Peran bawaan Azure untuk Komputasi
Artikel ini mencantumkan peran bawaan Azure dalam kategori Komputasi.
Kontributor Mesin Virtual Klasik
Memungkinkan Anda mengelola virtual machines klasik, tetapi tidak dapat mengaksesnya, dan bukan jaringan virtual atau akun penyimpanan tempat virtual machines klasik tersambung.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.ClassicCompute/domainNames/* | Membuat dan mengelola nama domain komputasi klasik |
| Microsoft.ClassicCompute/virtualMachines/* | Membuat dan mengelola komputer virtual |
| Microsoft.ClassicNetwork/networkSecurityGroups/gabung/tindakan | |
| Microsoft.ClassicNetwork/reservedIps/tautan/tindakan | Menautkan IP khusus |
| Microsoft.ClassicNetwork/reservedIps/baca | Mendapatkan IP Khusus |
| Microsoft.ClassicNetwork/virtualNetworks/gabung/tindakan | Menggabungkan jaringan virtual. |
| Microsoft.ClassicNetwork/virtualNetworks/baca | Mendapatkan jaringan virtual. |
| Microsoft.ClassicStorage/storageAkcount/disk/baca | Mengembalikan disk akun penyimpanan. |
| Microsoft.ClassicStorage/storageAkcount/gambar/baca | Mengembalikan gambar akun penyimpanan. (Tidak digunakan lagi. Gunakan 'Microsoft.ClassicStorage/storageAccounts/vmImages') |
| Microsoft.ClassicStorage/storageAccounts/listKeys/tindakan | Mencantumkan kunci akses untuk akun penyimpanan. |
| Microsoft.ClassicStorage/storageAccounts/baca | Kembalikan akun penyimpanan dengan akun yang diberikan. |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicCompute/domainNames/*",
"Microsoft.ClassicCompute/virtualMachines/*",
"Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
"Microsoft.ClassicNetwork/reservedIps/link/action",
"Microsoft.ClassicNetwork/reservedIps/read",
"Microsoft.ClassicNetwork/virtualNetworks/join/action",
"Microsoft.ClassicNetwork/virtualNetworks/read",
"Microsoft.ClassicStorage/storageAccounts/disks/read",
"Microsoft.ClassicStorage/storageAccounts/images/read",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.ClassicStorage/storageAccounts/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Data untuk Disk Terkelola
Menyediakan izin untuk mengunggah data ke disk terkelola yang kosong, membaca, atau mengekspor data disk terkelola (tidak dilampirkan ke VM yang berjalan) dan rekam jepret menggunakan URI SAS dan autentikasi Azure AD.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Compute/disks/download/action | Melakukan operasi baca data pada Uri SAS Disk |
| Microsoft.Compute/disks/upload/action | Melakukan operasi tulis data pada Uri SAS Disk |
| Microsoft.Compute/snapshots/download/action | Melakukan operasi baca data pada Snapshot SAS Uri |
| Microsoft.Compute/snapshots/upload/action | Melakukan operasi tulis data pada Snapshot SAS Uri |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/959f8984-c045-4866-89c7-12bf9737be2e",
"name": "959f8984-c045-4866-89c7-12bf9737be2e",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Compute/disks/download/action",
"Microsoft.Compute/disks/upload/action",
"Microsoft.Compute/snapshots/download/action",
"Microsoft.Compute/snapshots/upload/action"
],
"notDataActions": []
}
],
"roleName": "Data Operator for Managed Disks",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Grup Aplikasi Desktop Virtualization
Kontributor Grup Aplikasi Virtualisasi Desktop.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DesktopVirtualization/applicationgroups/* | |
| Microsoft.DesktopVirtualization/hostpools/baca | Baca hostpool |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/baca | Baca hostpools/sessionhosts |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Contributor of the Desktop Virtualization Application Group.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/86240b0e-9422-4c43-887b-b61143f32ba8",
"name": "86240b0e-9422-4c43-887b-b61143f32ba8",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/applicationgroups/*",
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Application Group Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Grup Aplikasi Desktop Virtualization
Pembaca Grup Aplikasi Virtualisasi Desktop.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DesktopVirtualization/applicationgroups/*/baca | |
| Microsoft.DesktopVirtualization/applicationgroups/baca | Baca applicationgroups |
| Microsoft.DesktopVirtualization/hostpools/baca | Baca hostpool |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/baca | Baca hostpools/sessionhosts |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/baca | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/baca | Membaca pemberitahuan metrik klasik |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Reader of the Desktop Virtualization Application Group.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/aebf23d0-b568-4e86-b8f9-fe83a2c6ab55",
"name": "aebf23d0-b568-4e86-b8f9-fe83a2c6ab55",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/applicationgroups/*/read",
"Microsoft.DesktopVirtualization/applicationgroups/read",
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Application Group Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Virtualisasi Desktop
Kontributor Virtualisasi Desktop.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DesktopVirtualisasi/* | |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Contributor of Desktop Virtualization.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/082f0a83-3be5-4ba1-904c-961cca79b387",
"name": "082f0a83-3be5-4ba1-904c-961cca79b387",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Kumpulan Host Desktop Virtualization
Kontributor Kumpulan Host Virtualisasi Desktop.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DesktopVirtualization/hostpools/* | |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Contributor of the Desktop Virtualization Host Pool.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e307426c-f9b6-4e81-87de-d99efb3c32bc",
"name": "e307426c-f9b6-4e81-87de-d99efb3c32bc",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/hostpools/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Host Pool Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Kumpulan Host Desktop Virtualization
Pembaca Kumpulan Host Virtualisasi Desktop.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DesktopVirtualization/hostpools/*/baca | |
| Microsoft.DesktopVirtualization/hostpools/baca | Baca hostpool |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/baca | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/baca | Membaca pemberitahuan metrik klasik |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Reader of the Desktop Virtualization Host Pool.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ceadfde2-b300-400a-ab7b-6143895aa822",
"name": "ceadfde2-b300-400a-ab7b-6143895aa822",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/hostpools/*/read",
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Host Pool Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Desktop Virtualization
Pembaca Virtualisasi Desktop.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DesktopVirtualization/*/baca | |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/baca | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/baca | Membaca pemberitahuan metrik klasik |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Reader of Desktop Virtualization.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/49a72310-ab8d-41df-bbb0-79b649203868",
"name": "49a72310-ab8d-41df-bbb0-79b649203868",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Host Sesi Desktop Virtualization
Operator Host Sesi Desktop Virtualization.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DesktopVirtualization/hostpools/baca | Baca hostpool |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/* | |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Operator of the Desktop Virtualization Session Host.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2ad6aaab-ead9-4eaa-8ac5-da422f562408",
"name": "2ad6aaab-ead9-4eaa-8ac5-da422f562408",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Session Host Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pengguna Desktop Virtualization
Memungkinkan pengguna untuk menggunakan aplikasi di grup aplikasi.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.DesktopVirtualization/applicationGroups/useApplications/tindakan | Menggunakan ApplicationGroup |
| Microsoft.DesktopVirtualization/appAttachPackages/useApplications/action | Mengizinkan izin pengguna pada paket lampiran aplikasi dalam grup aplikasi |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows user to use the applications in an application group.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63",
"name": "1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.DesktopVirtualization/applicationGroups/useApplications/action",
"Microsoft.DesktopVirtualization/appAttachPackages/useApplications/action"
],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Sesi Pengguna Desktop Virtualization
Operator Sesi Pengguna Virtualisasi Desktop.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DesktopVirtualization/hostpools/baca | Baca hostpool |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/baca | Baca hostpools/sessionhosts |
| Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/* | |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Operator of the Desktop Virtualization Uesr Session.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6",
"name": "ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/hostpools/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/read",
"Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization User Session Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Ruang Kerja Desktop Virtualization
Kontributor Ruang Kerja Virtualisasi Desktop.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DesktopVirtualization/ruang kerja/* | |
| Microsoft.DesktopVirtualization/applicationgroups/baca | Baca applicationgroups |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Contributor of the Desktop Virtualization Workspace.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/21efdde3-836f-432b-bf3d-3e8e734d4b2b",
"name": "21efdde3-836f-432b-bf3d-3e8e734d4b2b",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/workspaces/*",
"Microsoft.DesktopVirtualization/applicationgroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Workspace Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Ruang Kerja Desktop Virtualization
Pembaca Ruang Kerja Virtualisasi Desktop.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.DesktopVirtualization/ruang kerja/baca | Membaca ruang kerja |
| Microsoft.DesktopVirtualization/applicationgroups/baca | Baca applicationgroups |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/baca | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/baca | Membaca pemberitahuan metrik klasik |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Reader of the Desktop Virtualization Workspace.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0fa44ee9-7a7d-466b-9bb2-2bf446b1204d",
"name": "0fa44ee9-7a7d-466b-9bb2-2bf446b1204d",
"permissions": [
{
"actions": [
"Microsoft.DesktopVirtualization/workspaces/read",
"Microsoft.DesktopVirtualization/applicationgroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Desktop Virtualization Workspace Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Backup Disk
Memberikan izin ke vault cadangan untuk melakukan pencadangan disk.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Compute/disks/baca | Dapatkan properti Disk |
| Microsoft.Compute/disks/beginGetAccess/tindakan | Mendapatkan URI SAS dari Disk untuk akses blob |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Provides permission to backup vault to perform disk backup.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3e5e47e6-65f7-47ef-90b5-e5dd4d455f24",
"name": "3e5e47e6-65f7-47ef-90b5-e5dd4d455f24",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/beginGetAccess/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Backup Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Kumpulan Disk
Berikan izin kepada Penyedia Sumber Daya StoragePool untuk mengelola disk yang ditambahkan ke kumpulan disk.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Compute/disks/tulis | Membuat Image baru atau memperbarui Image yang sudah ada |
| Microsoft.Compute/disks/baca | Dapatkan properti Disk |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840",
"name": "60fc6e62-5479-42d4-8bf4-67625fcc2840",
"permissions": [
{
"actions": [
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Pool Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Pemulihan Disk
Memberikan izin ke vault cadangan untuk melakukan pemulihan disk.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Compute/disks/tulis | Membuat Image baru atau memperbarui Image yang sudah ada |
| Microsoft.Compute/disks/baca | Dapatkan properti Disk |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Provides permission to backup vault to perform disk restore.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b50d9833-a0cb-478e-945f-707fcc997c13",
"name": "b50d9833-a0cb-478e-945f-707fcc997c13",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Restore Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Snapshot Disk
Memberikan izin ke vault cadangan untuk mengelola rekam jepret disk.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Compute/snapshots/hapus | Menghapus Snapshot |
| Microsoft.Compute/snapshots/tulis | Membuat Snapshot baru atau memperbarui snapshot yang sudah ada |
| Microsoft.Compute/snapshots/baca | Mendapatkan properti Snapshot |
| Microsoft.Compute/snapshots/beginGetAccess/tindakan | Dapatkan SAS URI dari Snapshot untuk akses blob |
| Microsoft.Compute/snapshots/endGetAccess/tindakan | Mencabut SAS URI dari Snapshot |
| Microsoft.Compute/disks/beginGetAccess/tindakan | Mendapatkan URI SAS dari Disk untuk akses blob |
| Microsoft.Storage/storageAccounts/listKeys/tindakan | Mengembalikan kunci akses untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/tulis | Membuat akun penyimpanan dengan parameter yang ditentukan atau memperbarui properti atau tag atau menambahkan domain kustom untuk akun penyimpanan yang ditentukan. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/hapus | Menghapus akun penyimpanan yang sudah ada. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Provides permission to backup vault to manage disk snapshots.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7efff54f-a5b4-42b5-a1c5-5411624893ce",
"name": "7efff54f-a5b4-42b5-a1c5-5411624893ce",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Compute/snapshots/delete",
"Microsoft.Compute/snapshots/write",
"Microsoft.Compute/snapshots/read",
"Microsoft.Compute/snapshots/beginGetAccess/action",
"Microsoft.Compute/snapshots/endGetAccess/action",
"Microsoft.Compute/disks/beginGetAccess/action",
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/write",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Disk Snapshot Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Informasi Masuk Administrator Virtual Machine
Melihat Virtual Machines dalam portal dan masuk sebagai administrator
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Network/publicIPAddresses/baca | Mendapatkan definisi alamat IP publik. |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Compute/virtualMachines/*/baca | |
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.Hybrid Koneksi ivity/endpoints/listCredentials/action | Mendapatkan kredensial akses titik akhir ke sumber daya. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Compute/virtualMachines/login/tindakan | Masuk ke mesin virtual sebagai pengguna biasa |
| Microsoft.Compute/virtualMachines/loginAsAdmin/tindakan | Masuk ke komputer virtual dengan admin Windows atau hak istimewa pengguna akar Linux |
| Microsoft.HybridCompute/machines/login/action | Masuk ke komputer Azure Arc sebagai pengguna biasa |
| Microsoft.HybridCompute/machines/loginAsAdmin/action | Masuk ke komputer Azure Arc dengan administrator Windows atau hak istimewa pengguna root Linux |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as administrator",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
"name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridConnectivity/endpoints/listCredentials/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action",
"Microsoft.Compute/virtualMachines/loginAsAdmin/action",
"Microsoft.HybridCompute/machines/login/action",
"Microsoft.HybridCompute/machines/loginAsAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine Administrator Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Komputer Virtual
Membuat dan mengelola komputer virtual, mengelola disk, menginstal dan menjalankan perangkat lunak, mengatur ulang kata sandi pengguna akar komputer virtual menggunakan ekstensi VM, dan mengelola akun pengguna lokal menggunakan ekstensi VM. Peran ini tidak memberi Anda akses manajemen ke jaringan virtual atau akun penyimpanan yang terhubung dengan mesin virtual. Peran ini tidak memungkinkan Anda untuk menetapkan peran di Azure RBAC.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Compute/availabilitySets/* | Membuat dan mengelola set ketersediaan |
| Microsoft.Compute/lokasi/* | Membuat dan mengelola lokasi komputasi |
| Microsoft.Compute/virtualMachines/* | Lakukan semua tindakan mesin virtual termasuk membuat, memperbarui, menghapus, memulai, memulai ulang, dan mematikan mesin virtual. Jalankan skrip pada mesin virtual. |
| Microsoft.Compute/virtualMachineScaleSets/* | Membuat dan mengelola set skala komputer virtual |
| Microsoft.Compute/cloudServices/* | |
| Microsoft.Compute/disks/tulis | Membuat Image baru atau memperbarui Image yang sudah ada |
| Microsoft.Compute/disks/baca | Dapatkan properti Disk |
| Microsoft.Compute/disks/hapus | Menghapus Disk |
| Microsoft.DevTestLab/jadwal/* | |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Network/applicationGateways/backendAddressPools/gabung/tindakan | Menggabungkan kumpulan alamat ujung belakang gateway aplikasi. Tidak bisa diperingatkan. |
| Microsoft.Network/loadBalancers/backendAddressPools/gabung/tindakan | Menggabungkan kumpulan alamat ujung belakang penyeimbang muatan. Tidak bisa diperingatkan. |
| Microsoft.Network/loadBalancers/inboundNatPools/gabung/tindakan | Menggabungkan kumpulan NAT masuk penyeimbang muatan. Tidak dapat diberi tahu. |
| Microsoft.Network/loadBalancers/inboundNatRules/gabung/tindakan | Bergabung dengan kumpulan NAT masuk penyeimbang muatan. Tidak bisa diperingatkan. |
| Microsoft.Network/loadBalancers/probes/gabung/tindakan | Memungkinkan penggunaan probe penyeimbang muatan. Misalnya, dengan izin ini properti healthProbe set skala VM dapat mereferensikan penyelidikan. Tidak dapat diberi tahu. |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/lokasi/* | Membuat dan mengelola lokasi jaringan |
| Microsoft.Network/networkInterfaces/* | Membuat dan mengelola antarmuka jaringan |
| Microsoft.Network/networkSecurityGroups/gabung/tindakan | Menggabungkan kelompok keamanan jaringan. Tidak bisa diperingatkan. |
| Microsoft.Network/networkSecurityGroups/baca | Mendapatkan definisi kelompok keamanan jaringan |
| Microsoft.Network/publicIPAddresses/gabung/tindakan | Menggabungkan alamat IP publik. Tidak bisa diperingatkan. |
| Microsoft.Network/publicIPAddresses/baca | Mendapatkan definisi alamat IP publik. |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/gabung/tindakan | Bergabung dengan jaringan virtual. Tidak bisa diperingatkan. |
| Microsoft.RecoveryServices/lokasi/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/tulis | Membuat Niat Perlindungan cadangan |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/baca | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/baca | Mengembalikan detail objek Item yang Diproteksi |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/tulis | Buat Item yang Diproteksi cadangan |
| Microsoft.RecoveryServices/Vaults/backupPolicies/baca | Menampilkan semua Kebijakan Perlindungan |
| Microsoft.RecoveryServices/Vaults/backupPolicies/tulis | Membuat Kebijakan Perlindungan |
| Microsoft.RecoveryServices/Vaults/baca | Operasi Mendapatkan Vault mendapatkan objek yang mewakili sumber daya Azure jenis 'vault' |
| Microsoft.RecoveryServices/Vaults/penggunaan/baca | Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan. |
| Microsoft.RecoveryServices/Vaults/tulis | Operasi Create Vault membuat sumber daya Azure jenis 'vault' |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.SerialConsole/serialPorts/connect/action | Menyambungkan ke port serial |
| Microsoft.SqlVirtualMachine/* | |
| Microsoft.Storage/storageAccounts/listKeys/tindakan | Mengembalikan kunci akses untuk akun penyimpanan tertentu. |
| Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/locations/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/virtualMachineScaleSets/*",
"Microsoft.Compute/cloudServices/*",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/delete",
"Microsoft.DevTestLab/schedules/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/applicationGateways/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/loadBalancers/probes/join/action",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/locations/*",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/write",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SerialConsole/serialPorts/connect/action",
"Microsoft.SqlVirtualMachine/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Akses Data Komputer Virtual (pratinjau)
Kelola akses ke Komputer Virtual dengan menambahkan atau menghapus penetapan peran untuk peran Masuk Administrator Komputer Virtual dan Login Pengguna Komputer Virtual. Menyertakan kondisi ABAC untuk membatasi penetapan peran.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/roleAssignments/write | Membuat penetapan peran pada cakupan yang ditentukan. |
| Microsoft.Authorization/roleAssignments/delete | Menghapus penetapan peran pada cakupan yang ditentukan. |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Management/managementGroups/baca | Grup manajemen daftar untuk pengguna yang diautentikasi. |
| Microsoft.Network/publicIPAddresses/baca | Mendapatkan definisi alamat IP publik. |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Compute/virtualMachines/*/baca | |
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada | |
| Kondisi | |
| ((! (ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{1c0163c0-47e6-4577-8991-ea5c82e286e4, fb879df8-f326-4884-b1cf-06f3ad86be52})) AND ((!( ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{1c0163c0-47e6-4577-8991-ea5c82e286e4, fb879df8-f326-4884-b1cf-06f3ad86be52})) | Tambahkan atau hapus penetapan peran untuk peran berikut: Informasi Masuk Administrator Virtual Machine Login Pengguna Mesin Virtual |
{
"assignableScopes": [
"/"
],
"description": "Manage access to Virtual Machines by adding or removing role assignments for the Virtual Machine Administrator Login and Virtual Machine User Login roles. Includes an ABAC condition to constrain role assignments.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/66f75aeb-eabe-4b70-9f1e-c350c4c9ad04",
"name": "66f75aeb-eabe-4b70-9f1e-c350c4c9ad04",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"conditionVersion": "2.0",
"condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{1c0163c0-47e6-4577-8991-ea5c82e286e4, fb879df8-f326-4884-b1cf-06f3ad86be52})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{1c0163c0-47e6-4577-8991-ea5c82e286e4, fb879df8-f326-4884-b1cf-06f3ad86be52}))"
}
],
"roleName": "Virtual Machine Data Access Administrator (preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Masuk Pengguna Lokal Komputer Virtual
Lihat Komputer Virtual di portal dan masuk sebagai pengguna lokal yang dikonfigurasi di server arc
| Tindakan | Deskripsi |
|---|---|
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.Hybrid Koneksi ivity/endpoints/listCredentials/action | Mendapatkan kredensial akses titik akhir ke sumber daya. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as a local user configured on the arc server",
"id": "/providers/Microsoft.Authorization/roleDefinitions/602da2ba-a5c2-41da-b01d-5360126ab525",
"name": "602da2ba-a5c2-41da-b01d-5360126ab525",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridConnectivity/endpoints/listCredentials/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Virtual Machine Local User Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Login Pengguna Mesin Virtual
Melihat Virtual Machines di portal dan masuk sebagai pengguna biasa.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Network/publicIPAddresses/baca | Mendapatkan definisi alamat IP publik. |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Compute/virtualMachines/*/baca | |
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.Hybrid Koneksi ivity/endpoints/listCredentials/action | Mendapatkan kredensial akses titik akhir ke sumber daya. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Compute/virtualMachines/login/tindakan | Masuk ke mesin virtual sebagai pengguna biasa |
| Microsoft.HybridCompute/machines/login/action | Masuk ke komputer Azure Arc sebagai pengguna biasa |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as a regular user.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
"name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridConnectivity/endpoints/listCredentials/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action",
"Microsoft.HybridCompute/machines/login/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine User Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Masuk Administrator Pusat Admin Windows
Mari kita kelola OS sumber daya Anda melalui Pusat Admin Windows sebagai administrator.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.HybridCompute/machines/*/read | |
| Microsoft.HybridCompute/machines/extensions/* | |
| Microsoft.HybridCompute/machines/upgradeExtensions/action | Meningkatkan Ekstensi pada komputer Azure Arc |
| Microsoft.HybridCompute/operations/read | Membaca semua Operasi Azure Arc untuk Server |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/publicIPAddresses/baca | Mendapatkan definisi alamat IP publik. |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/networkSecurityGroups/baca | Mendapatkan definisi kelompok keamanan jaringan |
| Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read | Mendapatkan definisi aturan keamanan default |
| Microsoft.Network/networkWatchers/securityGroupView/action | Melihat aturan kelompok keamanan jaringan yang dikonfigurasi dan efektif yang diterapkan pada VM. |
| Microsoft.Network/networkSecurityGroups/securityRules/read | Mendapatkan definisi aturan keamanan |
| Microsoft.Network/networkSecurityGroups/securityRules/write | Membuat aturan keamanan atau memperbarui aturan keamanan yang sudah ada |
| Microsoft.Hybrid Koneksi ivity/endpoints/write | Perbarui titik akhir ke sumber daya target. |
| Microsoft.Hybrid Koneksi ivity/endpoints/read | Mendapatkan titik akhir ke sumber daya. |
| Microsoft.Hybrid Koneksi ivity/endpoints/serviceConfigurations/write | Perbarui detail layanan dalam konfigurasi layanan sumber daya target. |
| Microsoft.Hybrid Koneksi ivity/endpoints/serviceConfigurations/read | Mendapatkan detail tentang layanan ke sumber daya. |
| Microsoft.Hybrid Koneksi ivity/endpoints/listManagedProxyDetails/action | Mengambil detail proksi terkelola |
| Microsoft.Compute/virtualMachines/baca | Mendapatkan properti mesin virtual |
| Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/read | Mengambil ringkasan operasi penilaian patch terbaru |
| Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/softwarePatches/read | Mengambil daftar patch yang dinilai selama operasi penilaian patch terakhir |
| Microsoft.Compute/virtualMachines/patchInstallationResults/read | Mengambil ringkasan operasi penginstalan patch terbaru |
| Microsoft.Compute/virtualMachines/patchInstallationResults/softwarePatches/read | Mengambil daftar patch yang mencoba untuk dipasang selama operasi penginstalan patch terakhir |
| Microsoft.Compute/virtualMachines/extensions/read | Mendapatkan properti ekstensi komputer virtual |
| Microsoft.Compute/virtualMachines/instanceView/read | Mendapatkan status runtime detail komputer virtual dan sumber dayanya |
| Microsoft.Compute/virtualMachines/runCommands/read | Mendapatkan properti perintah eksekusi komputer virtual |
| Microsoft.Compute/virtualMachines/vmSizes/baca | Daftar ukuran yang tersedia yang dapat digunakan untuk memperbarui mesin virtual |
| Microsoft.Compute/locations/publishers/artifacttypes/type/read | Mendapatkan properti Jenis VMExtension |
| Microsoft.Compute/locations/publishers/artifacttypes/type/versions/read | Mendapatkan properti dari Versi VMExtension |
| Microsoft.Compute/diskAccesses/read | Mendapatkan properti dari sumber daya DiskAccess |
| Microsoft.Compute/galleries/images/read | Mendapatkan properti Gambar Galeri |
| Microsoft.Compute/images/read | Mendapatkan properti dari Gambar |
| Microsoft.AzureStackHCI/Clusters/Read | Mendapatkan kluster |
| Microsoft.AzureStackHCI/Clusters/Arc Pengaturan/Read | Mendapatkan sumber daya busur kluster HCI |
| Microsoft.AzureStackHCI/Clusters/Arc Pengaturan/Extensions/Read | Mendapatkan sumber daya ekstensi kluster HCI |
| Microsoft.AzureStackHCI/Clusters/Arc Pengaturan/Extensions/Write | Membuat atau memperbarui sumber daya ekstensi kluster HCI |
| Microsoft.AzureStackHCI/Clusters/Arc Pengaturan/Extensions/Delete | Menghapus sumber daya ekstensi kluster HCI |
| Microsoft.AzureStackHCI/Operations/Read | Mendapatkan operasi |
| Microsoft. Koneksi edVMwarevSphere/VirtualMachines/Read | Membaca virtualmachines |
| Microsoft. Koneksi edVMwarevSphere/VirtualMachines/Extensions/Write | Menulis sumber daya ekstensi |
| Microsoft. Koneksi edVMwarevSphere/VirtualMachines/Extensions/Read | Mendapatkan sumber daya ekstensi |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.HybridCompute/machines/WACLoginAsAdmin/action | Memungkinkan Anda mengelola OS sumber daya Anda melalui Pusat Admin Windows sebagai administrator. |
| Microsoft.Compute/virtualMachines/WACloginAsAdmin/action | Memungkinkan Anda mengelola OS sumber daya Anda melalui Pusat Admin Windows sebagai administrator |
| Microsoft.AzureStackHCI/Clusters/WACloginAsAdmin/Action | Mengelola OS sumber daya HCI melalui Pusat Admin Windows sebagai administrator |
| Microsoft. Koneksi edVMwarevSphere/virtualmachines/WACloginAsAdmin/action | Memungkinkan Anda mengelola OS sumber daya Anda melalui Pusat Admin Windows sebagai administrator. |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Let's you manage the OS of your resource via Windows Admin Center as an administrator.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a6333a3e-0164-44c3-b281-7a577aff287f",
"name": "a6333a3e-0164-44c3-b281-7a577aff287f",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/*/read",
"Microsoft.HybridCompute/machines/extensions/*",
"Microsoft.HybridCompute/machines/upgradeExtensions/action",
"Microsoft.HybridCompute/operations/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read",
"Microsoft.Network/networkWatchers/securityGroupView/action",
"Microsoft.Network/networkSecurityGroups/securityRules/read",
"Microsoft.Network/networkSecurityGroups/securityRules/write",
"Microsoft.HybridConnectivity/endpoints/write",
"Microsoft.HybridConnectivity/endpoints/read",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read",
"Microsoft.HybridConnectivity/endpoints/listManagedProxyDetails/action",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/read",
"Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/softwarePatches/read",
"Microsoft.Compute/virtualMachines/patchInstallationResults/read",
"Microsoft.Compute/virtualMachines/patchInstallationResults/softwarePatches/read",
"Microsoft.Compute/virtualMachines/extensions/read",
"Microsoft.Compute/virtualMachines/instanceView/read",
"Microsoft.Compute/virtualMachines/runCommands/read",
"Microsoft.Compute/virtualMachines/vmSizes/read",
"Microsoft.Compute/locations/publishers/artifacttypes/types/read",
"Microsoft.Compute/locations/publishers/artifacttypes/types/versions/read",
"Microsoft.Compute/diskAccesses/read",
"Microsoft.Compute/galleries/images/read",
"Microsoft.Compute/images/read",
"Microsoft.AzureStackHCI/Clusters/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Write",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Extensions/Delete",
"Microsoft.AzureStackHCI/Operations/Read",
"Microsoft.ConnectedVMwarevSphere/VirtualMachines/Read",
"Microsoft.ConnectedVMwarevSphere/VirtualMachines/Extensions/Write",
"Microsoft.ConnectedVMwarevSphere/VirtualMachines/Extensions/Read"
],
"notActions": [],
"dataActions": [
"Microsoft.HybridCompute/machines/WACLoginAsAdmin/action",
"Microsoft.Compute/virtualMachines/WACloginAsAdmin/action",
"Microsoft.AzureStackHCI/Clusters/WACloginAsAdmin/Action",
"Microsoft.ConnectedVMwarevSphere/virtualmachines/WACloginAsAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Windows Admin Center Administrator Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}