Peran bawaan Azure untuk Hibrid + multicloud
Artikel ini mencantumkan peran bawaan Azure dalam kategori Hibrid + multicloud.
Peran Penyebaran Azure Resource Bridge
Peran Penyebaran Azure Resource Bridge
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/roleassignments/read | Mendapatkan informasi tentang penetapan peran. |
| Microsoft.AzureStackHCI/Register/Action | Mendaftarkan langganan untuk penyedia sumber daya Azure Stack HCI dan memungkinkan pembuatan sumber daya Azure Stack HCI. |
| Microsoft.Resource Koneksi or/register/action | Mendaftarkan langganan untuk penyedia sumber daya Appliances dan memungkinkan pembuatan Appliance. |
| Microsoft.Resource Koneksi or/appliances/read | Mendapatkan sumber daya Appliance |
| Microsoft.Resource Koneksi or/appliances/write | Membuat atau Memperbarui sumber daya Appliance |
| Microsoft.Resource Koneksi or/appliances/delete | Menghapus sumber daya Appliance |
| Microsoft.Resource Koneksi or/locations/operationresults/read | Dapatkan hasil operasi Appliance |
| Microsoft.Resource Koneksi or/locations/operationsstatus/read | Dapatkan hasil operasi Appliance |
| Microsoft.Resource Koneksi or/appliances/listClusterUserCredential/action | Mendapatkan kredensial pengguna kluster appliance |
| Microsoft.Resource Koneksi or/appliances/listKeys/action | Mendapatkan kunci pengguna pelanggan kluster appliance |
| Microsoft.Resource Koneksi or/appliances/upgradeGraphs/read | Mendapatkan grafik peningkatan kluster Appliance |
| Microsoft.Resource Koneksi or/telemetryconfig/read | Mendapatkan konfigurasi telemetri Appliances yang digunakan oleh Appliances CLI |
| Microsoft.Resource Koneksi or/operations/read | Mendapatkan daftar Operasi yang Tersedia untuk Appliance |
| Microsoft.ExtendedLocation/register/action | Mendaftarkan langganan untuk penyedia sumber daya Lokasi Kustom dan mengaktifkan pembuatan Lokasi Kustom. |
| Microsoft.ExtendedLocation/customLocations/deploy/action | Menyebarkan izin ke sumber daya Lokasi Kustom |
| Microsoft.ExtendedLocation/customLocations/read | Mendapatkan sumber daya Lokasi Kustom |
| Microsoft.ExtendedLocation/customLocations/write | Membuat atau Memperbarui sumber daya Lokasi Kustom |
| Microsoft.ExtendedLocation/customLocations/delete | Menghapus sumber daya Lokasi Kustom |
| Microsoft.Hybrid Koneksi ivity/register/action | Mendaftarkan langganan untuk Microsoft.Hybrid Koneksi ivity |
| Microsoft.Kubernetes/register/action | Daftar Langganan dengan penyedia sumber daya Microsoft.Kubernetes |
| Microsoft.KubernetesConfiguration/register/action | Mendaftarkan langganan ke penyedia sumber daya Microsoft.KubernetesConfiguration. |
| Microsoft.KubernetesConfiguration/extensions/write | Membuat atau memperbarui ekstensi sumber daya. |
| Microsoft.KubernetesConfiguration/extensions/read | Mendapatkan sumber daya instans ekstensi. |
| Microsoft.KubernetesConfiguration/extensions/delete | Menghapus sumber daya instans ekstensi. |
| Microsoft.KubernetesConfiguration/extensions/operations/read | Membaca Status Operasi Async. |
| Microsoft.KubernetesConfiguration/namespaces/read | Dapatkan Sumber Daya Namespace |
| Microsoft.KubernetesConfiguration/operations/read | Mendapatkan operasi yang tersedia dari penyedia sumber daya Microsoft.KubernetesConfiguration. |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/baca | Mendapatkan penugasan konfigurasi tamu. |
| Microsoft.HybridContainerService/register/action | Mendaftarkan langganan untuk Microsoft.HybridContainerService |
| Microsoft.HybridContainerService/kubernetesVersions/read | Mencantumkan versi kubernetes yang didukung dari lokasi kustom yang mendasar |
| Microsoft.HybridContainerService/kubernetesVersions/write | Menempatkan jenis sumber daya versi kubernetes |
| Microsoft.HybridContainerService/skus/read | Mencantumkan SKU VM yang didukung dari lokasi kustom yang mendasar |
| Microsoft.HybridContainerService/skus/write | Menempatkan jenis sumber daya SKU VM |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.AzureStackHCI/StorageContainers/Write | Membuat/Memperbarui sumber daya kontainer penyimpanan |
| Microsoft.AzureStackHCI/StorageContainers/Read | Mendapatkan/Mencantumkan sumber daya kontainer penyimpanan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Azure Resource Bridge Deployment Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7b1f81f9-4196-4058-8aae-762e593270df",
"name": "7b1f81f9-4196-4058-8aae-762e593270df",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleassignments/read",
"Microsoft.AzureStackHCI/Register/Action",
"Microsoft.ResourceConnector/register/action",
"Microsoft.ResourceConnector/appliances/read",
"Microsoft.ResourceConnector/appliances/write",
"Microsoft.ResourceConnector/appliances/delete",
"Microsoft.ResourceConnector/locations/operationresults/read",
"Microsoft.ResourceConnector/locations/operationsstatus/read",
"Microsoft.ResourceConnector/appliances/listClusterUserCredential/action",
"Microsoft.ResourceConnector/appliances/listKeys/action",
"Microsoft.ResourceConnector/appliances/upgradeGraphs/read",
"Microsoft.ResourceConnector/telemetryconfig/read",
"Microsoft.ResourceConnector/operations/read",
"Microsoft.ExtendedLocation/register/action",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.ExtendedLocation/customLocations/write",
"Microsoft.ExtendedLocation/customLocations/delete",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.Kubernetes/register/action",
"Microsoft.KubernetesConfiguration/register/action",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.KubernetesConfiguration/namespaces/read",
"Microsoft.KubernetesConfiguration/operations/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.HybridContainerService/register/action",
"Microsoft.HybridContainerService/kubernetesVersions/read",
"Microsoft.HybridContainerService/kubernetesVersions/write",
"Microsoft.HybridContainerService/skus/read",
"Microsoft.HybridContainerService/skus/write",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.AzureStackHCI/StorageContainers/Write",
"Microsoft.AzureStackHCI/StorageContainers/Read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Resource Bridge Deployment Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI Administrator
Memberikan akses penuh ke kluster dan sumber dayanya, termasuk kemampuan untuk mendaftarkan Azure Stack HCI dan menetapkan orang lain sebagai Kontributor VM Azure Arc HCI dan/atau Pembaca VM Azure Arc HCI
| Tindakan | Deskripsi |
|---|---|
| Microsoft.AzureStackHCI/register/action | Mendaftarkan langganan untuk penyedia sumber daya Azure Stack HCI dan memungkinkan pembuatan sumber daya Azure Stack HCI. |
| Microsoft.AzureStackHCI/Unregister/Action | Membatalkan pendaftaran langganan untuk penyedia sumber daya Azure Stack HCI. |
| Microsoft.AzureStackHCI/clusters/* | |
| Microsoft.HybridCompute/register/action | Mendaftarkan langganan untuk Penyedia Sumber Daya Microsoft.HybridCompute |
| Microsoft.GuestConfiguration/register/action | Mendaftarkan langganan untuk penyedia sumber Microsoft.GuestConfiguration. |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/baca | Mendapatkan penugasan konfigurasi tamu. |
| Microsoft.Resources/subscriptions/resourceGroups/write | Membuat atau memperbarui grup sumber daya. |
| Microsoft.Resources/subscriptions/resourceGroups/delete | Menghapus grup sumber daya dan semua sumber dayanya. |
| Microsoft.Hybrid Koneksi ivity/register/action | Mendaftarkan langganan untuk Microsoft.Hybrid Koneksi ivity |
| Microsoft.Authorization/roleAssignments/write | Membuat penetapan peran pada cakupan yang ditentukan. |
| Microsoft.Authorization/roleAssignments/delete | Menghapus penetapan peran pada cakupan yang ditentukan. |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Management/managementGroups/baca | Grup manajemen daftar untuk pengguna yang diautentikasi. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.AzureStackHCI/* | |
| Microsoft.Insights/AlertRules/Write | Membuat atau memperbarui pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Delete | Menghapus pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Read | Membaca pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Activated/Action | Pemberitahuan metrik klasik diaktifkan |
| Microsoft.Insights/AlertRules/Resolved/Action | Pemberitahuan metrik klasik diselesaikan |
| Microsoft.Insights/AlertRules/Throttled/Action | Aturan pemberitahuan metrik klasik dibatasi |
| Microsoft.Insights/AlertRules/Incidents/Read | Membaca insiden pemberitahuan metrik klasik |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/write | Membuat atau memperbarui penyebaran. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | Mendapatkan atau mencantumkan status operasi penyebaran. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.HybridCompute/mesin/baca | Membaca semua komputer Azure Arc |
| Microsoft.HybridCompute/mesin/tulis | Menulis mesin Azure Arc |
| Microsoft.HybridCompute/mesin/hapus | Menghapus komputer Azure Arc |
| Microsoft.HybridCompute/machines/UpgradeExtensions/action | Meningkatkan Ekstensi pada komputer Azure Arc |
| Microsoft.HybridCompute/machines/assessPatches/action | Menilai setiap komputer Azure Arc untuk mendapatkan pach perangkat lunak yang hilang |
| Microsoft.HybridCompute/machines/installPatches/action | Menginstal patch di semua komputer Azure Arc |
| Microsoft.HybridCompute/mesin/ekstensi/baca | Membaca ekstensi Azure Arc apa pun |
| Microsoft.HybridCompute/mesin/ekstensi/tulis | Menginstal atau Memperbarui ekstensi Azure Arc |
| Microsoft.HybridCompute/mesin/ekstensi/hapus | Menghapus ekstensi Azure Arc |
| Microsoft.HybridCompute/operations/read | Membaca semua Operasi Azure Arc untuk Server |
| Microsoft.HybridCompute/locations/operationresults/read | Membaca status operasi di Penyedia Sumber Daya Microsoft.HybridCompute |
| Microsoft.HybridCompute/locations/operationstatus/read | Membaca status operasi di Penyedia Sumber Daya Microsoft.HybridCompute |
| Microsoft.HybridCompute/machines/patchAssessmentResults/read | Membaca semua patchAssessmentResults Azure Arc |
| Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | Membaca semua Azure Arc patchAssessmentResults/softwarePatches |
| Microsoft.HybridCompute/machines/patchInstallationResults/read | Membaca patchInstallationResults Azure Arc apa pun |
| Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | Membaca patchInstallationResults/softwarePatches Azure Arc |
| Microsoft.HybridCompute/locations/updateCenterOperationResults/read | Membaca status operasi pusat pembaruan pada komputer |
| Microsoft.HybridCompute/machines/hybridIdentityMetadata/read | Membaca Metadata Identitas Hibrid komputer Azure Arc apa pun |
| Microsoft.HybridCompute/osType/agentVersions/read | Membaca semua versi Azure Koneksi ed Machine Agent yang tersedia |
| Microsoft.HybridCompute/osType/agentVersions/latest/read | Membaca versi Azure Koneksi Ed Machine Agent terbaru |
| Microsoft.HybridCompute/machines/runcommands/read | Membaca runcommands Azure Arc apa pun |
| Microsoft.HybridCompute/machines/runcommands/write | Menginstal atau Memperbarui runcommands Azure Arc |
| Microsoft.HybridCompute/machines/runcommands/delete | Menghapus runcommands Azure Arc |
| Microsoft.HybridCompute/machines/licenseProfiles/read | Membaca lisensi Azure ArcProfiles apa pun |
| Microsoft.HybridCompute/machines/licenseProfiles/write | Menginstal atau Memperbarui lisensi Azure ArcProfiles |
| Microsoft.HybridCompute/machines/licenseProfiles/delete | Menghapus lisensi Azure ArcProfiles |
| Microsoft.HybridCompute/licenses/read | Membaca lisensi Azure Arc apa pun |
| Microsoft.HybridCompute/licenses/write | Menginstal atau Memperbarui lisensi Azure Arc |
| Microsoft.HybridCompute/licenses/delete | Menghapus lisensi Azure Arc |
| Microsoft.Resource Koneksi or/register/action | Mendaftarkan langganan untuk penyedia sumber daya Appliances dan memungkinkan pembuatan Appliance. |
| Microsoft.Resource Koneksi or/appliances/read | Mendapatkan sumber daya Appliance |
| Microsoft.Resource Koneksi or/appliances/write | Membuat atau Memperbarui sumber daya Appliance |
| Microsoft.Resource Koneksi or/appliances/delete | Menghapus sumber daya Appliance |
| Microsoft.Resource Koneksi or/locations/operationresults/read | Dapatkan hasil operasi Appliance |
| Microsoft.Resource Koneksi or/locations/operationsstatus/read | Dapatkan hasil operasi Appliance |
| Microsoft.Resource Koneksi or/appliances/listClusterUserCredential/action | Mendapatkan kredensial pengguna kluster appliance |
| Microsoft.Resource Koneksi or/appliances/listKeys/action | Mendapatkan kunci pengguna pelanggan kluster appliance |
| Microsoft.Resource Koneksi or/operations/read | Mendapatkan daftar Operasi yang Tersedia untuk Appliance |
| Microsoft.ExtendedLocation/register/action | Mendaftarkan langganan untuk penyedia sumber daya Lokasi Kustom dan mengaktifkan pembuatan Lokasi Kustom. |
| Microsoft.ExtendedLocation/customLocations/read | Mendapatkan sumber daya Lokasi Kustom |
| Microsoft.ExtendedLocation/customLocations/deploy/action | Menyebarkan izin ke sumber daya Lokasi Kustom |
| Microsoft.ExtendedLocation/customLocations/write | Membuat atau Memperbarui sumber daya Lokasi Kustom |
| Microsoft.ExtendedLocation/customLocations/delete | Menghapus sumber daya Lokasi Kustom |
| Microsoft.EdgeMarketplace/offers/read | Dapatkan Penawaran |
| Microsoft.EdgeMarketplace/publishers/read | Mendapatkan Publisher |
| Microsoft.Kubernetes/register/action | Daftar Langganan dengan penyedia sumber daya Microsoft.Kubernetes |
| Microsoft.KubernetesConfiguration/register/action | Mendaftarkan langganan ke penyedia sumber daya Microsoft.KubernetesConfiguration. |
| Microsoft.KubernetesConfiguration/extensions/write | Membuat atau memperbarui ekstensi sumber daya. |
| Microsoft.KubernetesConfiguration/extensions/read | Mendapatkan sumber daya instans ekstensi. |
| Microsoft.KubernetesConfiguration/extensions/delete | Menghapus sumber daya instans ekstensi. |
| Microsoft.KubernetesConfiguration/extensions/operations/read | Membaca Status Operasi Async. |
| Microsoft.KubernetesConfiguration/namespaces/read | Dapatkan Sumber Daya Namespace |
| Microsoft.KubernetesConfiguration/operations/read | Mendapatkan operasi yang tersedia dari penyedia sumber daya Microsoft.KubernetesConfiguration. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.AzureStackHCI/StorageContainers/Write | Membuat/Memperbarui sumber daya kontainer penyimpanan |
| Microsoft.AzureStackHCI/StorageContainers/Read | Mendapatkan/Mencantumkan sumber daya kontainer penyimpanan |
| Microsoft.HybridContainerService/register/action | Mendaftarkan langganan untuk Microsoft.HybridContainerService |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada | |
| Kondisi | |
| ((! (ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6})) AND ((!( ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df, 4633458b-17de-408a-b874-0445c86b69e6})) | Tambahkan atau hapus penetapan peran untuk peran berikut: Azure Koneksi ed Machine Resource Manager Administrator Sumber Daya Komputer Yang Terhubung Azure Onboarding Mesin yang Tersambung Azure Pembaca VM Azure Stack HCI Kontributor VM Azure Stack HCI Peran Manajemen Perangkat Azure Stack HCI Peran Penyebaran Azure Resource Bridge Pengguna Rahasia Key Vault |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to the cluster and its resources, including the ability to register Azure Stack HCI and assign others as Azure Arc HCI VM Contributor and/or Azure Arc HCI VM Reader",
"id": "/providers/Microsoft.Authorization/roleDefinitions/bda0d508-adf1-4af0-9c28-88919fc3ae06",
"name": "bda0d508-adf1-4af0-9c28-88919fc3ae06",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/register/action",
"Microsoft.AzureStackHCI/Unregister/Action",
"Microsoft.AzureStackHCI/clusters/*",
"Microsoft.HybridCompute/register/action",
"Microsoft.GuestConfiguration/register/action",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourceGroups/delete",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Support/*",
"Microsoft.AzureStackHCI/*",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/assessPatches/action",
"Microsoft.HybridCompute/machines/installPatches/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/operations/read",
"Microsoft.HybridCompute/locations/operationresults/read",
"Microsoft.HybridCompute/locations/operationstatus/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
"Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
"Microsoft.HybridCompute/osType/agentVersions/read",
"Microsoft.HybridCompute/osType/agentVersions/latest/read",
"Microsoft.HybridCompute/machines/runcommands/read",
"Microsoft.HybridCompute/machines/runcommands/write",
"Microsoft.HybridCompute/machines/runcommands/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.ResourceConnector/register/action",
"Microsoft.ResourceConnector/appliances/read",
"Microsoft.ResourceConnector/appliances/write",
"Microsoft.ResourceConnector/appliances/delete",
"Microsoft.ResourceConnector/locations/operationresults/read",
"Microsoft.ResourceConnector/locations/operationsstatus/read",
"Microsoft.ResourceConnector/appliances/listClusterUserCredential/action",
"Microsoft.ResourceConnector/appliances/listKeys/action",
"Microsoft.ResourceConnector/operations/read",
"Microsoft.ExtendedLocation/register/action",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.ExtendedLocation/customLocations/write",
"Microsoft.ExtendedLocation/customLocations/delete",
"Microsoft.EdgeMarketplace/offers/read",
"Microsoft.EdgeMarketplace/publishers/read",
"Microsoft.Kubernetes/register/action",
"Microsoft.KubernetesConfiguration/register/action",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.KubernetesConfiguration/namespaces/read",
"Microsoft.KubernetesConfiguration/operations/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.AzureStackHCI/StorageContainers/Write",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.HybridContainerService/register/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"conditionVersion": "2.0",
"condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6}))"
}
],
"roleName": "Azure Stack HCI Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Manajemen Perangkat Azure Stack HCI
Peran Manajemen Perangkat Microsoft.AzureStackHCI
| Tindakan | Deskripsi |
|---|---|
| Microsoft.AzureStackHCI/Clusters/* | |
| Microsoft.AzureStackHCI/EdgeDevices/* | |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Microsoft.AzureStackHCI Device Management Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/865ae368-6a45-4bd1-8fbf-0d5151f56fc1",
"name": "865ae368-6a45-4bd1-8fbf-0d5151f56fc1",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/Clusters/*",
"Microsoft.AzureStackHCI/EdgeDevices/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI Device Management Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor VM Azure Stack HCI
Memberikan izin untuk melakukan semua tindakan VM
| Tindakan | Deskripsi |
|---|---|
| Microsoft.AzureStackHCI/VirtualMachines/* | |
| Microsoft.AzureStackHCI/virtualMachineInstances/* | |
| Microsoft.AzureStackHCI/NetworkInterfaces/* | |
| Microsoft.AzureStackHCI/VirtualHardDisks/* | |
| Microsoft.AzureStackHCI/VirtualNetworks/Read | Mendapatkan/Mencantumkan sumber daya jaringan virtual |
| Microsoft.AzureStackHCI/VirtualNetworks/join/action | Menggabungkan sumber daya jaringan virtual |
| Microsoft.AzureStackHCI/LogicalNetworks/Read | Mendapatkan/Mencantumkan sumber daya jaringan logis |
| Microsoft.AzureStackHCI/LogicalNetworks/join/action | Menggabungkan sumber daya jaringan logis |
| Microsoft.AzureStackHCI/GalleryImages/Read | Mendapatkan/Mencantumkan sumber daya gambar galeri |
| Microsoft.AzureStackHCI/GalleryImages/deploy/action | Menyebarkan sumber daya gambar galeri |
| Microsoft.AzureStackHCI/StorageContainers/Read | Mendapatkan/Mencantumkan sumber daya kontainer penyimpanan |
| Microsoft.AzureStackHCI/StorageContainers/deploy/action | Menyebarkan sumber daya kontainer penyimpanan |
| Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read | Mendapatkan/Mencantumkan sumber daya gambar galeri market place |
| Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action | Menyebarkan sumber daya gambar galeri market place |
| Microsoft.AzureStackHCI/Clusters/Read | Mendapatkan kluster |
| Microsoft.AzureStackHCI/Clusters/Arc Pengaturan/Read | Mendapatkan sumber daya busur kluster HCI |
| Microsoft.Insights/AlertRules/Write | Membuat atau memperbarui pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Delete | Menghapus pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Read | Membaca pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Activated/Action | Pemberitahuan metrik klasik diaktifkan |
| Microsoft.Insights/AlertRules/Resolved/Action | Pemberitahuan metrik klasik diselesaikan |
| Microsoft.Insights/AlertRules/Throttled/Action | Aturan pemberitahuan metrik klasik dibatasi |
| Microsoft.Insights/AlertRules/Incidents/Read | Membaca insiden pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/baca | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Resources/penyebaran/tulis | Membuat atau memperbarui penyebaran. |
| Microsoft.Resources/deployments/delete | Menghapus penyebaran. |
| Microsoft.Resources/deployments/cancel/action | Membatalkan penyebaran. |
| Microsoft.Resources/deployments/validate/action | Memvalidasi penyebaran. |
| Microsoft.Resources/deployments/whatIf/action | Memprediksi perubahan penyebaran templat. |
| Microsoft.Resources/deployments/exportTemplate/action | Mengekspor templat untuk penyebaran |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/deployments/operationstatuses/read | Mendapatkan atau mencantumkan status operasi penyebaran. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/write | Membuat atau memperbarui penyebaran. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | Mendapatkan atau mencantumkan status operasi penyebaran. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| Microsoft.HybridCompute/mesin/baca | Membaca semua komputer Azure Arc |
| Microsoft.HybridCompute/mesin/tulis | Menulis mesin Azure Arc |
| Microsoft.HybridCompute/mesin/hapus | Menghapus komputer Azure Arc |
| Microsoft.HybridCompute/machines/UpgradeExtensions/action | Meningkatkan Ekstensi pada komputer Azure Arc |
| Microsoft.HybridCompute/machines/assessPatches/action | Menilai setiap komputer Azure Arc untuk mendapatkan pach perangkat lunak yang hilang |
| Microsoft.HybridCompute/machines/installPatches/action | Menginstal patch di semua komputer Azure Arc |
| Microsoft.HybridCompute/mesin/ekstensi/baca | Membaca ekstensi Azure Arc apa pun |
| Microsoft.HybridCompute/mesin/ekstensi/tulis | Menginstal atau Memperbarui ekstensi Azure Arc |
| Microsoft.HybridCompute/mesin/ekstensi/hapus | Menghapus ekstensi Azure Arc |
| Microsoft.HybridCompute/operations/read | Membaca semua Operasi Azure Arc untuk Server |
| Microsoft.HybridCompute/locations/operationresults/read | Membaca status operasi di Penyedia Sumber Daya Microsoft.HybridCompute |
| Microsoft.HybridCompute/locations/operationstatus/read | Membaca status operasi di Penyedia Sumber Daya Microsoft.HybridCompute |
| Microsoft.HybridCompute/machines/patchAssessmentResults/read | Membaca semua patchAssessmentResults Azure Arc |
| Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | Membaca semua Azure Arc patchAssessmentResults/softwarePatches |
| Microsoft.HybridCompute/machines/patchInstallationResults/read | Membaca patchInstallationResults Azure Arc apa pun |
| Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | Membaca patchInstallationResults/softwarePatches Azure Arc |
| Microsoft.HybridCompute/locations/updateCenterOperationResults/read | Membaca status operasi pusat pembaruan pada komputer |
| Microsoft.HybridCompute/machines/hybridIdentityMetadata/read | Membaca Metadata Identitas Hibrid komputer Azure Arc apa pun |
| Microsoft.HybridCompute/osType/agentVersions/read | Membaca semua versi Azure Koneksi ed Machine Agent yang tersedia |
| Microsoft.HybridCompute/osType/agentVersions/latest/read | Membaca versi Azure Koneksi Ed Machine Agent terbaru |
| Microsoft.HybridCompute/machines/runcommands/read | Membaca runcommands Azure Arc apa pun |
| Microsoft.HybridCompute/machines/runcommands/write | Menginstal atau Memperbarui runcommands Azure Arc |
| Microsoft.HybridCompute/machines/runcommands/delete | Menghapus runcommands Azure Arc |
| Microsoft.HybridCompute/machines/licenseProfiles/read | Membaca lisensi Azure ArcProfiles apa pun |
| Microsoft.HybridCompute/machines/licenseProfiles/write | Menginstal atau Memperbarui lisensi Azure ArcProfiles |
| Microsoft.HybridCompute/machines/licenseProfiles/delete | Menghapus lisensi Azure ArcProfiles |
| Microsoft.HybridCompute/licenses/read | Membaca lisensi Azure Arc apa pun |
| Microsoft.HybridCompute/licenses/write | Menginstal atau Memperbarui lisensi Azure Arc |
| Microsoft.HybridCompute/licenses/delete | Menghapus lisensi Azure Arc |
| Microsoft.ExtendedLocation/customLocations/Read | Mendapatkan sumber daya Lokasi Kustom |
| Microsoft.ExtendedLocation/customLocations/deploy/action | Menyebarkan izin ke sumber daya Lokasi Kustom |
| Microsoft.KubernetesConfiguration/extensions/read | Mendapatkan sumber daya instans ekstensi. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Grants permissions to perform all VM actions",
"id": "/providers/Microsoft.Authorization/roleDefinitions/874d1c73-6003-4e60-a13a-cb31ea190a85",
"name": "874d1c73-6003-4e60-a13a-cb31ea190a85",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/VirtualMachines/*",
"Microsoft.AzureStackHCI/virtualMachineInstances/*",
"Microsoft.AzureStackHCI/NetworkInterfaces/*",
"Microsoft.AzureStackHCI/VirtualHardDisks/*",
"Microsoft.AzureStackHCI/VirtualNetworks/Read",
"Microsoft.AzureStackHCI/VirtualNetworks/join/action",
"Microsoft.AzureStackHCI/LogicalNetworks/Read",
"Microsoft.AzureStackHCI/LogicalNetworks/join/action",
"Microsoft.AzureStackHCI/GalleryImages/Read",
"Microsoft.AzureStackHCI/GalleryImages/deploy/action",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.AzureStackHCI/StorageContainers/deploy/action",
"Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",
"Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action",
"Microsoft.AzureStackHCI/Clusters/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/delete",
"Microsoft.Resources/deployments/cancel/action",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/whatIf/action",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/assessPatches/action",
"Microsoft.HybridCompute/machines/installPatches/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/operations/read",
"Microsoft.HybridCompute/locations/operationresults/read",
"Microsoft.HybridCompute/locations/operationstatus/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
"Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
"Microsoft.HybridCompute/osType/agentVersions/read",
"Microsoft.HybridCompute/osType/agentVersions/latest/read",
"Microsoft.HybridCompute/machines/runcommands/read",
"Microsoft.HybridCompute/machines/runcommands/write",
"Microsoft.HybridCompute/machines/runcommands/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.ExtendedLocation/customLocations/Read",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.KubernetesConfiguration/extensions/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI VM Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca VM Azure Stack HCI
Memberikan izin untuk melihat VM
| Tindakan | Deskripsi |
|---|---|
| Microsoft.AzureStackHCI/VirtualMachines/Read | Mendapatkan/Mencantumkan sumber daya komputer virtual |
| Microsoft.AzureStackHCI/virtualMachineInstances/Read | Mendapatkan/Mencantumkan sumber daya instans komputer virtual |
| Microsoft.AzureStackHCI/VirtualMachines/Extensions/Read | Mendapatkan/Mencantumkan sumber daya ekstensi komputer virtual |
| Microsoft.AzureStackHCI/VirtualNetworks/Read | Mendapatkan/Mencantumkan sumber daya jaringan virtual |
| Microsoft.AzureStackHCI/LogicalNetworks/Read | Mendapatkan/Mencantumkan sumber daya jaringan logis |
| Microsoft.AzureStackHCI/NetworkInterfaces/Read | Mendapatkan/Mencantumkan sumber daya antarmuka jaringan |
| Microsoft.AzureStackHCI/VirtualHardDisks/Read | Mendapatkan/Mencantumkan sumber daya hard disk virtual |
| Microsoft.AzureStackHCI/StorageContainers/Read | Mendapatkan/Mencantumkan sumber daya kontainer penyimpanan |
| Microsoft.AzureStackHCI/GalleryImages/Read | Mendapatkan/Mencantumkan sumber daya gambar galeri |
| Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read | Mendapatkan/Mencantumkan sumber daya gambar galeri market place |
| Microsoft.HybridCompute/licenses/read | Membaca lisensi Azure Arc apa pun |
| Microsoft.HybridCompute/mesin/ekstensi/baca | Membaca ekstensi Azure Arc apa pun |
| Microsoft.HybridCompute/machines/licenseProfiles/read | Membaca lisensi Azure ArcProfiles apa pun |
| Microsoft.HybridCompute/machines/patchAssessmentResults/read | Membaca semua patchAssessmentResults Azure Arc |
| Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | Membaca semua Azure Arc patchAssessmentResults/softwarePatches |
| Microsoft.HybridCompute/machines/patchInstallationResults/read | Membaca patchInstallationResults Azure Arc apa pun |
| Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | Membaca patchInstallationResults/softwarePatches Azure Arc |
| Microsoft.HybridCompute/mesin/baca | Membaca semua komputer Azure Arc |
| Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations/read | Membaca networkSecurityPerimeterConfigurations Azure Arc apa pun |
| Microsoft.HybridCompute/privateLinkScopes/privateEndpoint Koneksi ions/read | Membaca semua privateEndpointConnections Azure Arc |
| Microsoft.HybridCompute/privateLinkScopes/baca | Membaca semua privateLinkScopes Azure Arc |
| Microsoft.Insights/AlertRules/Write | Membuat atau memperbarui pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Delete | Menghapus pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Read | Membaca pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Activated/Action | Pemberitahuan metrik klasik diaktifkan |
| Microsoft.Insights/AlertRules/Resolved/Action | Pemberitahuan metrik klasik diselesaikan |
| Microsoft.Insights/AlertRules/Throttled/Action | Aturan pemberitahuan metrik klasik dibatasi |
| Microsoft.Insights/AlertRules/Incidents/Read | Membaca insiden pemberitahuan metrik klasik |
| Microsoft.Resources/penyebaran/baca | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Resources/deployments/exportTemplate/action | Mengekspor templat untuk penyebaran |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/deployments/operationstatuses/read | Mendapatkan atau mencantumkan status operasi penyebaran. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | Mendapatkan atau mencantumkan status operasi penyebaran. |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/langganan/hasiloperasi/baca | Dapatkan Hasil Operasi Langganan. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Grants permissions to view VMs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4b3fe76c-f777-4d24-a2d7-b027b0f7b273",
"name": "4b3fe76c-f777-4d24-a2d7-b027b0f7b273",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/VirtualMachines/Read",
"Microsoft.AzureStackHCI/virtualMachineInstances/Read",
"Microsoft.AzureStackHCI/VirtualMachines/Extensions/Read",
"Microsoft.AzureStackHCI/VirtualNetworks/Read",
"Microsoft.AzureStackHCI/LogicalNetworks/Read",
"Microsoft.AzureStackHCI/NetworkInterfaces/Read",
"Microsoft.AzureStackHCI/VirtualHardDisks/Read",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.AzureStackHCI/GalleryImages/Read",
"Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations/read",
"Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/read",
"Microsoft.HybridCompute/privateLinkScopes/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI VM Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pemilik Pendaftaran Azure Stack Hub
Memungkinkan Anda mengelola pendaftaran Azure Stack Hub.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.AzureStack/edgeSubscriptions/baca | |
| Microsoft.AzureStack/registrasi/produk/*/tindakan | |
| Microsoft.AzureStack/registrasi/produk/*/baca | Mendapatkan properti produk Azure Stack Marketplace |
| Microsoft.AzureStack/registrasi/baca | Mendapatkan properti pendaftaran Azure Stack |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Stack registrations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"permissions": [
{
"actions": [
"Microsoft.AzureStack/edgeSubscriptions/read",
"Microsoft.AzureStack/registrations/products/*/action",
"Microsoft.AzureStack/registrations/products/read",
"Microsoft.AzureStack/registrations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack Registration Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}