Peran bawaan Azure untuk Analytics
Artikel ini mencantumkan peran bawaan Azure dalam kategori Analytics.
Pemilik Data Azure Event Hubs
Memungkinkan akses penuh ke sumber daya Azure Event Hubs.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.EventHub/* | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.EventHub/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
"name": "f526a384-b230-433a-b45c-95f59c4a2dec",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penerima Data Azure Event Hubs
Memungkinkan penerimaan akses ke sumber daya Azure Event Hubs.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.EventHub/*/eventhubs/consumergroups/baca | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.EventHub/*/terima/tindakan | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows receive access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/consumergroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Service Bus Data Sender
Memungkinkan untuk mengirim akses ke sumber daya Azure Event Hubs.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.EventHub/*/eventhubs/baca | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.EventHub/*/kirim/tindakan | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows send access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
"name": "2b629674-e913-4c01-ae53-ef4638d8f975",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Data Factory
Buat dan kelola pabrik data, serta sumber daya turunan di dalamnya.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.DataFactory/dataFactories/* | Buat dan kelola pabrik data, serta sumber daya turunan di dalamnya. |
| Microsoft.DataFactory/factories/* | Buat dan kelola pabrik data, serta sumber daya turunan di dalamnya. |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.EventGrid/eventSubscriptions/tulis | Membuat atau memperbarui kejadianSubscription |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Create and manage data factories, as well as child resources within them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
"name": "673868aa-7521-48a0-acc6-0f60742d39f5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DataFactory/dataFactories/*",
"Microsoft.DataFactory/factories/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.EventGrid/eventSubscriptions/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Factory Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penghapus Seluruh Data
Menghapus data pribadi dari ruang kerja Analitik Log.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Insights/komponen/*/baca | |
| Microsoft.Insights/komponen/pembersihan/tindakan | Membersihkan data dari Application Insights |
| Microsoft.OperationalInsights/ruang kerja/*/baca | Menampilkan data analitik log |
| Microsoft.OperationalInsights/ruang kerja/pembersihan/tindakan | Hapus data yang ditentukan berdasarkan kueri dari ruang kerja. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can purge analytics data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"permissions": [
{
"actions": [
"Microsoft.Insights/components/*/read",
"Microsoft.Insights/components/purge/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/purge/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Purger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Kluster HDInsight
Memungkinkan Anda membaca dan mengubah konfigurasi kluster HDInsight.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.HDInsight/*/baca | |
| Microsoft.HDInsight/kluster/getGatewaySettings/tindakan | Mendapatkan pengaturan gateway untuk Kluster HDInsight |
| Microsoft.HDInsight/kluster/getGatewaySettings/tindakan | Dapatkan pengaturan gateway untuk Klaster HDInsight |
| Microsoft.HDInsight/kluster/configurations/* | |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and modify HDInsight cluster configurations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
"name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
"permissions": [
{
"actions": [
"Microsoft.HDInsight/*/read",
"Microsoft.HDInsight/clusters/getGatewaySettings/action",
"Microsoft.HDInsight/clusters/updateGatewaySettings/action",
"Microsoft.HDInsight/clusters/configurations/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Cluster Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Layanan Domain HDInsight
Dapat Membaca, Membuat, Mengubah, dan Menghapus operasi terkait Layanan Domain yang diperlukan untuk Paket Keamanan Perusahaan HDInsight
| Tindakan | Deskripsi |
|---|---|
| Microsoft.AAD/*/baca | |
| Microsoft.AAD/domainLayanan/*/baca | |
| Microsoft.AAD/domainLayanan/oucontainer/* | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
"name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
"permissions": [
{
"actions": [
"Microsoft.AAD/*/read",
"Microsoft.AAD/domainServices/*/read",
"Microsoft.AAD/domainServices/oucontainer/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Domain Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight pada Admin Kluster AKS
Memberi pengguna/grup kemampuan untuk membuat, menghapus, dan mengelola kluster dalam kumpulan kluster tertentu. Admin Kluster juga dapat menjalankan beban kerja, memantau, dan mengelola semua aktivitas pengguna pada kluster ini.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.HDInsight/clusterPools/clusters/read | Dapatkan detail tentang HDInsight di Kluster AKS |
| Microsoft.HDInsight/clusterPools/clusters/write | Membuat atau Memperbarui HDInsight pada Kluster AKS |
| Microsoft.HDInsight/clusterPools/clusters/delete | Menghapus HDInsight pada kluster AKS |
| Microsoft.HDInsight/clusterPools/clusters/resize/action | Mengubah ukuran HDInsight pada Kluster AKS |
| Microsoft.HDInsight/clusterpools/clusters/instanceviews/read | Mendapatkan detail tentang HDInsight pada Tampilan Instans Kluster AKS |
| Microsoft.HDInsight/clusterPools/clusters/jobs/read | Mencantumkan HDInsight pada Pekerjaan Kluster AKS |
| Microsoft.HDInsight/clusterPools/clusters/runjob/action | Menjalankan HDInsight pada Pekerjaan Kluster AKS |
| Microsoft.HDInsight/clusterpools/clusters/serviceconfigs/read | Mendapatkan detail tentang HDInsight pada Konfigurasi Layanan Kluster AKS |
| Microsoft.HDInsight/clusterPools/clusters/availableupgrades/read | Mendapatkan Peningkatan yang Dapat Valid untuk HDInsight pada Kluster AKS |
| Microsoft.HDInsight/clusterPools/clusters/upgrade/action | Meningkatkan HDInsight pada Kluster AKS |
| Microsoft.HDInsight/clusterPools/clusters/rollback/action | Rollback HDInsight pada Peningkatan Kluster AKS |
| Microsoft.HDInsight/clusterPools/clusters/upgradehistories/read | Membaca HDInsight pada Riwayat Peningkatan Kluster AKS |
| Microsoft.HDInsight/clusterPools/clusters/libraries/read | Membaca HDInsight di Libaries Kluster AKS |
| Microsoft.HDInsight/clusterPools/clusters/managelibraries/action | Mengelola HDInsight pada Libaries Kluster AKS |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/penyebaran/*/baca | |
| Microsoft.Resources/penyebaran/baca | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Resources/deployments/validate/action | Memvalidasi penyebaran. |
| Microsoft.Resources/penyebaran/tulis | Membuat atau memperbarui penyebaran. |
| Microsoft.Resources/deployments/exportTemplate/action | Mengekspor templat untuk penyebaran |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Insights/AlertRules/Write | Membuat atau memperbarui pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Delete | Menghapus pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Read | Membaca pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Activated/Action | Pemberitahuan metrik klasik diaktifkan |
| Microsoft.Insights/AlertRules/Resolved/Action | Pemberitahuan metrik klasik diselesaikan |
| Microsoft.Insights/AlertRules/Throttled/Action | Aturan pemberitahuan metrik klasik dibatasi |
| Microsoft.Insights/AlertRules/Incidents/Read | Membaca insiden pemberitahuan metrik klasik |
| Microsoft.Insights/metrik/baca | Membaca metrik |
| Microsoft.Insights/logs/read | Membaca data dari semua log Anda |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Grants a user/group the ability to create, delete and manage clusters within a given cluster pool. Cluster Admin can also run workloads, monitor, and manage all user activity on these clusters.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fd036e6b-1266-47a0-b0bb-a05d04831731",
"name": "fd036e6b-1266-47a0-b0bb-a05d04831731",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.HDInsight/clusterPools/clusters/read",
"Microsoft.HDInsight/clusterPools/clusters/write",
"Microsoft.HDInsight/clusterPools/clusters/delete",
"Microsoft.HDInsight/clusterPools/clusters/resize/action",
"Microsoft.HDInsight/clusterpools/clusters/instanceviews/read",
"Microsoft.HDInsight/clusterPools/clusters/jobs/read",
"Microsoft.HDInsight/clusterPools/clusters/runjob/action",
"Microsoft.HDInsight/clusterpools/clusters/serviceconfigs/read",
"Microsoft.HDInsight/clusterPools/clusters/availableupgrades/read",
"Microsoft.HDInsight/clusterPools/clusters/upgrade/action",
"Microsoft.HDInsight/clusterPools/clusters/rollback/action",
"Microsoft.HDInsight/clusterPools/clusters/upgradehistories/read",
"Microsoft.HDInsight/clusterPools/clusters/libraries/read",
"Microsoft.HDInsight/clusterPools/clusters/managelibraries/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/*/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/logs/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight on AKS Cluster Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight pada Admin Kumpulan Kluster AKS
Dapat membaca, membuat, memodifikasi, dan menghapus HDInsight pada kumpulan kluster AKS dan membuat kluster
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.HDInsight/clusterPools/clusters/read | Dapatkan detail tentang HDInsight di Kluster AKS |
| Microsoft.HDInsight/clusterPools/clusters/write | Membuat atau Memperbarui HDInsight pada Kluster AKS |
| Microsoft.HDInsight/clusterPools/delete | Menghapus HDInsight pada Kumpulan Kluster AKS |
| Microsoft.HDInsight/clusterPools/read | Dapatkan detail tentang HDInsight di Kumpulan Kluster AKS |
| Microsoft.HDInsight/clusterPools/write | Membuat atau Memperbarui HDInsight di Kumpulan Kluster AKS |
| Microsoft.HDInsight/clusterpools/availableupgrades/read | Mendapatkan Peningkatan yang Dapat Valid untuk HDInsight pada Kumpulan Kluster AKS |
| Microsoft.HDInsight/clusterpools/upgrade/action | Meningkatkan HDInsight pada Kumpulan Kluster AKS |
| Microsoft.HDInsight/clusterPools/upgradehistories/read | Membaca HDInsight pada Riwayat Peningkatan Kumpulan Kluster AKS |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/deployments/validate/action | Memvalidasi penyebaran. |
| Microsoft.Resources/penyebaran/*/baca | |
| Microsoft.Resources/penyebaran/baca | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Resources/penyebaran/tulis | Membuat atau memperbarui penyebaran. |
| Microsoft.Resources/deployments/exportTemplate/action | Mengekspor templat untuk penyebaran |
| Microsoft.Resources/deployments/validate/action | Memvalidasi penyebaran. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.Insights/AlertRules/Write | Membuat atau memperbarui pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Delete | Menghapus pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Read | Membaca pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Activated/Action | Pemberitahuan metrik klasik diaktifkan |
| Microsoft.Insights/AlertRules/Resolved/Action | Pemberitahuan metrik klasik diselesaikan |
| Microsoft.Insights/AlertRules/Throttled/Action | Aturan pemberitahuan metrik klasik dibatasi |
| Microsoft.Insights/AlertRules/Incidents/Read | Membaca insiden pemberitahuan metrik klasik |
| Microsoft.Insights/metrik/baca | Membaca metrik |
| Microsoft.Insights/logs/read | Membaca data dari semua log Anda |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can read, create, modify and delete HDInsight on AKS cluster pools and create clusters",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7656b436-37d4-490a-a4ab-d39f838f0042",
"name": "7656b436-37d4-490a-a4ab-d39f838f0042",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.HDInsight/clusterPools/clusters/read",
"Microsoft.HDInsight/clusterPools/clusters/write",
"Microsoft.HDInsight/clusterPools/delete",
"Microsoft.HDInsight/clusterPools/read",
"Microsoft.HDInsight/clusterPools/write",
"Microsoft.HDInsight/clusterpools/availableupgrades/read",
"Microsoft.HDInsight/clusterpools/upgrade/action",
"Microsoft.HDInsight/clusterPools/upgradehistories/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/*/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/logs/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight on AKS Cluster Pool Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Analitik Log
Kontributor Analitik Log dapat membaca semua data pemantauan dan mengedit pengaturan pemantauan. Pengaturan pemantauan pengeditan termasuk menambahkan ekstensi VM ke VM; membaca kunci akun penyimpanan untuk dapat mengonfigurasi koleksi log dari Azure Storage; menambahkan solusi; dan mengonfigurasi diagnostik Azure pada semua sumber daya Azure.
| Tindakan | Deskripsi |
|---|---|
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| Microsoft.ClassicCompute/virtualMachines/ekstensi/* | |
| Microsoft.ClassicStorage/storageAccounts/listKeys/tindakan | Mencantumkan kunci akses untuk akun penyimpanan. |
| Microsoft.Compute/virtualMachines/ekstensi/* | |
| Microsoft.HybridCompute/mesin/ekstensi/tulis | Menginstal atau Memperbarui ekstensi Azure Arc |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/diagnosticSettings/* | Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis |
| Microsoft.OperationalInsights/* | |
| Microsoft.OperationsManagement/* | |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/subscriptions/resourcegroups/penyebaran/* | |
| Microsoft.Storage/storageAccounts/listKeys/tindakan | Mengembalikan kunci akses untuk akun penyimpanan tertentu. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.ClassicCompute/virtualMachines/extensions/*",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.Compute/virtualMachines/extensions/*",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/*",
"Microsoft.OperationsManagement/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Analitik Log
Pembaca Log Analytics dapat melihat dan mencari semua data pemantauan dan juga melihat pengaturan pemantauan, termasuk melihat konfigurasi diagnostik Azure di semua sumber daya Azure.
| Tindakan | Deskripsi |
|---|---|
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| Microsoft.OperationalInsights/ruang kerja/analitik/kueri/tindakan | Cari menggunakan mesin baru. |
| Microsoft.OperationalInsights/ruang kerja/pencarian/tindakan | Menjalankan kueri pencarian |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Microsoft.OperationalInsights/ruang kerja/sharedKeys/baca | Mengambil kunci bersama untuk ruang kerja. Kunci ini digunakan untuk menghubungkan agen Microsoft Operational Insights ke ruang kerja. |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
"name": "73c42c96-874c-492b-b04d-ab87d138a893",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.OperationalInsights/workspaces/sharedKeys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Schema Registry (Pratinjau)
Membaca, menulis, dan menghapus grup dan skema Schema Registry.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.EventHub/namespaces/skemagroups/* | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.EventHub/namespaces/skema/* | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read, write, and delete Schema Registry groups and schemas.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
"name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/*"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Contributor (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Schema Registry (Pratinjau)
Membaca dan membuat daftar grup dan skema Schema Registry.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.EventHub/namespaces/skemagroups/baca | Mendapatkan daftar Deskripsi Sumber Daya SchemaGroup |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.EventHub/namespaces/skema/baca | Ambil skema |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read and list Schema Registry groups and schemas.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/read"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penguji Kueri Azure Stream Analytics
Memungkinkan Anda melakukan pengujian kueri tanpa membuat pekerjaan analisis aliran terlebih dahulu
| Tindakan | Deskripsi |
|---|---|
| Microsoft.StreamAnalytics/locations/TestQuery/action | Menguji Kueri untuk Penyedia Sumber Azure Stream Analytics |
| Microsoft.StreamAnalytics/locations/OperationResults/read | Membaca Hasil Operasi Azure Stream Analytics |
| Microsoft.StreamAnalytics/locations/SampleInput/action | Input Sampel untuk Penyedia Sumber Daya Azure Stream Analytics |
| Microsoft.StreamAnalytics/locations/CompileQuery/action | Mengompilasi Kueri untuk Penyedia Sumber Daya Azure Stream Analytics |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform query testing without creating a stream analytics job first",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf",
"name": "1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf",
"permissions": [
{
"actions": [
"Microsoft.StreamAnalytics/locations/TestQuery/action",
"Microsoft.StreamAnalytics/locations/OperationResults/read",
"Microsoft.StreamAnalytics/locations/SampleInput/action",
"Microsoft.StreamAnalytics/locations/CompileQuery/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Stream Analytics Query Tester",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}