Peran bawaan Azure untuk Monitor
Artikel ini mencantumkan peran bawaan Azure dalam kategori Monitor.
Kontributor Komponen Application Insights
Dapat mengelola komponen Application Insights
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola aturan pemberitahuan klasik |
| Microsoft.Insights/generateLiveToken/baca | Metrik Langsung mendapatkan token |
| Microsoft.Insights/metricAlerts/* | Membuat atau mengelola aturan pemberitahuan |
| Microsoft.Insights/komponen/* | Membuat dan mengelola komponen Insight |
| Microsoft.Insights/scheduledqueryrules/* | |
| Microsoft.Insights/topologi/baca | Baca Topologi |
| Microsoft.Insights/transaksi/baca | Membaca Transaksi |
| Microsoft.Insights/webtests/* | Membuat dan mengelola uji web Insights |
| Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can manage Application Insights components",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e",
"name": "ae349356-3a1b-4a5e-921d-050484c6347e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/generateLiveToken/read",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.Insights/components/*",
"Microsoft.Insights/scheduledqueryrules/*",
"Microsoft.Insights/topology/read",
"Microsoft.Insights/transactions/read",
"Microsoft.Insights/webtests/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Application Insights Component Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Debugger Snapshot Application Insights
Memberikan izin kepada pengguna untuk melihat dan mengunduh snapshot debug yang dikumpulkan dengan Application Insights Snapshot Debugger. Perhatikan bahwa izin ini tidak disertakan dalam peran Pemilikatau Kontributor. Saat memberi pengguna peran Snapshot Debugger Application Insights, Anda harus memberikan peran langsung kepada pengguna. Peran tidak dikenali ketika ditambahkan ke peran kustom.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
| Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/komponen/*/baca | |
| Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Gives user permission to use Application Insights Snapshot Debugger features",
"id": "/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b",
"name": "08954f03-6346-4c2e-81c0-ec3a5cfae23b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/components/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Application Insights Snapshot Debugger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Grafana Admin
Lakukan semua operasi Grafana, termasuk kemampuan untuk mengelola sumber data, membuat dasbor, dan mengelola penetapan peran dalam Grafana.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Dashboard/grafana/ActAsGrafanaAdmin/action | Bertindak sebagai peran Admin Grafana |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Built-in Grafana admin role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/22926164-76b3-42b3-bc55-97df8dab3e41",
"name": "22926164-76b3-42b3-bc55-97df8dab3e41",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Dashboard/grafana/ActAsGrafanaAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Grafana Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Grafana Editor
Lihat dan edit instans Grafana, termasuk dasbor dan pemberitahuannya.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action | Bertindak sebagai peran Editor Grafana |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Built-in Grafana Editor role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a79a5197-3a5c-4973-a920-486035ffd60f",
"name": "a79a5197-3a5c-4973-a920-486035ffd60f",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action"
],
"notDataActions": []
}
],
"roleName": "Grafana Editor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penampil Grafana
Lihat instans Grafana, termasuk dasbor dan pemberitahuannya.
| Tindakan | Deskripsi |
|---|---|
| Tidak ada | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action | Bertindak sebagai peran Penampil Grafana |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Built-in Grafana Viewer role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/60921a7e-fef1-4a43-9b16-a26c52ad4769",
"name": "60921a7e-fef1-4a43-9b16-a26c52ad4769",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action"
],
"notDataActions": []
}
],
"roleName": "Grafana Viewer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Pemantauan
Dapat membaca semua data pemantauan dan memperbarui pengaturan pemantauan. Untuk informasi selengkapnya, lihat Mulai menggunakan peran, izin, dan keamanan dengan Azure Monitor.
| Tindakan | Deskripsi |
|---|---|
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| Microsoft.AlertsMeneman/pemberitahuan/* | |
| Microsoft.AlertsMenemanase/alertsSummary/* | |
| Microsoft.Insights/actiongroups/* | |
| Microsoft.Insights/activityLogAlerts/* | |
| Microsoft.Insights/AlertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
| Microsoft.Insights/komponen/* | Membuat dan mengelola komponen Insight |
| Microsoft.Insights/createNotifications/* | |
| Microsoft.Insights/dataCollectionEndpoints/* | |
| Microsoft.Insights/dataCollectionRules/* | |
| Microsoft.Insights/dataCollectionRuleAssociations/* | |
| Microsoft.Insights/DiagnosticSettings/* | Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis |
| Microsoft.Insights/eventtypes/* | Cantumkan peristiwa Log Aktivitas (peristiwa manajemen) dalam langganan. Izin ini berlaku untuk akses terprogram dan portal ke Log Aktivitas. |
| Microsoft.Insights/LogDefinitions/* | Izin ini diperlukan bagi pengguna yang memerlukan akses ke Log Aktivitas melalui portal. Mencantumkan kategori log di Log Aktivitas. |
| Microsoft.Insights/metricalerts/* | |
| Microsoft.Insights/MetricDefinitions/* | Membaca definisi metrik (daftar tipe metrik yang tersedia untuk sumber daya). |
| Microsoft.Insights/Metrik/* | Membaca metrik untuk sumber daya. |
| Microsoft.Insights/notificationStatus/* | |
| Microsoft.Insights/Daftar/Tindakan | Mendaftarkan penyedia Wawasan Microsoft |
| Microsoft.Insights/scheduledqueryrules/* | |
| Microsoft.Insights/webtests/* | Membuat dan mengelola uji web Insights |
| Microsoft.Insights/buku kerja/* | |
| Microsoft.Insights/workbooktemplates/* | |
| Microsoft.Insights/privateLinkScopes/* | |
| Microsoft.Insights/privateLinkScopeOperationStatuses/* | |
| Microsoft.OperationalInsights/ruang kerja/tulis | Membuat ruang kerja baru atau menautkan ke ruang kerja yang ada dengan memberikan ID pelanggan dari ruang kerja yang ada. |
| Microsoft.OperationalInsights/ruang kerja/intelligencepacks/* | Baca/tulis/hapus paket solusi analitik log. |
| Microsoft.OperationalInsights/ruang kerja/savedSearches/* | Baca/tulis/hapus pencarian yang disimpan analitik log. |
| Microsoft.OperationalInsights/ruang kerja/pencarian/tindakan | Menjalankan kueri pencarian |
| Microsoft.OperationalInsights/ruang kerja/sharedKeys/tindakan | Mengambil kunci bersama untuk ruang kerja. Kunci ini digunakan untuk menghubungkan agen Microsoft Operational Insights ke ruang kerja. |
| Microsoft.OperationalInsights/ruang kerja/storageinsightconfigs/* | Baca/tulis/hapus konfigurasi wawasan penyimpanan analitik log. |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.AlertsMenemanagement/smartDetectorAlertRules/* | |
| Microsoft.AlertsMeneman/actionRules/* | |
| Microsoft.AlertsManagement/smartGroups/* | |
| Microsoft.AlertsManagement/migrateFromSmartDetection/* | |
| Microsoft.AlertsManagement/investigations/* | |
| Microsoft.Monitor/investigations/* | |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can read all monitoring data and update monitoring settings.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"name": "749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.AlertsManagement/alerts/*",
"Microsoft.AlertsManagement/alertsSummary/*",
"Microsoft.Insights/actiongroups/*",
"Microsoft.Insights/activityLogAlerts/*",
"Microsoft.Insights/AlertRules/*",
"Microsoft.Insights/components/*",
"Microsoft.Insights/createNotifications/*",
"Microsoft.Insights/dataCollectionEndpoints/*",
"Microsoft.Insights/dataCollectionRules/*",
"Microsoft.Insights/dataCollectionRuleAssociations/*",
"Microsoft.Insights/DiagnosticSettings/*",
"Microsoft.Insights/eventtypes/*",
"Microsoft.Insights/LogDefinitions/*",
"Microsoft.Insights/metricalerts/*",
"Microsoft.Insights/MetricDefinitions/*",
"Microsoft.Insights/Metrics/*",
"Microsoft.Insights/notificationStatus/*",
"Microsoft.Insights/Register/Action",
"Microsoft.Insights/scheduledqueryrules/*",
"Microsoft.Insights/webtests/*",
"Microsoft.Insights/workbooks/*",
"Microsoft.Insights/workbooktemplates/*",
"Microsoft.Insights/privateLinkScopes/*",
"Microsoft.Insights/privateLinkScopeOperationStatuses/*",
"Microsoft.OperationalInsights/workspaces/write",
"Microsoft.OperationalInsights/workspaces/intelligencepacks/*",
"Microsoft.OperationalInsights/workspaces/savedSearches/*",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.OperationalInsights/workspaces/sharedKeys/action",
"Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*",
"Microsoft.Support/*",
"Microsoft.AlertsManagement/smartDetectorAlertRules/*",
"Microsoft.AlertsManagement/actionRules/*",
"Microsoft.AlertsManagement/smartGroups/*",
"Microsoft.AlertsManagement/migrateFromSmartDetection/*",
"Microsoft.AlertsManagement/investigations/*",
"Microsoft.Monitor/investigations/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Monitoring Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Memantau peran Penerbit Metrik
Mengaktifkan penerbitan metrik terhadap sumber daya Azure
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Insights/Daftar/Tindakan | Mendaftarkan penyedia Wawasan Microsoft |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Microsoft.Insights/Metrik/Tulis | Menulis metrik |
| Microsoft.Insights/Telemetri/Tulis | Tulis telemetri |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Enables publishing metrics against Azure resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb",
"name": "3913510d-42f4-4e42-8a64-420c390055eb",
"permissions": [
{
"actions": [
"Microsoft.Insights/Register/Action",
"Microsoft.Support/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Insights/Metrics/Write",
"Microsoft.Insights/Telemetry/Write"
],
"notDataActions": []
}
],
"roleName": "Monitoring Metrics Publisher",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Pemantauan
Dapat membaca semua data pemantauan (metrik, log, dll.). Untuk informasi selengkapnya, lihat Mulai menggunakan peran, izin, dan keamanan dengan Azure Monitor.
| Tindakan | Deskripsi |
|---|---|
| */read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
| Microsoft.OperationalInsights/ruang kerja/pencarian/tindakan | Menjalankan kueri pencarian |
| Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can read all monitoring data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05",
"name": "43d0d8ad-25c7-4714-9337-8ba259a9fe05",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Monitoring Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Buku Kerja
Dapat menyimpan buku kerja bersama.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Insights/buku kerja/tulis | Buat atau perbarui buku kerja |
| Microsoft.Insights/buku kerja/hapus | Menghapus buku kerja |
| Microsoft.Insights/buku kerja/baca | Membaca buku kerja |
| Microsoft.Insights/workbooks/revisis/read | Mendapatkan revisi buku kerja |
| Microsoft.Insights/workbooktemplates/write | Membuat atau memperbarui templat buku kerja |
| Microsoft.Insights/workbooktemplates/delete | Menghapus templat buku kerja |
| Microsoft.Insights/workbooktemplates/read | Membaca templat buku kerja |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can save shared workbooks.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad",
"name": "e8ddcd69-c73f-4f9f-9844-4100522f16ad",
"permissions": [
{
"actions": [
"Microsoft.Insights/workbooks/write",
"Microsoft.Insights/workbooks/delete",
"Microsoft.Insights/workbooks/read",
"Microsoft.Insights/workbooks/revisions/read",
"Microsoft.Insights/workbooktemplates/write",
"Microsoft.Insights/workbooktemplates/delete",
"Microsoft.Insights/workbooktemplates/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Workbook Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Buku Kerja
Dapat membaca buku kerja.
| Tindakan | Deskripsi |
|---|---|
| Microsoft.Insights/buku kerja/baca | Membaca buku kerja |
| microsoft.insights/workbooks/revisis/read | Mendapatkan revisi buku kerja |
| microsoft.insights/workbooktemplates/read | Membaca templat buku kerja |
| NotActions | |
| Tidak ada | |
| DataActions | |
| Tidak ada | |
| NotDataActions | |
| Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can read workbooks.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d",
"name": "b279062a-9be3-42a0-92ae-8b3cf002ec4d",
"permissions": [
{
"actions": [
"microsoft.insights/workbooks/read",
"microsoft.insights/workbooks/revisions/read",
"microsoft.insights/workbooktemplates/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Workbook Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}