Peran bawaan Azure untuk Identitas
Artikel ini mencantumkan peran bawaan Azure dalam kategori Identitas.
Kontributor Layanan Domain
Dapat mengelola Azure AD Domain Services dan konfigurasi jaringan terkait
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/penyebaran/baca | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Resources/penyebaran/tulis | Membuat atau memperbarui penyebaran. |
| Microsoft.Resources/deployments/delete | Menghapus penyebaran. |
| Microsoft.Resources/deployments/cancel/action | Membatalkan penyebaran. |
| Microsoft.Resources/deployments/validate/action | Memvalidasi penyebaran. |
| Microsoft.Resources/deployments/whatIf/action | Memprediksi perubahan penyebaran templat. |
| Microsoft.Resources/deployments/exportTemplate/action | Mengekspor templat untuk penyebaran |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/deployments/operationstatuses/read | Mendapatkan atau mencantumkan status operasi penyebaran. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Insights/AlertRules/Write | Membuat atau memperbarui pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Delete | Menghapus pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Read | Membaca pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Activated/Action | Pemberitahuan metrik klasik diaktifkan |
| Microsoft.Insights/AlertRules/Resolved/Action | Pemberitahuan metrik klasik diselesaikan |
| Microsoft.Insights/AlertRules/Throttled/Action | Aturan pemberitahuan metrik klasik dibatasi |
| Microsoft.Insights/AlertRules/Incidents/Read | Membaca insiden pemberitahuan metrik klasik |
| Microsoft.Insights/Logs/Read | Membaca data dari semua log Anda |
| Microsoft.Insights/Metrics/Read | Membaca metrik |
| Microsoft.Insights/DiagnosticSettings/* | Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis |
| Microsoft.Insights/Diagnostic Pengaturan Categories/Read | Membaca kategori pengaturan diagnostik |
| Microsoft.AAD/register/action | Mendaftarkan Layanan Domain |
| Microsoft.AAD/unregister/action | Membatalkan pendaftaran Layanan Domain |
| Microsoft.AAD/domainServices/* | |
| Microsoft.Network/register/action | Mendaftarkan langganan |
| Microsoft.Network/unregister/action | Membatalkan pendaftaran langganan |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/virtualNetworks/write | Membuat jaringan virtual atau memperbarui jaringan virtual yang ada |
| Microsoft.Network/virtualNetworks/delete | Menghapus jaringan virtual |
| Microsoft.Network/virtualNetworks/peer/action | Sandingkan jaringan virtual dengan jaringan virtual lain |
| Microsoft.Network/virtualNetworks/gabung/tindakan | Bergabung dengan jaringan virtual. Tidak bisa diperingatkan. |
| Microsoft.Network/virtualNetworks/subnets/baca | Mendapatkan definisi subnet jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/write | Membuat subnet jaringan virtual atau memperbarui subnet jaringan virtual yang ada |
| Microsoft.Network/virtualNetworks/subnets/delete | Menghapus subnet jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/gabung/tindakan | Bergabung dengan jaringan virtual. Tidak bisa diperingatkan. |
| Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read | Mendapat definisi peering jaringan virtual |
| Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write | Membuat peering jaringan virtual atau memperbarui peering jaringan virtual yang ada |
| Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete | Menghapus peering jaringan virtual |
| Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnostic Pengaturan/read | Dapatkan pengaturan diagnostik Microsoft Azure Virtual Network |
| Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read | Mendapatkan metrik yang tersedia untuk PingMesh |
| Microsoft.Network/azureFirewalls/read | Mendapatkan Azure Firewall |
| Microsoft.Network/ddosProtectionPlans/read | Mendapatkan Paket Azure DDoS Protection |
| Microsoft.Network/ddosProtectionPlans/join/action | Menggabungkan Paket Azure DDoS Protection. Tidak dapat diberi tahu. |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/loadBalancers/delete | Menghapus penyeimbang beban |
| Microsoft.Network/loadBalancers/*/read | |
| Microsoft.Network/loadBalancers/backendAddressPools/gabung/tindakan | Menggabungkan kumpulan alamat ujung belakang penyeimbang muatan. Tidak bisa diperingatkan. |
| Microsoft.Network/loadBalancers/inboundNatRules/gabung/tindakan | Bergabung dengan kumpulan NAT masuk penyeimbang muatan. Tidak bisa diperingatkan. |
| Microsoft.Network/natGateways/join/action | Menggabungkan NAT Gateway |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Network/networkInterfaces/tulis | Membuat antarmuka jaringan atau memperbarui antarmuka jaringan yang ada. |
| Microsoft.Network/networkInterfaces/delete | Menghapus antarmuka jaringan |
| Microsoft.Network/networkInterfaces/gabung/tindakan | Melampirkan antarmuka jaringan ke komputer virtual. Tidak bisa diperingatkan. |
| Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read | Mendapatkan definisi aturan keamanan default |
| Microsoft.Network/networkSecurityGroups/baca | Mendapatkan definisi kelompok keamanan jaringan |
| Microsoft.Network/networkSecurityGroups/write | Membuat kelompok keamanan jaringan atau memperbarui kelompok keamanan jaringan yang ada |
| Microsoft.Network/networkSecurityGroups/delete | Menghapus kelompok keamanan jaringan |
| Microsoft.Network/networkSecurityGroups/gabung/tindakan | Menggabungkan kelompok keamanan jaringan. Tidak bisa diperingatkan. |
| Microsoft.Network/networkSecurityGroups/securityRules/read | Mendapatkan definisi aturan keamanan |
| Microsoft.Network/networkSecurityGroups/securityRules/write | Membuat aturan keamanan atau memperbarui aturan keamanan yang sudah ada |
| Microsoft.Network/networkSecurityGroups/securityRules/delete | Menghapus aturan keamanan |
| Microsoft.Network/routeTables/read | Mendapat definisi tabel rute |
| Microsoft.Network/routeTables/write | Membuat tabel rute atau Memperbarui tabel rute yang ada |
| Microsoft.Network/routeTables/delete | Menghapus definisi tabel rute |
| Microsoft.Network/routeTables/join/action | Menggabungkan tabel rute. Tidak bisa diperingatkan. |
| Microsoft.Network/routeTables/routes/read | Mendapat definisi rute |
| Microsoft.Network/routeTables/routes/write | Membuat rute atau Memperbarui rute yang ada |
| Microsoft.Network/routeTables/routes/delete | Menghapus definisi rute |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can manage Azure AD Domain Services and related network configurations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/eeaeda52-9324-47f6-8069-5d5bade478b2",
"name": "eeaeda52-9324-47f6-8069-5d5bade478b2",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/delete",
"Microsoft.Resources/deployments/cancel/action",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/whatIf/action",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Insights/Logs/Read",
"Microsoft.Insights/Metrics/Read",
"Microsoft.Insights/DiagnosticSettings/*",
"Microsoft.Insights/DiagnosticSettingsCategories/Read",
"Microsoft.AAD/register/action",
"Microsoft.AAD/unregister/action",
"Microsoft.AAD/domainServices/*",
"Microsoft.Network/register/action",
"Microsoft.Network/unregister/action",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/write",
"Microsoft.Network/virtualNetworks/delete",
"Microsoft.Network/virtualNetworks/peer/action",
"Microsoft.Network/virtualNetworks/join/action",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/write",
"Microsoft.Network/virtualNetworks/subnets/delete",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete",
"Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read",
"Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/azureFirewalls/read",
"Microsoft.Network/ddosProtectionPlans/read",
"Microsoft.Network/ddosProtectionPlans/join/action",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/loadBalancers/delete",
"Microsoft.Network/loadBalancers/*/read",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/natGateways/join/action",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/networkInterfaces/delete",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/write",
"Microsoft.Network/networkSecurityGroups/delete",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/securityRules/read",
"Microsoft.Network/networkSecurityGroups/securityRules/write",
"Microsoft.Network/networkSecurityGroups/securityRules/delete",
"Microsoft.Network/routeTables/read",
"Microsoft.Network/routeTables/write",
"Microsoft.Network/routeTables/delete",
"Microsoft.Network/routeTables/join/action",
"Microsoft.Network/routeTables/routes/read",
"Microsoft.Network/routeTables/routes/write",
"Microsoft.Network/routeTables/routes/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Domain Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Layanan Domain
Dapat melihat Azure AD Domain Services dan konfigurasi jaringan terkait
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Resources/penyebaran/baca | Mendapatkan atau mencantumkan penyebaran. |
| Microsoft.Resources/penyebaran/operasi/baca | Mendapatkan atau mencantumkan operasi penyebaran. |
| Microsoft.Resources/deployments/operationstatuses/read | Mendapatkan atau mencantumkan status operasi penyebaran. |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Insights/AlertRules/Read | Membaca pemberitahuan metrik klasik |
| Microsoft.Insights/AlertRules/Incidents/Read | Membaca insiden pemberitahuan metrik klasik |
| Microsoft.Insights/Logs/Read | Membaca data dari semua log Anda |
| Microsoft.Insights/Metrics/baca | Membaca metrik |
| Microsoft.Insights/Diagnostic Pengaturan/read | Membaca pengaturan diagnostik sumber daya |
| Microsoft.Insights/Diagnostic Pengaturan Categories/Read | Membaca kategori pengaturan diagnostik |
| Microsoft.AAD/domainLayanan/*/baca | |
| Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
| Microsoft.Network/virtualNetworks/subnets/baca | Mendapatkan definisi subnet jaringan virtual |
| Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read | Mendapat definisi peering jaringan virtual |
| Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnostic Pengaturan/read | Dapatkan pengaturan diagnostik Microsoft Azure Virtual Network |
| Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read | Mendapatkan metrik yang tersedia untuk PingMesh |
| Microsoft.Network/azureFirewalls/read | Mendapatkan Azure Firewall |
| Microsoft.Network/ddosProtectionPlans/read | Mendapatkan Paket Azure DDoS Protection |
| Microsoft.Network/loadBalancers/baca | Mendapatkan definisi penyeimbang muatan |
| Microsoft.Network/loadBalancers/*/read | |
| Microsoft.Network/natGateways/read | Mendapatkan Definisi Nat Gateway |
| Microsoft.Network/networkInterfaces/baca | Mendapatkan definisi antarmuka jaringan. |
| Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read | Mendapatkan definisi aturan keamanan default |
| Microsoft.Network/networkSecurityGroups/baca | Mendapatkan definisi kelompok keamanan jaringan |
| Microsoft.Network/networkSecurityGroups/securityRules/read | Mendapatkan definisi aturan keamanan |
| Microsoft.Network/routeTables/read | Mendapat definisi tabel rute |
| Microsoft.Network/routeTables/routes/read | Mendapat definisi rute |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can view Azure AD Domain Services and related network configurations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/361898ef-9ed1-48c2-849c-a832951106bb",
"name": "361898ef-9ed1-48c2-849c-a832951106bb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Insights/Logs/Read",
"Microsoft.Insights/Metrics/read",
"Microsoft.Insights/DiagnosticSettings/read",
"Microsoft.Insights/DiagnosticSettingsCategories/Read",
"Microsoft.AAD/domainServices/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
"Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read",
"Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/azureFirewalls/read",
"Microsoft.Network/ddosProtectionPlans/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/loadBalancers/*/read",
"Microsoft.Network/natGateways/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/networkSecurityGroups/securityRules/read",
"Microsoft.Network/routeTables/read",
"Microsoft.Network/routeTables/routes/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Domain Services Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Identitas Terkelola
Membuat, Membaca, Memperbarui, dan Menghapus Identitas yang Ditetapkan Pengguna
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ManagedIdentity/userAssignedIdentities/baca | Mendapatkan identitas yang ditetapkan pengguna yang ada |
| Microsoft.ManagedIdentity/userAssignedIdentities/tulis | Membuat identitas yang ditetapkan pengguna baru atau memperbarui tag yang terkait dengan identitas yang ditetapkan pengguna yang ada |
| Microsoft.ManagedIdentity/userAssignedIdentities/hapus | Menghapus identitas pengguna yang ditetapkan pengguna yang sudah ada |
| Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/read | Mendapatkan atau mencantumkan Kredensial Identitas Federasi |
| Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/write | Menambahkan atau memperbarui Kredensial Identitas Federasi |
| Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/delete | Menghapus Kredensial Identitas Federasi |
| Microsoft.ManagedIdentity/userAssignedIdentities/revokeTokens/action | Mencabut semua token yang ada pada identitas yang ditetapkan pengguna |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Create, Read, Update, and Delete User Assigned Identity",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
"name": "e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
"permissions": [
{
"actions": [
"Microsoft.ManagedIdentity/userAssignedIdentities/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/write",
"Microsoft.ManagedIdentity/userAssignedIdentities/delete",
"Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/write",
"Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/delete",
"Microsoft.ManagedIdentity/userAssignedIdentities/revokeTokens/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Identity Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Identitas Terkelola
Membaca dan Menetapkan Identitas yang Ditetapkan Pengguna
| Tindakan | Deskripsi |
|---|---|
| Microsoft.ManagedIdentity/userAssignedIdentities/baca | |
| Microsoft.ManagedIdentity/userAssignedIdentities/tindakan | |
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read and Assign User Assigned Identity",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830",
"name": "f1a07417-d97a-45cb-824c-7a7467783830",
"permissions": [
{
"actions": [
"Microsoft.ManagedIdentity/userAssignedIdentities/*/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Identity Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}