Inbyggda Azure-roller för Storage
I den här artikeln visas de inbyggda Azure-rollerna i kategorin Lagring.
Avere-deltagare
Kan skapa och hantera ett Avere vFXT-kluster.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Compute/*/read | |
| Microsoft.Compute/availabilitySets/* | |
| Microsoft.Compute/proximityPlacementGroups/* | |
| Microsoft.Compute/virtualMachines/* | |
| Microsoft.Compute/diskar/* | |
| Microsoft.Network/*/read | |
| Microsoft.Network/networkInterfaces/* | |
| Microsoft.Network/virtualNetworks/read | Hämta definitionen för virtuellt nätverk |
| Microsoft.Network/virtualNetworks/subnets/read | Hämtar en undernätsdefinition för virtuellt nätverk |
| Microsoft.Network/virtualNetworks/subnets/join/action | Ansluter till ett virtuellt nätverk. Inte aviseringsbar. |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | Kopplar resurser som lagringskonto eller SQL-databas till ett undernät. Inte aviseringsbar. |
| Microsoft.Network/networkSecurityGroups/join/action | Ansluter till en nätverkssäkerhetsgrupp. Inte aviseringsbar. |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Insights/alertRules/* | Skapa och hantera en klassisk måttavisering |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Storage/*/read | |
| Microsoft.Storage/storageAccounts/* | Skapa och hantera lagringskonton |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| Microsoft.Resources/subscriptions/resourceGroups/resources/read | Hämtar resurserna för resursgruppen. |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete | Returnerar resultatet av att ta bort en blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read | Returnerar en blob eller en lista över blobar |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write | Returnerar resultatet av att skriva en blob |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Can create and manage an Avere vFXT cluster.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/proximityPlacementGroups/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/disks/*",
"Microsoft.Network/*/read",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/*/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*",
"Microsoft.Resources/subscriptions/resourceGroups/resources/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Avere-operator
Används av Avere vFXT-klustret för att hantera klustret
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Compute/virtualMachines/read | Hämta egenskaperna för en virtuell dator |
| Microsoft.Network/networkInterfaces/read | Hämtar en nätverksgränssnittsdefinition. |
| Microsoft.Network/networkInterfaces/write | Skapar ett nätverksgränssnitt eller uppdaterar ett befintligt nätverksgränssnitt. |
| Microsoft.Network/virtualNetworks/read | Hämta definitionen för virtuellt nätverk |
| Microsoft.Network/virtualNetworks/subnets/read | Hämtar en undernätsdefinition för virtuellt nätverk |
| Microsoft.Network/virtualNetworks/subnets/join/action | Ansluter till ett virtuellt nätverk. Inte aviseringsbar. |
| Microsoft.Network/networkSecurityGroups/join/action | Ansluter till en nätverkssäkerhetsgrupp. Inte aviseringsbar. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Storage/storageAccounts/blobServices/containers/delete | Returnerar resultatet av att ta bort en container |
| Microsoft.Storage/storageAccounts/blobServices/containers/read | Returnerar lista över containrar |
| Microsoft.Storage/storageAccounts/blobServices/containers/write | Returnerar resultatet av placera blobcontainer |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete | Returnerar resultatet av att ta bort en blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read | Returnerar en blob eller en lista över blobar |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write | Returnerar resultatet av att skriva en blob |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Used by the Avere vFXT cluster to manage the cluster",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"permissions": [
{
"actions": [
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Säkerhetskopieringsdeltagare
Låter dig hantera säkerhetskopieringstjänsten, men kan inte skapa valv och ge åtkomst till andra
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Network/virtualNetworks/read | Hämta definitionen för virtuellt nätverk |
| Microsoft.RecoveryServices/locations/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* | Hantera resultat av åtgärden vid säkerhetskopieringshantering |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* | Skapa och hantera säkerhetskopieringscontainrar i säkerhetskopieringsinfrastrukturer i Recovery Services-valvet |
| Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action | Uppdaterar containerlistan |
| Microsoft.RecoveryServices/Vaults/backupJobs/* | Skapa och hantera säkerhetskopieringsjobb |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/action | Exportera jobb |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/* | Skapa och hantera resultat av säkerhetskopieringshanteringsåtgärder |
| Microsoft.RecoveryServices/Vaults/backupPolicies/* | Skapa och hantera säkerhetskopieringsprinciper |
| Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | Skapa och hantera objekt som kan säkerhetskopieras |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/* | Skapa och hantera säkerhetskopierade objekt |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* | Skapa och hantera containrar med säkerhetskopieringsobjekt |
| Microsoft.RecoveryServices/Vaults/backupSecurityPIN/* | |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read | Returnerar sammanfattningar för skyddade objekt och skyddade servrar för en Recovery Services . |
| Microsoft.RecoveryServices/Vaults/certificates/* | Skapa och hantera certifikat som rör säkerhetskopiering i Recovery Services-valv |
| Microsoft.RecoveryServices/Vaults/extendedInformation/* | Skapa och hantera utökad information om valv |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/read | Hämtar aviseringarna för Recovery Services-valvet. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/read | Åtgärden Get Vault hämtar ett objekt som representerar Azure-resursen av typen "valv" |
| Microsoft.RecoveryServices/Vaults/registeredIdentiteter/* | Skapa och hantera registrerade identiteter |
| Microsoft.RecoveryServices/Vaults/usages/* | Skapa och hantera användning av Recovery Services-valv |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Storage/storageAccounts/read | Returnerar listan över lagringskonton eller hämtar egenskaperna för det angivna lagringskontot. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupValidateOperation/action | Verifiera åtgärden för skyddat objekt |
| Microsoft.RecoveryServices/Vaults/write | Åtgärden Skapa valv skapar en Azure-resurs av typen "valv" |
| Microsoft.RecoveryServices/Vaults/backupOperations/read | Returnerar status för säkerhetskopieringsåtgärd för Recovery Services-valv. |
| Microsoft.RecoveryServices/Vaults/backupEngines/read | Returnerar alla servrar för säkerhetskopieringshantering som registrerats med valvet. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read | Hämta alla skyddsbara containrar |
| Microsoft.RecoveryServices/vaults/operationStatus/read | Hämtar åtgärdsstatus för en viss åtgärd |
| Microsoft.RecoveryServices/vaults/operationResults/read | Åtgärden Hämta åtgärdsresultat kan användas för att hämta åtgärdsstatus och resultat för den asynkront skickade åtgärden |
| Microsoft.RecoveryServices/locations/backupStatus/action | Kontrollera säkerhetskopieringsstatus för Recovery Services-valv |
| Microsoft.RecoveryServices/locations/backupPreValidateProtection/action | |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/action | Verifiera funktioner |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/write | Löser aviseringen. |
| Microsoft.RecoveryServices/operations/read | Åtgärden returnerar listan över åtgärder för en resursprovider |
| Microsoft.RecoveryServices/locations/operationStatus/read | Hämtar åtgärdsstatus för en viss åtgärd |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read | Visa en lista över alla avsikter för säkerhetskopieringsskydd |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| Microsoft.DataProtection/locations/getBackupStatus/action | Kontrollera säkerhetskopieringsstatus för Recovery Services-valv |
| Microsoft.DataProtection/backupVaults/backupInstances/write | Skapar en säkerhetskopieringsinstans |
| Microsoft.DataProtection/backupVaults/backupInstances/delete | Tar bort säkerhetskopieringsinstansen |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Returnerar alla säkerhetskopieringsinstanser |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Returnerar alla säkerhetskopieringsinstanser |
| Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | Visa en lista över mjuk borttagna säkerhetskopieringsinstanser i ett säkerhetskopieringsvalv. |
| Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action | Utför oborttagning av mjuk borttagen säkerhetskopieringsinstans. Säkerhetskopieringsinstansen flyttas från SoftDeleted till ProtectionS toppat tillstånd. |
| Microsoft.DataProtection/backupVaults/backupInstances/backup/action | Utför säkerhetskopiering på säkerhetskopieringsinstansen |
| Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action | Validerar för återställning av säkerhetskopieringsinstansen |
| Microsoft.DataProtection/backupVaults/backupInstances/restore/action | Utlösare återställs på säkerhetskopieringsinstansen |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action | Utlöser återställning mellan regioner på den angivna säkerhetskopieringsinstansen. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action | Utför valideringar för återställning mellan regioner. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | Visa en lista över återställningsjobb mellan regioner för säkerhetskopieringsinstansen från den sekundära regionen. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Hämta jobbinformation för återställning mellan regioner från den sekundära regionen. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Returnerar återställningspunkter från den sekundära regionen för återställning mellan regioner aktiverat Backup Vaults. |
| Microsoft.DataProtection/backupVaults/backupPolicies/write | Skapar säkerhetskopieringsprincip |
| Microsoft.DataProtection/backupVaults/backupPolicies/delete | Tar bort säkerhetskopieringsprincipen |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Returnerar alla säkerhetskopieringsprinciper |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Returnerar alla säkerhetskopieringsprinciper |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Returnerar alla återställningspunkter |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Returnerar alla återställningspunkter |
| Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action | Söker efter återställningsbara tidsintervall |
| Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read | Returnerar säkerhetskopieringsåtgärdsresultatet för Backup Vault. |
| Microsoft.DataProtection/backupVaults/write | Uppdatera BackupVault-åtgärden uppdaterar en Azure-resurs av typen "Backup Vault" |
| Microsoft.DataProtection/backupVaults/read | Hämtar lista över säkerhetskopieringsvalv i en resursgrupp |
| Microsoft.DataProtection/backupVaults/operationResults/read | Hämtar åtgärdsresultatet för en korrigeringsåtgärd för ett säkerhetskopieringsvalv |
| Microsoft.DataProtection/backupVaults/operationStatus/read | Returnerar säkerhetskopieringsåtgärdsstatus för Backup Vault. |
| Microsoft.DataProtection/locations/checkNameAvailability/action | Kontrollerar om det begärda BackupVault-namnet är tillgängligt |
| Microsoft.DataProtection/locations/checkFeatureSupport/action | Verifierar om en funktion stöds |
| Microsoft.DataProtection/backupVaults/read | Hämtar lista över säkerhetskopieringsvalv i en resursgrupp |
| Microsoft.DataProtection/backupVaults/read | Hämtar lista över säkerhetskopieringsvalv i en resursgrupp |
| Microsoft.DataProtection/locations/operationStatus/read | Returnerar säkerhetskopieringsåtgärdsstatus för Backup Vault. |
| Microsoft.DataProtection/locations/operationResults/read | Returnerar säkerhetskopieringsåtgärdsresultatet för Backup Vault. |
| Microsoft.DataProtection/backupVaults/validateForBackup/action | Validerar för säkerhetskopiering av säkerhetskopieringsinstans |
| Microsoft.DataProtection/operations/read | Åtgärden returnerar listan över åtgärder för en resursprovider |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete | Åtgärden Ta bort ResourceGuard-proxy tar bort den angivna Azure-resursen av typen ResourceGuard-proxy |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read | Hämta listan över ResourceGuard-proxyservrar för en resurs |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action | Lås upp borttagning av ResourceGuard-proxyåtgärden låser upp nästa borttagningskritiska åtgärd |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write | Skapa ResourceGuard-proxyåtgärd skapar en Azure-resurs av typen "ResourceGuard Proxy" |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read | Hämta ResourceGuard-proxyåtgärd hämtar ett objekt som representerar Azure-resursen av typen "ResourceGuard-proxy" |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write | Skapa ResourceGuard-proxyåtgärd skapar en Azure-resurs av typen "ResourceGuard Proxy" |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete | Åtgärden Ta bort ResourceGuard-proxy tar bort den angivna Azure-resursen av typen ResourceGuard-proxy |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action | Lås upp borttagning av ResourceGuard-proxyåtgärden låser upp nästa borttagningskritiska åtgärd |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backups, but can't delete vaults and give access to others",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
"name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/*",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/*",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/Vaults/usages/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/vaults/operationStatus/read",
"Microsoft.RecoveryServices/vaults/operationResults/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*",
"Microsoft.DataProtection/locations/getBackupStatus/action",
"Microsoft.DataProtection/backupVaults/backupInstances/write",
"Microsoft.DataProtection/backupVaults/backupInstances/delete",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/read",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action",
"Microsoft.DataProtection/backupVaults/backupInstances/backup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action",
"Microsoft.DataProtection/backupVaults/backupInstances/restore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action",
"Microsoft.DataProtection/backupVaults/backupPolicies/write",
"Microsoft.DataProtection/backupVaults/backupPolicies/delete",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
"Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read",
"Microsoft.DataProtection/backupVaults/write",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/operationResults/read",
"Microsoft.DataProtection/backupVaults/operationStatus/read",
"Microsoft.DataProtection/locations/checkNameAvailability/action",
"Microsoft.DataProtection/locations/checkFeatureSupport/action",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/backupVaults/validateForBackup/action",
"Microsoft.DataProtection/operations/read",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Säkerhetskopiera MUA-administratör
Säkerhetskopiera MultiUser-Authorization. Kan skapa/ta bort ResourceGuard
| Åtgärder | beskrivning |
|---|---|
| Microsoft.DataProtection/*/read | |
| Microsoft.DataProtection/*/resourceGuards/write | |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write | Uppdatera ResouceGuard-åtgärden uppdaterar en Azure-resurs av typen "ResourceGuard" |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/delete | Åtgärden Ta bort ResourceGuard tar bort den angivna Azure-resursen av typen "ResourceGuard" |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read | Hämtar lista över ResourceGuards i en resursgrupp |
| Microsoft.DataProtection/locations/operationResults/read | Returnerar säkerhetskopieringsåtgärdsresultatet för Backup Vault. |
| Microsoft.DataProtection/locations/operationStatus/read | Returnerar säkerhetskopieringsåtgärdsstatus för Backup Vault. |
| Microsoft.DataProtection/locations/getBackupStatus/action | Kontrollera säkerhetskopieringsstatus för Recovery Services-valv |
| Microsoft.DataProtection/locations/checkFeatureSupport/action | Verifierar om en funktion stöds |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/operationStatus/read | Returnerar säkerhetskopieringsåtgärdsstatus för Backup Vault. |
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Features/features/read | Hämtar funktionerna i en prenumeration. |
| Microsoft.Features/providers/features/read | Hämtar funktionen för en prenumeration i en viss resursprovider. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Resources/deployments/operations/read | Hämtar eller listar distributionsåtgärder. |
| Microsoft.Resources/subscriptions/operationresults/read | Hämta resultatet av prenumerationsåtgärden. |
| Microsoft.Resources/subscriptions/read | Hämtar listan över prenumerationer. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read | Hämta ResourceGuard-proxyåtgärd hämtar ett objekt som representerar Azure-resursen av typen "ResourceGuard-proxy" |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write | Skapa ResourceGuard-proxyåtgärd skapar en Azure-resurs av typen "ResourceGuard Proxy" |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete | Åtgärden Ta bort ResourceGuard-proxy tar bort den angivna Azure-resursen av typen ResourceGuard-proxy |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action | Lås upp borttagning av ResourceGuard-proxyåtgärden låser upp nästa borttagningskritiska åtgärd |
| Microsoft.DataProtection/subscriptions/providers/resourceGuards/read | Hämtar en lista över ResourceGuards i en prenumeration |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read | Hämtar information om ResourceGuard-standardåtgärdsbegäran |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Backup MultiUser-Authorization. Can create/delete ResourceGuard ",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c2a970b4-16a7-4a51-8c84-8a8ea6ee0bb8",
"name": "c2a970b4-16a7-4a51-8c84-8a8ea6ee0bb8",
"permissions": [
{
"actions": [
"Microsoft.DataProtection/*/read",
"Microsoft.DataProtection/*/resourceGuards/write",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/delete",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/getBackupStatus/action",
"Microsoft.DataProtection/locations/checkFeatureSupport/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/operationStatus/read",
"Microsoft.Authorization/*/read",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action",
"Microsoft.DataProtection/subscriptions/providers/resourceGuards/read",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup MUA Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Säkerhetskopiera MUA-operator
Säkerhetskopiera MultiUser-Authorization. Tillåter att användaren utför kritiska åtgärder som skyddas av resourceguard
| Åtgärder | beskrivning |
|---|---|
| Microsoft.DataProtection/*/action | |
| Microsoft.DataProtection/*/read | |
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Backup MultiUser-Authorization. Allows user to perform critical operation protected by resourceguard",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f54b6d04-23c6-443e-b462-9c16ab7b4a52",
"name": "f54b6d04-23c6-443e-b462-9c16ab7b4a52",
"permissions": [
{
"actions": [
"Microsoft.DataProtection/*/action",
"Microsoft.DataProtection/*/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup MUA Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator för säkerhetskopiering
Gör att du kan hantera säkerhetskopieringstjänster, förutom att ta bort säkerhetskopiering, skapa valv och ge åtkomst till andra
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Network/virtualNetworks/read | Hämta definitionen för virtuellt nätverk |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read | Returnerar status för åtgärden |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read | Hämtar resultatet av åtgärden som utförs på skyddscontainern. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action | Utför säkerhetskopiering för skyddat objekt. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read | Hämtar resultatet av åtgärden som utförs på skyddade objekt. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read | Returnerar statusen för åtgärden som utförs på skyddade objekt. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | Returnerar objektinformation för det skyddade objektet |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action | Etablera snabb objektåterställning för skyddat objekt |
| Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action | Hämta AccessToken för återställning mellan regioner. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | Hämta återställningspunkter för skyddade objekt. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action | Återställ återställningspunkter för skyddade objekt. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action | Återkalla snabb objektåterställning för skyddat objekt |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write | Skapa en säkerhetskopia av skyddat objekt |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read | Returnerar alla registrerade containrar |
| Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action | Uppdaterar containerlistan |
| Microsoft.RecoveryServices/Vaults/backupJobs/* | Skapa och hantera säkerhetskopieringsjobb |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/action | Exportera jobb |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/* | Skapa och hantera resultat av säkerhetskopieringshanteringsåtgärder |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read | Hämta resultat av principåtgärden. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/read | Returnerar alla skyddsprinciper |
| Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | Skapa och hantera objekt som kan säkerhetskopieras |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/read | Returnerar listan över alla skyddade objekt. |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read | Returnerar alla containrar som tillhör prenumerationen |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read | Returnerar sammanfattningar för skyddade objekt och skyddade servrar för en Recovery Services . |
| Microsoft.RecoveryServices/Vaults/certificates/write | Åtgärden Uppdatera resurscertifikat uppdaterar autentiseringscertifikatet för resurs/valv. |
| Microsoft.RecoveryServices/Vaults/extendedInformation/read | Åtgärden Hämta utökad information hämtar ett objekts utökade information som representerar Azure-resursen av typen ?vault? |
| Microsoft.RecoveryServices/Vaults/extendedInformation/write | Åtgärden Hämta utökad information hämtar ett objekts utökade information som representerar Azure-resursen av typen ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/read | Hämtar aviseringarna för Recovery Services-valvet. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/read | Åtgärden Get Vault hämtar ett objekt som representerar Azure-resursen av typen "valv" |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | Åtgärden Hämta åtgärdsresultat kan användas för att hämta åtgärdsstatus och resultat för den asynkront skickade åtgärden |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/read | Åtgärden Hämta containrar kan användas för att få containrarna registrerade för en resurs. |
| Microsoft.RecoveryServices/Vaults/registeredIdentiteter/skrivning | Åtgärden Registrera tjänstcontainer kan användas för att registrera en container med Recovery Service. |
| Microsoft.RecoveryServices/Vaults/usages/read | Returnerar användningsinformation för ett Recovery Services-valv. |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Storage/storageAccounts/read | Returnerar listan över lagringskonton eller hämtar egenskaperna för det angivna lagringskontot. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupValidateOperation/action | Verifiera åtgärden för skyddat objekt |
| Microsoft.RecoveryServices/Vaults/backupTriggerValidateOperation/action | Verifiera åtgärden för skyddat objekt |
| Microsoft.RecoveryServices/Vaults/backupValidateOperationResults/read | Verifiera åtgärden för skyddat objekt |
| Microsoft.RecoveryServices/Vaults/backupValidateOperationsStatuses/read | Verifiera åtgärden för skyddat objekt |
| Microsoft.RecoveryServices/Vaults/backupOperations/read | Returnerar status för säkerhetskopieringsåtgärd för Recovery Services-valv. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read | Hämta status för principåtgärd. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write | Skapar en registrerad container |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action | Fråga efter arbetsbelastningar i en container |
| Microsoft.RecoveryServices/Vaults/backupEngines/read | Returnerar alla servrar för säkerhetskopieringshantering som registrerats med valvet. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write | Skapa en avsikt för säkerhetskopieringsskydd |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read | Hämta en avsikt för säkerhetskopieringsskydd |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read | Hämta alla skyddsbara containrar |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read | Hämta alla objekt i en container |
| Microsoft.RecoveryServices/locations/backupStatus/action | Kontrollera säkerhetskopieringsstatus för Recovery Services-valv |
| Microsoft.RecoveryServices/locations/backupPreValidateProtection/action | |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/action | Verifiera funktioner |
| Microsoft.RecoveryServices/locations/backupAadProperties/read | Hämta AAD-egenskaper för autentisering i den tredje regionen för återställning mellan regioner. |
| Microsoft.RecoveryServices/locations/backupCrrJobs/action | Visa en lista över återställningsjobb mellan regioner i den sekundära regionen för Recovery Services Vault. |
| Microsoft.RecoveryServices/locations/backupCrrJob/action | Hämta jobbinformation för återställning mellan regioner i den sekundära regionen för Recovery Services Vault. |
| Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action | Utlösa återställning mellan regioner. |
| Microsoft.RecoveryServices/locations/backupCrrOperationResults/read | Returnerar CRR-åtgärdsresultat för Recovery Services-valv. |
| Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read | Returnerar CRR-åtgärdsstatus för Recovery Services-valv. |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/write | Löser aviseringen. |
| Microsoft.RecoveryServices/operations/read | Åtgärden returnerar listan över åtgärder för en resursprovider |
| Microsoft.RecoveryServices/locations/operationStatus/read | Hämtar åtgärdsstatus för en viss åtgärd |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read | Visa en lista över alla avsikter för säkerhetskopieringsskydd |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Returnerar alla säkerhetskopieringsinstanser |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Returnerar alla säkerhetskopieringsinstanser |
| Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read | Returnerar säkerhetskopieringsåtgärdsresultatet för Backup Vault. |
| Microsoft.DataProtection/backupVaults/backupInstances/write | Skapar en säkerhetskopieringsinstans |
| Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | Visa en lista över mjuk borttagna säkerhetskopieringsinstanser i ett säkerhetskopieringsvalv. |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Returnerar alla säkerhetskopieringsprinciper |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Returnerar alla säkerhetskopieringsprinciper |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Returnerar alla återställningspunkter |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Returnerar alla återställningspunkter |
| Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action | Söker efter återställningsbara tidsintervall |
| Microsoft.DataProtection/backupVaults/read | Hämtar lista över säkerhetskopieringsvalv i en resursgrupp |
| Microsoft.DataProtection/backupVaults/operationResults/read | Hämtar åtgärdsresultatet för en korrigeringsåtgärd för ett säkerhetskopieringsvalv |
| Microsoft.DataProtection/backupVaults/operationStatus/read | Returnerar säkerhetskopieringsåtgärdsstatus för Backup Vault. |
| Microsoft.DataProtection/backupVaults/read | Hämtar lista över säkerhetskopieringsvalv i en resursgrupp |
| Microsoft.DataProtection/backupVaults/read | Hämtar lista över säkerhetskopieringsvalv i en resursgrupp |
| Microsoft.DataProtection/locations/operationStatus/read | Returnerar säkerhetskopieringsåtgärdsstatus för Backup Vault. |
| Microsoft.DataProtection/locations/operationResults/read | Returnerar säkerhetskopieringsåtgärdsresultatet för Backup Vault. |
| Microsoft.DataProtection/operations/read | Åtgärden returnerar listan över åtgärder för en resursprovider |
| Microsoft.DataProtection/backupVaults/validateForBackup/action | Validerar för säkerhetskopiering av säkerhetskopieringsinstans |
| Microsoft.DataProtection/backupVaults/backupInstances/backup/action | Utför säkerhetskopiering på säkerhetskopieringsinstansen |
| Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action | Validerar för återställning av säkerhetskopieringsinstansen |
| Microsoft.DataProtection/backupVaults/backupInstances/restore/action | Utlösare återställs på säkerhetskopieringsinstansen |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action | Utlöser återställning mellan regioner på den angivna säkerhetskopieringsinstansen. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action | Utför valideringar för återställning mellan regioner. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | Visa en lista över återställningsjobb mellan regioner för säkerhetskopieringsinstansen från den sekundära regionen. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Hämta jobbinformation för återställning mellan regioner från den sekundära regionen. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Returnerar återställningspunkter från den sekundära regionen för återställning mellan regioner aktiverat Backup Vaults. |
| Microsoft.DataProtection/locations/checkFeatureSupport/action | Verifierar om en funktion stöds |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete | Åtgärden Ta bort ResourceGuard-proxy tar bort den angivna Azure-resursen av typen ResourceGuard-proxy |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read | Hämta listan över ResourceGuard-proxyservrar för en resurs |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action | Lås upp borttagning av ResourceGuard-proxyåtgärden låser upp nästa borttagningskritiska åtgärd |
| Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write | Skapa ResourceGuard-proxyåtgärd skapar en Azure-resurs av typen "ResourceGuard Proxy" |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read | Hämta ResourceGuard-proxyåtgärd hämtar ett objekt som representerar Azure-resursen av typen "ResourceGuard-proxy" |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write | Skapa ResourceGuard-proxyåtgärd skapar en Azure-resurs av typen "ResourceGuard Proxy" |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete | Åtgärden Ta bort ResourceGuard-proxy tar bort den angivna Azure-resursen av typen ResourceGuard-proxy |
| Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action | Lås upp borttagning av ResourceGuard-proxyåtgärden låser upp nästa borttagningskritiska åtgärd |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
"id": "/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
"name": "00c29273-979b-4161-815c-10b084fb9324",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/write",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/backupTriggerValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/backupValidateOperationResults/read",
"Microsoft.RecoveryServices/Vaults/backupValidateOperationsStatuses/read",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/locations/backupAadProperties/read",
"Microsoft.RecoveryServices/locations/backupCrrJobs/action",
"Microsoft.RecoveryServices/locations/backupCrrJob/action",
"Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action",
"Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
"Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read",
"Microsoft.DataProtection/backupVaults/backupInstances/write",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/operationResults/read",
"Microsoft.DataProtection/backupVaults/operationStatus/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/operations/read",
"Microsoft.DataProtection/backupVaults/validateForBackup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/backup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action",
"Microsoft.DataProtection/backupVaults/backupInstances/restore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action",
"Microsoft.DataProtection/locations/checkFeatureSupport/action",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Säkerhetskopieringsläsare
Kan visa säkerhetskopieringstjänster, men kan inte göra ändringar
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp är en intern åtgärd som används av tjänsten |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read | Returnerar status för åtgärden |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read | Hämtar resultatet av åtgärden som utförs på skyddscontainern. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read | Hämtar resultatet av åtgärden som utförs på skyddade objekt. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read | Returnerar statusen för åtgärden som utförs på skyddade objekt. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | Returnerar objektinformation för det skyddade objektet |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | Hämta återställningspunkter för skyddade objekt. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read | Returnerar alla registrerade containrar |
| Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read | Returnerar resultatet av jobbåtgärden. |
| Microsoft.RecoveryServices/Vaults/backupJobs/read | Returnerar alla jobbobjekt |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/action | Exportera jobb |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/read | Returnerar resultat av säkerhetskopieringsåtgärd för Recovery Services-valv. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read | Hämta resultat av principåtgärden. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/read | Returnerar alla skyddsprinciper |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/read | Returnerar listan över alla skyddade objekt. |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read | Returnerar alla containrar som tillhör prenumerationen |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read | Returnerar sammanfattningar för skyddade objekt och skyddade servrar för en Recovery Services . |
| Microsoft.RecoveryServices/Vaults/extendedInformation/read | Åtgärden Hämta utökad information hämtar ett objekts utökade information som representerar Azure-resursen av typen ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/read | Hämtar aviseringarna för Recovery Services-valvet. |
| Microsoft.RecoveryServices/Vaults/read | Åtgärden Get Vault hämtar ett objekt som representerar Azure-resursen av typen "valv" |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | Åtgärden Hämta åtgärdsresultat kan användas för att hämta åtgärdsstatus och resultat för den asynkront skickade åtgärden |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/read | Åtgärden Hämta containrar kan användas för att få containrarna registrerade för en resurs. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/read | Returnerar lagringskonfiguration för Recovery Services-valv. |
| Microsoft.RecoveryServices/Vaults/backupconfig/read | Returnerar Konfiguration för Recovery Services-valv. |
| Microsoft.RecoveryServices/Vaults/backupOperations/read | Returnerar status för säkerhetskopieringsåtgärd för Recovery Services-valv. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read | Hämta status för principåtgärd. |
| Microsoft.RecoveryServices/Vaults/backupEngines/read | Returnerar alla servrar för säkerhetskopieringshantering som registrerats med valvet. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read | Hämta en avsikt för säkerhetskopieringsskydd |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read | Hämta alla objekt i en container |
| Microsoft.RecoveryServices/locations/backupStatus/action | Kontrollera säkerhetskopieringsstatus för Recovery Services-valv |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/write | Löser aviseringen. |
| Microsoft.RecoveryServices/operations/read | Åtgärden returnerar listan över åtgärder för en resursprovider |
| Microsoft.RecoveryServices/locations/operationStatus/read | Hämtar åtgärdsstatus för en viss åtgärd |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read | Visa en lista över alla avsikter för säkerhetskopieringsskydd |
| Microsoft.RecoveryServices/Vaults/usages/read | Returnerar användningsinformation för ett Recovery Services-valv. |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/action | Verifiera funktioner |
| Microsoft.RecoveryServices/locations/backupCrrJobs/action | Visa en lista över återställningsjobb mellan regioner i den sekundära regionen för Recovery Services Vault. |
| Microsoft.RecoveryServices/locations/backupCrrJob/action | Hämta jobbinformation för återställning mellan regioner i den sekundära regionen för Recovery Services Vault. |
| Microsoft.RecoveryServices/locations/backupCrrOperationResults/read | Returnerar CRR-åtgärdsresultat för Recovery Services-valv. |
| Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read | Returnerar CRR-åtgärdsstatus för Recovery Services-valv. |
| Microsoft.DataProtection/locations/getBackupStatus/action | Kontrollera säkerhetskopieringsstatus för Recovery Services-valv |
| Microsoft.DataProtection/backupVaults/backupInstances/write | Skapar en säkerhetskopieringsinstans |
| Microsoft.DataProtection/backupVaults/backupInstances/read | Returnerar alla säkerhetskopieringsinstanser |
| Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | Visa en lista över mjuk borttagna säkerhetskopieringsinstanser i ett säkerhetskopieringsvalv. |
| Microsoft.DataProtection/backupVaults/backupInstances/backup/action | Utför säkerhetskopiering på säkerhetskopieringsinstansen |
| Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action | Validerar för återställning av säkerhetskopieringsinstansen |
| Microsoft.DataProtection/backupVaults/backupInstances/restore/action | Utlösare återställs på säkerhetskopieringsinstansen |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Returnerar alla säkerhetskopieringsprinciper |
| Microsoft.DataProtection/backupVaults/backupPolicies/read | Returnerar alla säkerhetskopieringsprinciper |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Returnerar alla återställningspunkter |
| Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | Returnerar alla återställningspunkter |
| Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read | Returnerar säkerhetskopieringsåtgärdsresultatet för Backup Vault. |
| Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action | Söker efter återställningsbara tidsintervall |
| Microsoft.DataProtection/backupVaults/read | Hämtar lista över säkerhetskopieringsvalv i en resursgrupp |
| Microsoft.DataProtection/backupVaults/operationResults/read | Hämtar åtgärdsresultatet för en korrigeringsåtgärd för ett säkerhetskopieringsvalv |
| Microsoft.DataProtection/backupVaults/operationStatus/read | Returnerar säkerhetskopieringsåtgärdsstatus för Backup Vault. |
| Microsoft.DataProtection/backupVaults/read | Hämtar lista över säkerhetskopieringsvalv i en resursgrupp |
| Microsoft.DataProtection/backupVaults/read | Hämtar lista över säkerhetskopieringsvalv i en resursgrupp |
| Microsoft.DataProtection/locations/operationStatus/read | Returnerar säkerhetskopieringsåtgärdsstatus för Backup Vault. |
| Microsoft.DataProtection/locations/operationResults/read | Returnerar säkerhetskopieringsåtgärdsresultatet för Backup Vault. |
| Microsoft.DataProtection/backupVaults/validateForBackup/action | Validerar för säkerhetskopiering av säkerhetskopieringsinstans |
| Microsoft.DataProtection/operations/read | Åtgärden returnerar listan över åtgärder för en resursprovider |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | Visa en lista över återställningsjobb mellan regioner för säkerhetskopieringsinstansen från den sekundära regionen. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Hämta jobbinformation för återställning mellan regioner från den sekundära regionen. |
| Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Returnerar återställningspunkter från den sekundära regionen för återställning mellan regioner aktiverat Backup Vaults. |
| Microsoft.DataProtection/locations/checkFeatureSupport/action | Verifierar om en funktion stöds |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Can view backup services, but can't make changes",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
"name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/read",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
"Microsoft.RecoveryServices/Vaults/backupconfig/read",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/locations/backupCrrJobs/action",
"Microsoft.RecoveryServices/locations/backupCrrJob/action",
"Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
"Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
"Microsoft.DataProtection/locations/getBackupStatus/action",
"Microsoft.DataProtection/backupVaults/backupInstances/write",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/backup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action",
"Microsoft.DataProtection/backupVaults/backupInstances/restore/action",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read",
"Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/operationResults/read",
"Microsoft.DataProtection/backupVaults/operationStatus/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/backupVaults/validateForBackup/action",
"Microsoft.DataProtection/operations/read",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action",
"Microsoft.DataProtection/locations/checkFeatureSupport/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Klassisk lagringskontodeltagare
Gör att du kan hantera klassiska lagringskonton, men inte åtkomst till dem.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.ClassicStorage/storageAccounts/* | Skapa och hantera lagringskonton |
| Microsoft.Insights/alertRules/* | Skapa och hantera en klassisk måttavisering |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic storage accounts, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicStorage/storageAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Tjänstroll för nyckeloperator för klassiskt lagringskonto
Nyckeloperatorer för klassiska lagringskonton kan visa och återskapa nycklar på klassiska lagringskonton
| Åtgärder | beskrivning |
|---|---|
| Microsoft.ClassicStorage/storageAccounts/listkeys/action | Visar en lista över åtkomstnycklarna för lagringskontona. |
| Microsoft.ClassicStorage/storageAccounts/regeneratekey/action | Återskapar de befintliga åtkomstnycklarna för lagringskontot. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
"id": "/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"permissions": [
{
"actions": [
"Microsoft.ClassicStorage/storageAccounts/listkeys/action",
"Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Box-deltagare
Gör att du kan hantera allt under Data Box Service förutom att ge åtkomst till andra.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| Microsoft.Databox/* | |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage everything under Data Box Service except giving access to others.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
"name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Databox/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Box-läsare
Gör att du kan hantera Data Box Service förutom att skapa beställnings- eller redigeringsorderinformation och ge åtkomst till andra.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Databox/*/read | |
| Microsoft.Databox/jobs/listsecrets/action | |
| Microsoft.Databox/jobs/listcredentials/action | Visar en lista över okrypterade autentiseringsuppgifter som är relaterade till ordern. |
| Microsoft.Databox/locations/availableSkus/action | Den här metoden returnerar listan över tillgängliga sku:er. |
| Microsoft.Databox/locations/validateInputs/action | Den här metoden utför alla typer av valideringar. |
| Microsoft.Databox/locations/regionConfiguration/action | Den här metoden returnerar konfigurationerna för regionen. |
| Microsoft.Databox/locations/validateAddress/action | Validerar leveransadressen och tillhandahåller eventuella alternativa adresser. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Databox/*/read",
"Microsoft.Databox/jobs/listsecrets/action",
"Microsoft.Databox/jobs/listcredentials/action",
"Microsoft.Databox/locations/availableSkus/action",
"Microsoft.Databox/locations/validateInputs/action",
"Microsoft.Databox/locations/regionConfiguration/action",
"Microsoft.Databox/locations/validateAddress/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Lake Analytics-utvecklare
Gör att du kan skicka, övervaka och hantera dina egna jobb men inte skapa eller ta bort Data Lake Analytics-konton.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.BigAnalytics/accounts/* | |
| Microsoft.DataLakeAnalytics/accounts/* | |
| Microsoft.Insights/alertRules/* | Skapa och hantera en klassisk måttavisering |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| Microsoft.BigAnalytics/accounts/Delete | |
| Microsoft.BigAnalytics/accounts/TakeOwnership/action | |
| Microsoft.BigAnalytics/accounts/Write | |
| Microsoft.DataLakeAnalytics/accounts/Delete | Ta bort ett DataLakeAnalytics-konto. |
| Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action | Bevilja behörigheter för att avbryta jobb som skickats av andra användare. |
| Microsoft.DataLakeAnalytics/accounts/Write | Skapa eller uppdatera ett DataLakeAnalytics-konto. |
| Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write | Skapa eller uppdatera ett länkat DataLakeStore-konto för ett DataLakeAnalytics-konto. |
| Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete | Ta bort länken till ett DataLakeStore-konto från ett DataLakeAnalytics-konto. |
| Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write | Skapa eller uppdatera ett länkat lagringskonto för ett DataLakeAnalytics-konto. |
| Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete | Ta bort länk till ett lagringskonto från ett DataLakeAnalytics-konto. |
| Microsoft.DataLakeAnalytics/accounts/firewallRules/Write | Skapa eller uppdatera en brandväggsregel. |
| Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete | Ta bort en brandväggsregel. |
| Microsoft.DataLakeAnalytics/accounts/computePolicies/Write | Skapa eller uppdatera en beräkningsprincip. |
| Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete | Ta bort en beräkningsprincip. |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
"name": "47b7735b-770e-4598-a7da-8b91488b4c88",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.BigAnalytics/accounts/*",
"Microsoft.DataLakeAnalytics/accounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.BigAnalytics/accounts/Delete",
"Microsoft.BigAnalytics/accounts/TakeOwnership/action",
"Microsoft.BigAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
"Microsoft.DataLakeAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Lake Analytics Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Defender för Storage Data Scanner
Ger åtkomst till läsblobar och uppdatera indextaggar. Den här rollen används av dataskannern för Defender for Storage.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/containers/read | Returnerar lista över containrar |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read | Returnerar en blob eller en lista över blobar |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write | Returnerar resultatet av att skriva blobtaggar |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read | Returnerar resultatet av att läsa blobtaggar |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read blobs and update index tags. This role is used by the data scanner of Defender for Storage.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40",
"name": "1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read"
],
"notDataActions": []
}
],
"roleName": "Defender for Storage Data Scanner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Elastisk SAN-nätverksadministratör
Ger åtkomst till att skapa privata slutpunkter för SAN-resurser och läsa SAN-resurser
| Åtgärder | beskrivning |
|---|---|
| Microsoft.ElasticSan/elasticSans/*/read | |
| Microsoft.ElasticSan/elasticSans/PrivateEndpointConnectionsApproval/action | |
| Microsoft.ElasticSan/elasticSans/privateEndpointConnections/write | |
| Microsoft.ElasticSan/elasticSans/privateEndpointConnections/delete | |
| Microsoft.ElasticSan/locations/asyncoperations/read | Avsöker status för en asynkron åtgärd. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows access to create Private Endpoints on SAN resources, and to read SAN resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa6cecf6-5db3-4c43-8470-c540bcb4eafa",
"name": "fa6cecf6-5db3-4c43-8470-c540bcb4eafa",
"permissions": [
{
"actions": [
"Microsoft.ElasticSan/elasticSans/*/read",
"Microsoft.ElasticSan/elasticSans/PrivateEndpointConnectionsApproval/action",
"Microsoft.ElasticSan/elasticSans/privateEndpointConnections/write",
"Microsoft.ElasticSan/elasticSans/privateEndpointConnections/delete",
"Microsoft.ElasticSan/locations/asyncoperations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Network Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Elastisk SAN-ägare
Ger fullständig åtkomst till alla resurser under Azure Elastic SAN, inklusive ändring av nätverkssäkerhetsprinciper för att avblockera åtkomst till datasökväg
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.ElasticSan/elasticSans/* | |
| Microsoft.ElasticSan/locations/* | |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to all resources under Azure Elastic SAN including changing network security policies to unblock data path access",
"id": "/providers/Microsoft.Authorization/roleDefinitions/80dcbedb-47ef-405d-95bd-188a1b4ac406",
"name": "80dcbedb-47ef-405d-95bd-188a1b4ac406",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ElasticSan/elasticSans/*",
"Microsoft.ElasticSan/locations/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Elastisk SAN-läsare
Tillåter läsbehörighet för kontrollsökväg till Azure Elastic SAN
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/roleAssignments/read | Hämta information om en rolltilldelning. |
| Microsoft.Authorization/roleDefinitions/read | Hämta information om en rolldefinition. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.ElasticSan/elasticSans/*/read | |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for control path read access to Azure Elastic SAN",
"id": "/providers/Microsoft.Authorization/roleDefinitions/af6a70f8-3c9f-4105-acf1-d719e9fca4ca",
"name": "af6a70f8-3c9f-4105-acf1-d719e9fca4ca",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ElasticSan/elasticSans/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Elastic SAN Volume Group Owner
Tillåter fullständig åtkomst till en volymgrupp i Azure Elastic SAN, inklusive ändring av nätverkssäkerhetsprinciper för att avblockera åtkomst till datasökväg
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/roleAssignments/read | Hämta information om en rolltilldelning. |
| Microsoft.Authorization/roleDefinitions/read | Hämta information om en rolldefinition. |
| Microsoft.ElasticSan/elasticSans/volumeGroups/* | |
| Microsoft.ElasticSan/locations/asyncoperations/read | Avsöker status för en asynkron åtgärd. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to a volume group in Azure Elastic SAN including changing network security policies to unblock data path access",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a8281131-f312-4f34-8d98-ae12be9f0d23",
"name": "a8281131-f312-4f34-8d98-ae12be9f0d23",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read",
"Microsoft.ElasticSan/elasticSans/volumeGroups/*",
"Microsoft.ElasticSan/locations/asyncoperations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Volume Group Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Läs- och dataåtkomst
Låter dig visa allt men låter dig inte ta bort eller skapa ett lagringskonto eller en innesluten resurs. Det ger också läs-/skrivåtkomst till alla data som finns i ett lagringskonto via åtkomst till lagringskontonycklar.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Storage/storageAccounts/listKeys/action | Returnerar åtkomstnycklarna för det angivna lagringskontot. |
| Microsoft.Storage/storageAccounts/ListAccountSas/action | Returnerar SAS-kontotoken för det angivna lagringskontot. |
| Microsoft.Storage/storageAccounts/read | Returnerar listan över lagringskonton eller hämtar egenskaperna för det angivna lagringskontot. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
"name": "c12c1c16-33a1-487b-954d-41c89c60f349",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/ListAccountSas/action",
"Microsoft.Storage/storageAccounts/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reader and Data Access",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Deltagare i säkerhetskopiering av lagringskonto
Gör att du kan utföra säkerhetskopierings- och återställningsåtgärder med hjälp av Azure Backup på lagringskontot.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Authorization/locks/read | Hämtar lås i det angivna omfånget. |
| Microsoft.Authorization/locks/write | Lägg till lås i det angivna omfånget. |
| Microsoft.Authorization/locks/delete | Ta bort lås i det angivna omfånget. |
| Microsoft.Features/features/read | Hämtar funktionerna i en prenumeration. |
| Microsoft.Features/providers/features/read | Hämtar funktionen för en prenumeration i en viss resursprovider. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Storage/operations/read | Avsöker status för en asynkron åtgärd. |
| Microsoft.Storage/storageAccounts/objectReplicationPolicies/delete | Ta bort objektreplikeringsprincip |
| Microsoft.Storage/storageAccounts/objectReplicationPolicies/read | Lista principer för objektreplikering |
| Microsoft.Storage/storageAccounts/objectReplicationPolicies/write | Skapa eller uppdatera objektreplikeringsprincip |
| Microsoft.Storage/storageAccounts/objectReplicationPolicies/restorePointMarkers/write | Skapa markören för återställningspunkt för objektreplikering |
| Microsoft.Storage/storageAccounts/blobServices/containers/read | Returnerar lista över containrar |
| Microsoft.Storage/storageAccounts/blobServices/containers/write | Returnerar resultatet av placera blobcontainer |
| Microsoft.Storage/storageAccounts/blobServices/read | Returnerar blobtjänstegenskaper eller statistik |
| Microsoft.Storage/storageAccounts/blobServices/write | Returnerar resultatet av egenskaperna för put blob-tjänsten |
| Microsoft.Storage/storageAccounts/read | Returnerar listan över lagringskonton eller hämtar egenskaperna för det angivna lagringskontot. |
| Microsoft.Storage/storageAccounts/restoreBlobRanges/action | Återställa blobintervall till den angivna tidens tillstånd |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform backup and restore operations using Azure Backup on the storage account.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1",
"name": "e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/locks/read",
"Microsoft.Authorization/locks/write",
"Microsoft.Authorization/locks/delete",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/operations/read",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/delete",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/read",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/write",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/restorePointMarkers/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/write",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/restoreBlobRanges/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Backup Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lagringskontodeltagare
Tillåter hantering av lagringskonton. Ger åtkomst till kontonyckeln, som kan användas för att komma åt data via auktorisering av delad nyckel.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Insights/alertRules/* | Skapa och hantera en klassisk måttavisering |
| Microsoft.Insights/diagnosticSettings/* | Skapar, uppdaterar eller läser diagnostikinställningen för Analysis Server |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | Kopplar resurser som lagringskonto eller SQL-databas till ett undernät. Inte aviseringsbar. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Storage/storageAccounts/* | Skapa och hantera lagringskonton |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
"name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Tjänstroll för nyckeloperator för lagringskonto
Tillåter att lagringskontots åtkomstnycklar listas och återskapas.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Storage/storageAccounts/listkeys/action | Returnerar åtkomstnycklarna för det angivna lagringskontot. |
| Microsoft.Storage/storageAccounts/regeneratekey/action | Återskapar åtkomstnycklarna för det angivna lagringskontot. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
"id": "/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
"name": "81a9662b-bebf-436f-a333-f67b29880f12",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Storage blobb data-deltagare
Läsa, skriva och radera Azure Storage-containrar och blobbar. Information om vilka åtgärder som krävs för en viss dataåtgärd finns i Behörigheter för att anropa dataåtgärder.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/containers/delete | Ta bort en container. |
| Microsoft.Storage/storageAccounts/blobServices/containers/read | Returnera en container eller en lista över containrar. |
| Microsoft.Storage/storageAccounts/blobServices/containers/write | Ändra en containers metadata eller egenskaper. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | Returnerar en användardelegeringsnyckel för Blob-tjänsten. |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete | Ta bort en blob. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read | Returnera en blob eller en lista över blobar. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write | Skriv till en blob. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action | Flyttar bloben från en sökväg till en annan |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action | Returnerar resultatet av att lägga till blobinnehåll |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write and delete access to Azure Storage blob containers and data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Ägare av lagringsblobdata
Ger fullständig åtkomst till Azure Storage-blobcontainrar och data, inklusive tilldelning av POSIX-åtkomstkontroll. Information om vilka åtgärder som krävs för en viss dataåtgärd finns i Behörigheter för att anropa dataåtgärder.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/containers/* | Fullständig behörighet för containrar. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | Returnerar en användardelegeringsnyckel för Blob-tjänsten. |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* | Fullständig behörighet för blobar. |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/*",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Läsare av lagringsblobdata
Läsa och lista Azure Storage-containrar och blobar. Information om vilka åtgärder som krävs för en viss dataåtgärd finns i Behörigheter för att anropa dataåtgärder.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/containers/read | Returnera en container eller en lista över containrar. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | Returnerar en användardelegeringsnyckel för Blob-tjänsten. |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read | Returnera en blob eller en lista över blobar. |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage blob containers and data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lagringsblobdelegering
Hämta en användardelegeringsnyckel som sedan kan användas för att skapa en signatur för delad åtkomst för en container eller blob som är signerad med Azure AD-autentiseringsuppgifter. Mer information finns i Skapa en SAS för användardelegering.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | Returnerar en användardelegeringsnyckel för Blob-tjänsten. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
"id": "/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Blob Delegator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Priviligierad medhjälpare för lagringsfildata
Tillåter läsning, skrivning, borttagning och ändring av ACL:er för filer/kataloger i Azure-filresurser genom att åsidosätta befintliga ACL:er/NTFS-behörigheter. Den här rollen har ingen inbyggd motsvarighet på Windows-filservrar.
| Åtgärder | Description |
|---|---|
| ingen | |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read | Returnerar en fil/mapp eller en lista över filer/mappar |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write | Returnerar resultatet av att skriva en fil eller skapa en mapp |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete | Returnerar resultatet av att ta bort en fil/mapp |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action | Returnerar resultatet av att ändra behörighet för en fil/mapp |
| Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action | Läs semantikbehörighet för filsäkerhetskopiering |
| Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action | Behörighet att skriva filsäkerhetskopiering |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Customer has read, write, delete and modify NTFS permission access on Azure Storage file shares.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/69566ab7-960f-475b-8e7c-b3118f30c6bd",
"name": "69566ab7-960f-475b-8e7c-b3118f30c6bd",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action",
"Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action",
"Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action"
],
"notDataActions": []
}
],
"roleName": "Storage File Data Privileged Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Priviligierad läsare för lagringsfildata
Tillåter läsåtkomst för filer/kataloger i Azure-filresurser genom att åsidosätta befintliga ACL:er/NTFS-behörigheter. Den här rollen har ingen inbyggd motsvarighet på Windows-filservrar.
| Åtgärder | Description |
|---|---|
| ingen | |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read | Returnerar en fil/mapp eller en lista över filer/mappar |
| Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action | Läs semantikbehörighet för filsäkerhetskopiering |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Customer has read access on Azure Storage file shares.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b8eda974-7b85-4f76-af95-65846b26df6d",
"name": "b8eda974-7b85-4f76-af95-65846b26df6d",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action"
],
"notDataActions": []
}
],
"roleName": "Storage File Data Privileged Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Storage-fildata för SMB-resursdeltagare
Tillåter läs-, skriv- och borttagningsåtkomst för filer/kataloger i Azure-filresurser. Den här rollen har ingen inbyggd motsvarighet på Windows-filservrar.
| Åtgärder | Description |
|---|---|
| ingen | |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read | Returnerar en fil/mapp eller en lista över filer/mappar. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write | Returnerar resultatet av att skriva en fil eller skapa en mapp. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete | Returnerar resultatet av att ta bort en fil/mapp. |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Storage-fildata för upphöjd SMB-resursdeltagare
Tillåter läsning, skrivning, borttagning och ändring av ACL:er för filer/kataloger i Azure-filresurser. Den här rollen motsvarar en filresurs-ACL för ändring på Windows-filservrar.
| Åtgärder | Description |
|---|---|
| ingen | |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read | Returnerar en fil/mapp eller en lista över filer/mappar. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write | Returnerar resultatet av att skriva en fil eller skapa en mapp. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete | Returnerar resultatet av att ta bort en fil/mapp. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action | Returnerar resultatet av att ändra behörighet för en fil/mapp. |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
"name": "a7264617-510b-434b-a828-9731dc254ea7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Elevated Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Storage-fildata för SMB-resursläsare
Tillåter läsåtkomst för filer/kataloger i Azure-filresurser. Den här rollen motsvarar en filresurs-ACL för läsning på Windows-filservrar.
| Åtgärder | Description |
|---|---|
| ingen | |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read | Returnerar en fil/mapp eller en lista över filer/mappar. |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure File Share over SMB",
"id": "/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
"name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lagringsködatadeltagare
Läsa, skriva och ta bort Azure Storage-köer och kömeddelanden. Information om vilka åtgärder som krävs för en viss dataåtgärd finns i Behörigheter för att anropa dataåtgärder.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Storage/storageAccounts/queueServices/queues/delete | Ta bort en kö. |
| Microsoft.Storage/storageAccounts/queueServices/queues/read | Returnera en kö eller en lista över köer. |
| Microsoft.Storage/storageAccounts/queueServices/queues/write | Ändra kömetadata eller egenskaper. |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete | Ta bort ett eller flera meddelanden från en kö. |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/read | Granska eller hämta ett eller flera meddelanden från en kö. |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/write | Lägg till ett meddelande i en kö. |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action | Returnerar resultatet av bearbetningen av ett meddelande |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
"id": "/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/write",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Datameddelandeprocessor för lagringskö
Granska, hämta och ta bort ett meddelande från en Azure Storage-kö. Information om vilka åtgärder som krävs för en viss dataåtgärd finns i Behörigheter för att anropa dataåtgärder.
| Åtgärder | Description |
|---|---|
| ingen | |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/read | Granska ett meddelande. |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action | Hämta och ta bort ett meddelande. |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
"name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Processor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Meddelandesändare för lagringskö
Lägg till meddelanden i en Azure Storage-kö. Information om vilka åtgärder som krävs för en viss dataåtgärd finns i Behörigheter för att anropa dataåtgärder.
| Åtgärder | Description |
|---|---|
| ingen | |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action | Lägg till ett meddelande i en kö. |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for sending of Azure Storage queue messages",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Dataläsare för lagringskö
Läsa och lista Azure Storage-köer och kömeddelanden. Information om vilka åtgärder som krävs för en viss dataåtgärd finns i Behörigheter för att anropa dataåtgärder.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Storage/storageAccounts/queueServices/queues/read | Returnerar en kö eller en lista över köer. |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/read | Granska eller hämta ett eller flera meddelanden från en kö. |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage queues and queue messages",
"id": "/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
"name": "19e7f393-937e-4f77-808e-94535e297925",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Datadeltagare för lagringstabell
Tillåter läs-, skriv- och borttagningsåtkomst till Azure Storage-tabeller och entiteter
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Storage/storageAccounts/tableServices/tables/read | Frågetabeller |
| Microsoft.Storage/storageAccounts/tableServices/tables/write | Skapa tabeller |
| Microsoft.Storage/storageAccounts/tableServices/tables/delete | Ta bort tabeller |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/read | Frågetabellentiteter |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/write | Infoga, sammanfoga eller ersätta tabellentiteter |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/delete | Ta bort tabellentiteter |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action | Infoga tabellentiteter |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action | Sammanfoga eller uppdatera tabellentiteter |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write and delete access to Azure Storage tables and entities",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3",
"name": "0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/read",
"Microsoft.Storage/storageAccounts/tableServices/tables/write",
"Microsoft.Storage/storageAccounts/tableServices/tables/delete"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/read",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/write",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/delete",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action"
],
"notDataActions": []
}
],
"roleName": "Storage Table Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Dataläsare för lagringstabell
Tillåter läsåtkomst till Azure Storage-tabeller och entiteter
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Storage/storageAccounts/tableServices/tables/read | Frågetabeller |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/tableServices/tables/entities/read | Frågetabellentiteter |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage tables and entities",
"id": "/providers/Microsoft.Authorization/roleDefinitions/76199698-9eea-4c19-bc75-cec21354c6b6",
"name": "76199698-9eea-4c19-bc75-cec21354c6b6",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/read"
],
"notDataActions": []
}
],
"roleName": "Storage Table Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}