適用於監視的 Azure 內建角色
本文列出 [監視] 類別中的 Azure 內建角色。
Application Insights 元件參與者
可以管理 Application Insights 元件
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統警示規則 |
| Microsoft.Insights/generateLiveToken/read | 即時計量取得令牌 |
| Microsoft.Insights/metricAlerts/* | 建立和管理新的警示規則 |
| Microsoft.Insights/components/* | 建立和管理 Insights 元件 |
| Microsoft.Insights/scheduledqueryrules/* | |
| Microsoft.Insights/topology/read | 讀取拓撲 |
| Microsoft.Insights/transactions/read | 讀取交易 |
| Microsoft.Insights/webtests/* | 建立和管理 Insights Web 測試 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can manage Application Insights components",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e",
"name": "ae349356-3a1b-4a5e-921d-050484c6347e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/generateLiveToken/read",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.Insights/components/*",
"Microsoft.Insights/scheduledqueryrules/*",
"Microsoft.Insights/topology/read",
"Microsoft.Insights/transactions/read",
"Microsoft.Insights/webtests/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Application Insights Component Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Application Insights 快照集偵錯工具
授與用戶檢視及下載使用ApplicationInsights快照調試程式收集的偵錯快照集的許可權。 請注意,這些許可權不包含在擁有者或參與者角色中。 將 Application Insights 快照調試程式角色授與使用者時,您必須將角色直接授與使用者。 當角色新增至自定義角色時,無法辨識該角色。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Insights/components/*/read | |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Gives user permission to use Application Insights Snapshot Debugger features",
"id": "/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b",
"name": "08954f03-6346-4c2e-81c0-ec3a5cfae23b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/components/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Application Insights Snapshot Debugger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Grafana 管理員
執行所有 Grafana 作業,包括能夠管理數據源、建立儀錶板,以及管理 Grafana 內的角色指派。
| 動作 | 描述 |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Dashboard/grafana/ActAsGrafana 管理員/action | 扮演 Grafana 管理員 角色 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Built-in Grafana admin role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/22926164-76b3-42b3-bc55-97df8dab3e41",
"name": "22926164-76b3-42b3-bc55-97df8dab3e41",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Dashboard/grafana/ActAsGrafanaAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Grafana Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Grafana 編輯器
檢視和編輯 Grafana 實例,包括其儀錶板和警示。
| 動作 | 描述 |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action | 充當 Grafana 編輯器角色 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Built-in Grafana Editor role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a79a5197-3a5c-4973-a920-486035ffd60f",
"name": "a79a5197-3a5c-4973-a920-486035ffd60f",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action"
],
"notDataActions": []
}
],
"roleName": "Grafana Editor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Grafana Viewer
檢視 Grafana 實例,包括其儀錶板和警示。
| 動作 | 描述 |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action | 作為 Grafana 查看器角色 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Built-in Grafana Viewer role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/60921a7e-fef1-4a43-9b16-a26c52ad4769",
"name": "60921a7e-fef1-4a43-9b16-a26c52ad4769",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action"
],
"notDataActions": []
}
],
"roleName": "Grafana Viewer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
監視參與者
可以讀取所有監視數據並編輯監視設定。 另 請參閱開始使用 Azure 監視器的角色、許可權和安全性。
| 動作 | 描述 |
|---|---|
| */read | 讀取除了秘密以外的所有類型的資源。 |
| Microsoft.AlertsManagement/alerts/* | |
| Microsoft.AlertsManagement/alertsSummary/* | |
| Microsoft.Insights/actiongroups/* | |
| Microsoft.Insights/activityLogAlerts/* | |
| Microsoft.Insights/AlertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Insights/components/* | 建立和管理 Insights 元件 |
| Microsoft.Insights/createNotifications/* | |
| Microsoft.Insights/dataCollectionEndpoints/* | |
| Microsoft.Insights/dataCollectionRules/* | |
| Microsoft.Insights/dataCollectionRuleAssociations/* | |
| Microsoft.Insights/DiagnosticSettings/* | 建立、更新或讀取 Analysis Server 的診斷設定 |
| Microsoft.Insights/eventtypes/* | 列出訂用帳戶中的活動記錄事件 (管理事件)。 此權限同時適用於活動記錄的程式設計和入口網站存取。 |
| Microsoft.Insights/LogDefinitions/* | 需要透過入口網站存取活動記錄的使用者,需要此權限。 列出活動記錄中的記錄類別。 |
| Microsoft.Insights/metricalerts/* | |
| Microsoft.Insights/MetricDefinitions/* | 讀取計量定義 (資源的可用指標類型清單)。 |
| Microsoft.Insights/Metrics/* | 讀取資源的計量。 |
| Microsoft.Insights/notificationStatus/* | |
| Microsoft.Insights/Register/Action | 註冊 Microsoft Insights 提供者 |
| Microsoft.Insights/scheduledqueryrules/* | |
| Microsoft.Insights/webtests/* | 建立和管理 Insights Web 測試 |
| Microsoft.Insights/workbooks/* | |
| Microsoft.Insights/workbooktemplates/* | |
| Microsoft.Insights/privateLinkScopes/* | |
| Microsoft.Insights/privateLinkScopeOperationStatuses/* | |
| Microsoft.OperationalInsights/workspaces/write | 從現有的工作區提供客戶標識符,以建立新的工作區或現有工作區的連結。 |
| Microsoft.OperationalInsights/workspaces/intelligencepacks/* | 讀取/寫入/刪除記錄分析解決方案套件。 |
| Microsoft.OperationalInsights/workspaces/savedSearches/* | 讀取/寫入/刪除記錄分析已儲存的搜尋。 |
| Microsoft.OperationalInsights/workspaces/search/action | 執行搜尋查詢 |
| Microsoft.OperationalInsights/workspaces/sharedKeys/action | 擷取工作區的共用金鑰。 這些密鑰可用來將 Microsoft Operational Insights 代理程式連線到工作區。 |
| Microsoft.OperationalInsights/workspaces/storageinsightconfigs/* | 讀取/寫入/刪除記錄分析記憶體深入解析組態。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| Microsoft.AlertsManagement/smartDetectorAlertRules/* | |
| Microsoft.AlertsManagement/actionRules/* | |
| Microsoft.AlertsManagement/smartGroups/* | |
| Microsoft.AlertsManagement/migrateFromSmartDetection/* | |
| Microsoft.AlertsManagement/investigations/* | |
| Microsoft.Monitor/investigations/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read all monitoring data and update monitoring settings.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"name": "749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.AlertsManagement/alerts/*",
"Microsoft.AlertsManagement/alertsSummary/*",
"Microsoft.Insights/actiongroups/*",
"Microsoft.Insights/activityLogAlerts/*",
"Microsoft.Insights/AlertRules/*",
"Microsoft.Insights/components/*",
"Microsoft.Insights/createNotifications/*",
"Microsoft.Insights/dataCollectionEndpoints/*",
"Microsoft.Insights/dataCollectionRules/*",
"Microsoft.Insights/dataCollectionRuleAssociations/*",
"Microsoft.Insights/DiagnosticSettings/*",
"Microsoft.Insights/eventtypes/*",
"Microsoft.Insights/LogDefinitions/*",
"Microsoft.Insights/metricalerts/*",
"Microsoft.Insights/MetricDefinitions/*",
"Microsoft.Insights/Metrics/*",
"Microsoft.Insights/notificationStatus/*",
"Microsoft.Insights/Register/Action",
"Microsoft.Insights/scheduledqueryrules/*",
"Microsoft.Insights/webtests/*",
"Microsoft.Insights/workbooks/*",
"Microsoft.Insights/workbooktemplates/*",
"Microsoft.Insights/privateLinkScopes/*",
"Microsoft.Insights/privateLinkScopeOperationStatuses/*",
"Microsoft.OperationalInsights/workspaces/write",
"Microsoft.OperationalInsights/workspaces/intelligencepacks/*",
"Microsoft.OperationalInsights/workspaces/savedSearches/*",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.OperationalInsights/workspaces/sharedKeys/action",
"Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*",
"Microsoft.Support/*",
"Microsoft.AlertsManagement/smartDetectorAlertRules/*",
"Microsoft.AlertsManagement/actionRules/*",
"Microsoft.AlertsManagement/smartGroups/*",
"Microsoft.AlertsManagement/migrateFromSmartDetection/*",
"Microsoft.AlertsManagement/investigations/*",
"Microsoft.Monitor/investigations/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Monitoring Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
監視計量發行者
可讓您對 Azure 資源發佈計量
| 動作 | 描述 |
|---|---|
| Microsoft.Insights/Register/Action | 註冊 Microsoft Insights 提供者 |
| Microsoft.Support/* | 建立及更新支援票證 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Insights/Metrics/Write | 寫入計量 |
| Microsoft.Insights/Telemetry/Write | 寫入遙測 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Enables publishing metrics against Azure resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb",
"name": "3913510d-42f4-4e42-8a64-420c390055eb",
"permissions": [
{
"actions": [
"Microsoft.Insights/Register/Action",
"Microsoft.Support/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Insights/Metrics/Write",
"Microsoft.Insights/Telemetry/Write"
],
"notDataActions": []
}
],
"roleName": "Monitoring Metrics Publisher",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
監視讀取器
可以讀取所有監視數據(計量、記錄等)。 另 請參閱開始使用 Azure 監視器的角色、許可權和安全性。
| 動作 | 描述 |
|---|---|
| */read | 讀取除了秘密以外的所有類型的資源。 |
| Microsoft.OperationalInsights/workspaces/search/action | 執行搜尋查詢 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read all monitoring data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05",
"name": "43d0d8ad-25c7-4714-9337-8ba259a9fe05",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Monitoring Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
活頁簿參與者
可以儲存共用活頁簿。
| 動作 | 描述 |
|---|---|
| Microsoft.Insights/workbooks/write | 建立或更新活頁簿 |
| Microsoft.Insights/workbooks/delete | 刪除活頁簿 |
| Microsoft.Insights/workbooks/read | 讀取活頁簿 |
| Microsoft.Insights/workbooks/revisions/read | 取得活頁簿修訂 |
| Microsoft.Insights/workbooktemplates/write | 建立或更新活頁簿範本 |
| Microsoft.Insights/workbooktemplates/delete | 刪除活頁簿範本 |
| Microsoft.Insights/workbooktemplates/read | 讀取活頁簿範本 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can save shared workbooks.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad",
"name": "e8ddcd69-c73f-4f9f-9844-4100522f16ad",
"permissions": [
{
"actions": [
"Microsoft.Insights/workbooks/write",
"Microsoft.Insights/workbooks/delete",
"Microsoft.Insights/workbooks/read",
"Microsoft.Insights/workbooks/revisions/read",
"Microsoft.Insights/workbooktemplates/write",
"Microsoft.Insights/workbooktemplates/delete",
"Microsoft.Insights/workbooktemplates/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Workbook Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
活頁簿讀取器
可以讀取活頁簿。
| 動作 | 描述 |
|---|---|
| microsoft.insights/workbooks/read | 讀取活頁簿 |
| microsoft.insights/workbooks/revisions/read | 取得活頁簿修訂 |
| microsoft.insights/workbooktemplates/read | 讀取活頁簿範本 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read workbooks.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d",
"name": "b279062a-9be3-42a0-92ae-8b3cf002ec4d",
"permissions": [
{
"actions": [
"microsoft.insights/workbooks/read",
"microsoft.insights/workbooks/revisions/read",
"microsoft.insights/workbooktemplates/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Workbook Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}