatkan atau mencantumkan operasi penyebaran.
Microsoft.Resources/subscriptions/resourcegroups/deployments/read Mendapatkan atau mencantumkan penyebaran.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Insights/AlertRules/Write Membuat atau memperbarui pemberitahuan metrik klasik
Microsoft.Insights/AlertRules/Delete Menghapus pemberitahuan metrik klasik
Microsoft.Insights/AlertRules/Read Membaca pemberitahuan metrik klasik
Microsoft.Insights/AlertRules/Activated/Action Pemberitahuan metrik klasik diaktifkan
Microsoft.Insights/AlertRules/Resolved/Action Pemberitahuan metrik klasik diselesaikan
Microsoft.Insights/AlertRules/Throttled/Action Aturan pemberitahuan metrik klasik dibatasi
Microsoft.Insights/AlertRules/Incidents/Read Membaca insiden pemberitahuan metrik klasik
Microsoft.Insights/metrik/baca Membaca metrik
Microsoft.Insights/logs/read Membaca data dari semua log Anda
NotActions
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants a user/group the ability to create, delete and manage clusters within a given cluster pool. Cluster Admin can also run workloads, monitor, and manage all user activity on these clusters.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/fd036e6b-1266-47a0-b0bb-a05d04831731",
  "name": "fd036e6b-1266-47a0-b0bb-a05d04831731",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.HDInsight/clusterPools/clusters/read",
        "Microsoft.HDInsight/clusterPools/clusters/write",
        "Microsoft.HDInsight/clusterPools/clusters/delete",
        "Microsoft.HDInsight/clusterPools/clusters/resize/action",
        "Microsoft.HDInsight/clusterpools/clusters/instanceviews/read",
        "Microsoft.HDInsight/clusterPools/clusters/jobs/read",
        "Microsoft.HDInsight/clusterPools/clusters/runjob/action",
        "Microsoft.HDInsight/clusterpools/clusters/serviceconfigs/read",
        "Microsoft.HDInsight/clusterPools/clusters/availableupgrades/read",
        "Microsoft.HDInsight/clusterPools/clusters/upgrade/action",
        "Microsoft.HDInsight/clusterPools/clusters/rollback/action",
        "Microsoft.HDInsight/clusterPools/clusters/upgradehistories/read",
        "Microsoft.HDInsight/clusterPools/clusters/libraries/read",
        "Microsoft.HDInsight/clusterPools/clusters/managelibraries/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/deployments/*/read",
        "Microsoft.Resources/deployments/read",
        "Microsoft.Resources/deployments/validate/action",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/deployments/exportTemplate/action",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Insights/AlertRules/Write",
        "Microsoft.Insights/AlertRules/Delete",
        "Microsoft.Insights/AlertRules/Read",
        "Microsoft.Insights/AlertRules/Activated/Action",
        "Microsoft.Insights/AlertRules/Resolved/Action",
        "Microsoft.Insights/AlertRules/Throttled/Action",
        "Microsoft.Insights/AlertRules/Incidents/Read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/logs/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight on AKS Cluster Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

HDInsight pada Admin Kumpulan Kluster AKS

Dapat membaca, membuat, memodifikasi, dan menghapus HDInsight pada kumpulan kluster AKS dan membuat kluster

Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.HDInsight/clusterPools/clusters/read Dapatkan detail tentang HDInsight di Kluster AKS
Microsoft.HDInsight/clusterPools/clusters/write Membuat atau Memperbarui HDInsight pada Kluster AKS
Microsoft.HDInsight/clusterPools/delete Menghapus HDInsight pada Kumpulan Kluster AKS
Microsoft.HDInsight/clusterPools/read Dapatkan detail tentang HDInsight di Kumpulan Kluster AKS
Microsoft.HDInsight/clusterPools/write Membuat atau Memperbarui HDInsight di Kumpulan Kluster AKS
Microsoft.HDInsight/clusterpools/availableupgrades/read Mendapatkan Peningkatan yang Dapat Valid untuk HDInsight pada Kumpulan Kluster AKS
Microsoft.HDInsight/clusterpools/upgrade/action Meningkatkan HDInsight pada Kumpulan Kluster AKS
Microsoft.HDInsight/clusterPools/upgradehistories/read Membaca HDInsight pada Riwayat Peningkatan Kumpulan Kluster AKS
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/operasi/baca Mendapatkan atau mencantumkan operasi penyebaran.
Microsoft.Resources/deployments/validate/action Memvalidasi penyebaran.
Microsoft.Resources/penyebaran/*/baca
Microsoft.Resources/penyebaran/baca Mendapatkan atau mencantumkan penyebaran.
Microsoft.Resources/penyebaran/tulis Membuat atau memperbarui penyebaran.
Microsoft.Resources/deployments/exportTemplate/action Mengekspor templat untuk penyebaran
Microsoft.Resources/deployments/validate/action Memvalidasi penyebaran.
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read Mendapatkan atau mencantumkan operasi penyebaran.
Microsoft.Resources/subscriptions/resourcegroups/deployments/read Mendapatkan atau mencantumkan penyebaran.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Insights/AlertRules/Write Membuat atau memperbarui pemberitahuan metrik klasik
Microsoft.Insights/AlertRules/Delete Menghapus pemberitahuan metrik klasik
Microsoft.Insights/AlertRules/Read Membaca pemberitahuan metrik klasik
Microsoft.Insights/AlertRules/Activated/Action Pemberitahuan metrik klasik diaktifkan
Microsoft.Insights/AlertRules/Resolved/Action Pemberitahuan metrik klasik diselesaikan
Microsoft.Insights/AlertRules/Throttled/Action Aturan pemberitahuan metrik klasik dibatasi
Microsoft.Insights/AlertRules/Incidents/Read Membaca insiden pemberitahuan metrik klasik
Microsoft.Insights/metrik/baca Membaca metrik
Microsoft.Insights/logs/read Membaca data dari semua log Anda
NotActions
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read, create, modify and delete HDInsight on AKS cluster pools and create clusters",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/7656b436-37d4-490a-a4ab-d39f838f0042",
  "name": "7656b436-37d4-490a-a4ab-d39f838f0042",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.HDInsight/clusterPools/clusters/read",
        "Microsoft.HDInsight/clusterPools/clusters/write",
        "Microsoft.HDInsight/clusterPools/delete",
        "Microsoft.HDInsight/clusterPools/read",
        "Microsoft.HDInsight/clusterPools/write",
        "Microsoft.HDInsight/clusterpools/availableupgrades/read",
        "Microsoft.HDInsight/clusterpools/upgrade/action",
        "Microsoft.HDInsight/clusterPools/upgradehistories/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/deployments/validate/action",
        "Microsoft.Resources/deployments/*/read",
        "Microsoft.Resources/deployments/read",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/deployments/exportTemplate/action",
        "Microsoft.Resources/deployments/validate/action",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Insights/AlertRules/Write",
        "Microsoft.Insights/AlertRules/Delete",
        "Microsoft.Insights/AlertRules/Read",
        "Microsoft.Insights/AlertRules/Activated/Action",
        "Microsoft.Insights/AlertRules/Resolved/Action",
        "Microsoft.Insights/AlertRules/Throttled/Action",
        "Microsoft.Insights/AlertRules/Incidents/Read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/logs/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight on AKS Cluster Pool Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Analitik Log

Kontributor Analitik Log dapat membaca semua data pemantauan dan mengedit pengaturan pemantauan. Pengaturan pemantauan pengeditan termasuk menambahkan ekstensi VM ke VM; membaca kunci akun penyimpanan untuk dapat mengonfigurasi koleksi log dari Azure Storage; menambahkan solusi; dan mengonfigurasi diagnostik Azure pada semua sumber daya Azure.

Pelajari lebih lanjut

Tindakan Deskripsi
*/read Membaca sumber daya dari semua jenis, kecuali rahasia.
Microsoft.ClassicCompute/virtualMachines/ekstensi/*
Microsoft.ClassicStorage/storageAccounts/listKeys/tindakan Mencantumkan kunci akses untuk akun penyimpanan.
Microsoft.Compute/virtualMachines/ekstensi/*
Microsoft.HybridCompute/mesin/ekstensi/tulis Menginstal atau Memperbarui ekstensi Azure Arc
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Insights/diagnosticSettings/* Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis
Microsoft.OperationalInsights/*
Microsoft.OperationsManagement/*
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/subscriptions/resourcegroups/penyebaran/*
Microsoft.Storage/storageAccounts/listKeys/tindakan Mengembalikan kunci akses untuk akun penyimpanan tertentu.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
NotActions
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.ClassicCompute/virtualMachines/extensions/*",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.Compute/virtualMachines/extensions/*",
        "Microsoft.HybridCompute/machines/extensions/write",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.OperationalInsights/*",
        "Microsoft.OperationsManagement/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Analitik Log

Pembaca Log Analytics dapat melihat dan mencari semua data pemantauan dan juga melihat pengaturan pemantauan, termasuk melihat konfigurasi diagnostik Azure di semua sumber daya Azure.

Pelajari lebih lanjut

Tindakan Deskripsi
*/read Membaca sumber daya dari semua jenis, kecuali rahasia.
Microsoft.OperationalInsights/ruang kerja/analitik/kueri/tindakan Cari menggunakan mesin baru.
Microsoft.OperationalInsights/ruang kerja/pencarian/tindakan Menjalankan kueri pencarian
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
NotActions
Microsoft.OperationalInsights/ruang kerja/sharedKeys/baca Mengambil kunci bersama untuk ruang kerja. Kunci ini digunakan untuk menghubungkan agen Microsoft Operational Insights ke ruang kerja.
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
  "name": "73c42c96-874c-492b-b04d-ab87d138a893",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.OperationalInsights/workspaces/sharedKeys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Schema Registry (Pratinjau)

Membaca, menulis, dan menghapus grup dan skema Schema Registry.

Tindakan Deskripsi
Microsoft.EventHub/namespaces/skemagroups/*
NotActions
Tidak ada
DataActions
Microsoft.EventHub/namespaces/skema/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read, write, and delete Schema Registry groups and schemas.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
  "name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Contributor (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Schema Registry (Pratinjau)

Membaca dan membuat daftar grup dan skema Schema Registry.

Tindakan Deskripsi
Microsoft.EventHub/namespaces/skemagroups/baca Mendapatkan daftar Deskripsi Sumber Daya SchemaGroup
NotActions
Tidak ada
DataActions
Microsoft.EventHub/namespaces/skema/baca Ambil skema
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read and list Schema Registry groups and schemas.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Penguji Kueri Azure Stream Analytics

Memungkinkan Anda melakukan pengujian kueri tanpa membuat pekerjaan analisis aliran terlebih dahulu

Tindakan Deskripsi
Microsoft.StreamAnalytics/locations/TestQuery/action Menguji Kueri untuk Penyedia Sumber Azure Stream Analytics
Microsoft.StreamAnalytics/locations/OperationResults/read Membaca Hasil Operasi Azure Stream Analytics
Microsoft.StreamAnalytics/locations/SampleInput/action Input Sampel untuk Penyedia Sumber Daya Azure Stream Analytics
Microsoft.StreamAnalytics/locations/CompileQuery/action Mengompilasi Kueri untuk Penyedia Sumber Daya Azure Stream Analytics
NotActions
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you perform query testing without creating a stream analytics job first",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf",
  "name": "1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf",
  "permissions": [
    {
      "actions": [
        "Microsoft.StreamAnalytics/locations/TestQuery/action",
        "Microsoft.StreamAnalytics/locations/OperationResults/read",
        "Microsoft.StreamAnalytics/locations/SampleInput/action",
        "Microsoft.StreamAnalytics/locations/CompileQuery/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Stream Analytics Query Tester",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Langkah berikutnya