Peran bawaan Azure untuk Umum
Artikel ini mencantumkan peran bawaan Azure dalam kategori Umum.
Kontributor
Memberikan akses penuh untuk mengelola semua sumber daya, tetapi tidak mengizinkan Anda untuk menetapkan peran di RBAC Azure, mengelola tugas di Azure Blueprints, atau berbagi galeri gambar.
| Tindakan | Deskripsi |
|---|---|
| * | Membuat dan mengelola sumber daya dari semua jenis |
| NotActions | |
| Microsoft.Authorization/*/Hapus | Menghapus peran, penetapan kebijakan, definisi kebijakan, dan definisi yang ditetapkan kebijakan |
| Microsoft.Authorization/*/Tulis | Menghapus peran, penetapan kebijakan, definisi kebijakan, dan definisi yang ditetapkan kebijakan |
| Microsoft.Authorization/elevateAccess/Tindakan | Memberi pemanggil akses Administrator Akses Pengguna pada lingkup penyewa |
| Microsoft.Blueprint/blueprintAssignments/tulis | Membuat atau memperbarui penetapan cetak biru apa pun |
| Microsoft.Blueprint/blueprintAssignments/hapus | Menghapus tugas cetak biru apa pun |
| Microsoft.Compute/galeri/berbagi/tindakan | Membagikan Galeri ke cakupan yang berbeda |
| Microsoft.Purview/consents/write | Membuat atau Memperbarui Sumber Daya Persetujuan. |
| Microsoft.Purview/consents/delete | Hapus Sumber Daya Persetujuan. |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
"name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
"permissions": [
{
"actions": [
"*"
],
"notActions": [
"Microsoft.Authorization/*/Delete",
"Microsoft.Authorization/*/Write",
"Microsoft.Authorization/elevateAccess/Action",
"Microsoft.Blueprint/blueprintAssignments/write",
"Microsoft.Blueprint/blueprintAssignments/delete",
"Microsoft.Compute/galleries/share/action",
"Microsoft.Purview/consents/write",
"Microsoft.Purview/consents/delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik
Memberikan akses penuh untuk mengelola semua sumber daya, termasuk kemampuan untuk menetapkan peran di RBAC Azure.
| Tindakan | Deskripsi |
|---|---|
| * | Membuat dan mengelola sumber daya dari semua jenis |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"permissions": [
{
"actions": [
"*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca
Melihat semua sumber daya, namun tidak mengizinkan Anda untuk melakukan perubahan apa pun.
| Tindakan | Deskripsi |
|---|---|
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "View all resources, but does not allow you to make any changes.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
"name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
"permissions": [
{
"actions": [
"*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Kontrol Akses Berbasis Peran
Kelola akses ke sumber daya Azure dengan menetapkan peran menggunakan Azure RBAC. Peran ini tidak memungkinkan Anda mengelola akses menggunakan cara lain, seperti Azure Policy.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/roleAssignments/write | Membuat penetapan peran pada cakupan yang ditentukan. |
| Microsoft.Authorization/roleAssignments/delete | Menghapus penetapan peran pada cakupan yang ditentukan. |
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Manage access to Azure resources by assigning roles using Azure RBAC. This role does not allow you to manage access using other ways, such as Azure Policy.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f58310d9-a9f6-439a-9e8d-f62e7b41a168",
"name": "f58310d9-a9f6-439a-9e8d-f62e7b41a168",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete",
"*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Role Based Access Control Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Akses Administrator Pengguna
Memungkinkan Anda mengelola akses pengguna ke sumber daya Azure.
| Tindakan | Deskripsi |
|---|---|
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| Microsoft.Authorization/* | Mengelola otorisasi |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage user access to Azure resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "User Access Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}