你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Azure 常规权限
本文列出了“常规”类别中 Azure 资源提供程序的权限。 可以在自己的 Azure 自定义角色中使用这些权限,以针对 Azure 中的资源提供精细的访问控制。 权限字符串具有以下格式:{Company}.{ProviderName}/{resourceType}/{action}
Microsoft.Addons
Azure 服务:核心
| 操作 | 说明 |
|---|---|
| Microsoft.Addons/register/action | 向 Microsoft.Addons 注册指定的订阅 |
| Microsoft.Addons/operations/read | 获取受支持的 RP 操作。 |
| Microsoft.Addons/supportProviders/listsupportplaninfo/action | 列出指定的订阅的当前支持计划信息。 |
| Microsoft.Addons/supportProviders/supportPlanTypes/read | 获取指定的 Canonical 支持计划状态。 |
| Microsoft.Addons/supportProviders/supportPlanTypes/write | 添加指定的 Canonical 支持计划类型。 |
| Microsoft.Addons/supportProviders/supportPlanTypes/delete | 删除指定的 Canonical 支持计划 |
Microsoft.Capacity
Azure 服务:核心
| 操作 | 说明 |
|---|---|
| Microsoft.Capacity/calculateprice/action | 计算任何预留价格 |
| Microsoft.Capacity/checkoffers/action | 检查任何订阅套餐 |
| Microsoft.Capacity/checkscopes/action | 检查任何订阅 |
| Microsoft.Capacity/validatereservationorder/action | 验证任何预留 |
| Microsoft.Capacity/reservationorders/action | 更新任何预订 |
| Microsoft.Capacity/register/action | 注册容量资源提供程序,并启用容量资源的创建。 |
| Microsoft.Capacity/unregister/action | 取消注册任何租户 |
| Microsoft.Capacity/calculateexchange/action | 计算新购买项目的交换金额和价格,并返回策略错误。 |
| Microsoft.Capacity/exchange/action | 交换任何预留 |
| Microsoft.Capacity/listSkus/action | 在采用筛选器的情况下以及无任何限制的情况下列出 SKU |
| Microsoft.Capacity/appliedreservations/read | 读取所有预订 |
| Microsoft.Capacity/catalogs/read | 读取预留目录 |
| Microsoft.Capacity/commercialreservationorders/read | 获取在任何租户中创建的预留订单 |
| Microsoft.Capacity/operations/read | 读取任何操作 |
| Microsoft.Capacity/reservationorders/changedirectory/action | 更改任何预留的目录 |
| Microsoft.Capacity/reservationorders/availablescopes/action | 查找任何可用范围 |
| Microsoft.Capacity/reservationorders/read | 读取所有预订 |
| Microsoft.Capacity/reservationorders/write | 创建任何预订 |
| Microsoft.Capacity/reservationorders/delete | 删除任何预订 |
| Microsoft.Capacity/reservationorders/reservations/action | 更新任何预订 |
| Microsoft.Capacity/reservationorders/return/action | 返回任何预留 |
| Microsoft.Capacity/reservationorders/swap/action | 交换任何预留 |
| Microsoft.Capacity/reservationorders/split/action | 拆分任何预留 |
| Microsoft.Capacity/reservationorders/changeBilling/action | 预留计费更改 |
| Microsoft.Capacity/reservationorders/merge/action | 合并任何预留 |
| Microsoft.Capacity/reservationorders/calculaterefund/action | 计算新购买项目的退款金额和价格,并返回策略错误。 |
| Microsoft.Capacity/reservationorders/changebillingoperationresults/read | 轮询任何预留计费更改操作 |
| Microsoft.Capacity/reservationorders/mergeoperationresults/read | 轮询任何合并操作 |
| Microsoft.Capacity/reservationorders/reservations/availablescopes/action | 查找任何可用范围 |
| Microsoft.Capacity/reservationorders/reservations/read | 读取所有预订 |
| Microsoft.Capacity/reservationorders/reservations/write | 创建任何预订 |
| Microsoft.Capacity/reservationorders/reservations/delete | 删除任何预订 |
| Microsoft.Capacity/reservationorders/reservations/archive/action | 存档处于终端状态(如过期、拆分等)的预留 |
| Microsoft.Capacity/reservationorders/reservations/unarchive/action | 取消存档以前存档的预留 |
| Microsoft.Capacity/reservationorders/reservations/revisions/read | 读取所有预订 |
| Microsoft.Capacity/reservationorders/splitoperationresults/read | 轮询任何拆分操作 |
| Microsoft.Capacity/resourceProviders/locations/serviceLimits/read | 获取指定资源和位置的当前服务限制或配额 |
| Microsoft.Capacity/resourceProviders/locations/serviceLimits/write | 为指定资源和位置创建服务限制或配额 |
| Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read | 获取指定资源和位置的任何服务限制请求 |
| Microsoft.Capacity/tenants/register/action | 注册任何租户 |
Microsoft.Commerce
Azure 服务:核心
| 操作 | 说明 |
|---|---|
| Microsoft.Commerce/register/action | 注册 Microsoft Commerce UsageAggregate 的订阅 |
| Microsoft.Commerce/unregister/action | 取消注册 Microsoft Commerce UsageAggregate 的订阅 |
| Microsoft.Commerce/RateCard/read | 返回给定订阅的套餐数据、资源/计量元数据和费率。 |
| Microsoft.Commerce/UsageAggregates/read | 检索订阅的 Microsoft Azure 消耗量。 结果包含特定时间范围内的聚合用量数据、订阅和资源相关信息。 |
Microsoft.Marketplace
Azure 服务:核心
| 操作 | 说明 |
|---|---|
| Microsoft.Marketplace/register/action | 注册订阅中的 Microsoft.Marketplace 资源提供程序。 |
| Microsoft.Marketplace/privateStores/action | 更新 PrivateStore。 |
| Microsoft.Marketplace/search/action | 返回 Azure 专用存储市场目录产品/服务以及总计数和方面的列表 |
| Microsoft.Marketplace/mysolutions/read | 获取用户解决方案 |
| Microsoft.Marketplace/mysolutions/write | 创建或更新用户解决方案 |
| Microsoft.Marketplace/mysolutions/delete | 移除用户解决方案 |
| Microsoft.Marketplace/offerTypes/publishers/offers/plans/agreements/read | 返回一个协议。 |
| Microsoft.Marketplace/offerTypes/publishers/offers/plans/agreements/write | 接受已签名的协议。 |
| Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/read | 返回配置。 |
| Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/write | 保存配置。 |
| Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/importImage/action | 将映像导入到最终用户的 ACR。 |
| Microsoft.Marketplace/privateStores/write | 创建 PrivateStore。 |
| Microsoft.Marketplace/privateStores/delete | 删除 PrivateStore。 |
| Microsoft.Marketplace/privateStores/offers/action | 更新 PrivateStore 中的套餐。 |
| Microsoft.Marketplace/privateStores/read | 读取 PrivateStores。 |
| Microsoft.Marketplace/privateStores/requestApprovals/action | 更新请求审批 |
| Microsoft.Marketplace/privateStores/fetchAllSubscriptionsInTenant/action | 管理员提取租户中的所有订阅 |
| Microsoft.Marketplace/privateStores/listStopSellOffersPlansNotifications/action | 列出停止销售套餐计划通知 |
| Microsoft.Marketplace/privateStores/listSubscriptionsContext/action | 列出专用存储上下文中的订阅 |
| Microsoft.Marketplace/privateStores/listNewPlansNotifications/action | 列出新计划通知 |
| Microsoft.Marketplace/privateStores/queryUserOffers/action | 从有效负载中的套餐 ID 和用户订阅中提取已批准的产品/服务 |
| Microsoft.Marketplace/privateStores/queryUserRules/action | 提取用户订阅下用户的已批准规则 |
| Microsoft.Marketplace/privateStores/anyExistingOffersInTheStore/action | 如果存在适用于至少一个已启用集合的现有产品/服务,则返回 true |
| Microsoft.Marketplace/privateStores/queryInternalOfferIds/action | 列出给定 Azure 应用程序和计划下的所有内部产品/服务 |
| Microsoft.Marketplace/privateStores/adminRequestApprovals/read | 读取所有请求审批详细信息,仅限管理员 |
| Microsoft.Marketplace/privateStores/adminRequestApprovals/write | 管理员使用对请求做出的决定来更新请求 |
| Microsoft.Marketplace/privateStores/collections/approveAllItems/action | 删除所有特定的已批准项并将集合设置为“allItemsApproved” |
| Microsoft.Marketplace/privateStores/collections/disableApproveAllItems/action | 对于该集合,将“批准所有项”属性设置为“false” |
| Microsoft.Marketplace/privateStores/collections/setRules/action | 在给定集合上设置规则 |
| Microsoft.Marketplace/privateStores/collections/queryRules/action | 在给定集合上获取规则 |
| Microsoft.Marketplace/privateStores/collections/upsertOfferWithMultiContext/action | 通过不同的上下文更新插入某个产品/服务 |
| Microsoft.Marketplace/privateStores/collections/offers/action | 按公共和订阅上下文获取集合套餐 |
| Microsoft.Marketplace/privateStores/offers/write | 在 PrivateStore 中创建套餐。 |
| Microsoft.Marketplace/privateStores/offers/delete | 从 PrivateStore 中删除套餐。 |
| Microsoft.Marketplace/privateStores/offers/read | 读取 PrivateStore 产品/服务。 |
| Microsoft.Marketplace/privateStores/queryNotificationsState/read | 读取通知状态详细信息,仅限管理员 |
| Microsoft.Marketplace/privateStores/requestApprovals/read | 读取请求审批 |
| Microsoft.Marketplace/privateStores/requestApprovals/write | 创建请求审核 |
| Microsoft.Marketplace/privateStores/RequestApprovals/offer/acknowledgeNotification/write | 确认通知,仅限管理员 |
| Microsoft.Marketplace/privateStores/RequestApprovals/withdrawPlan/write | 从产品/服务的通知中撤回计划 |
Microsoft.MarketplaceOrdering
Azure 服务:核心
| 操作 | 说明 |
|---|---|
| Microsoft.MarketplaceOrdering/agreements/read | 返回给定订阅下的所有协议 |
| Microsoft.MarketplaceOrdering/agreements/offers/plans/read | 返回给定市场项的协议 |
| Microsoft.MarketplaceOrdering/agreements/offers/plans/sign/action | 为给定市场项的协议签名 |
| Microsoft.MarketplaceOrdering/agreements/offers/plans/cancel/action | 取消给定市场项的协议 |
| Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/read | 获取给定市场虚拟机项的协议 |
| Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/write | 签订或取消给定市场虚拟机项的协议 |
| Microsoft.MarketplaceOrdering/operations/read | 列出 API 中所有可能的操作 |
Microsoft.Quota
Azure 服务: Azure 配额
| 操作 | 说明 |
|---|---|
| Microsoft.Quota/register/action | 将订阅注册到 Microsoft.Quota 资源提供程序 |
| Microsoft.Quota/groupQuotas/read | 获取 GroupQuota |
| Microsoft.Quota/groupQuotas/write | 创建 GroupQuota 资源 |
| Microsoft.Quota/groupQuotas/groupQuotaLimits/read | 获取指定资源的当前 GroupQuota |
| Microsoft.Quota/groupQuotas/groupQuotaLimits/write | 为指定的资源创建 GroupQuota 请求 |
| Microsoft.Quota/groupQuotas/groupQuotaRequests/read | 获取特定请求的 GroupQuota 请求状态 |
| Microsoft.Quota/groupQuotas/quotaAllocationRequests/read | 获取特定请求的 GroupQuota 到订阅的配额分配请求状态 |
| Microsoft.Quota/groupQuotas/quotaAllocations/read | 获取当前 GroupQuota 到订阅的配额分配 |
| Microsoft.Quota/groupQuotas/quotaAllocations/write | 为指定资源创建 GroupQuota 到订阅的配额限制请求 |
| Microsoft.Quota/groupQuotas/subscriptions/read | 获取 GroupQuota 订阅 |
| Microsoft.Quota/groupQuotas/subscriptions/write | 将订阅添加到 GroupQuota 资源 |
| Microsoft.Quota/operations/read | 获取 Microsoft.Quota 支持的操作 |
| Microsoft.Quota/quotaRequests/read | 获取指定资源的任何服务限制请求 |
| Microsoft.Quota/quotas/read | 获取指定资源的当前服务限制或配额 |
| Microsoft.Quota/quotas/write | 为指定资源创建服务限制或配额请求 |
| Microsoft.Quota/usages/read | 获取资源提供程序的使用情况 |
Microsoft.Subscription
Azure 服务:核心
| 操作 | 说明 |
|---|---|
| Microsoft.Subscription/cancel/action | 取消订阅 |
| Microsoft.Subscription/rename/action | 重命名订阅 |
| Microsoft.Subscription/enable/action | 重新激活订阅 |
| Microsoft.Subscription/aliases/write | 创建订阅别名 |
| Microsoft.Subscription/aliases/read | 获取订阅别名 |
| Microsoft.Subscription/aliases/delete | 删除订阅别名 |
| Microsoft.Subscription/changeTenantRequest/write | 更改订阅的租户请求 |
| Microsoft.Subscription/Policies/write | 创建租户策略 |
| Microsoft.Subscription/Policies/default/read | 获取租户策略 |
| Microsoft.Subscription/subscriptions/acceptOwnership/action | 接受订阅所有权 |
| Microsoft.Subscription/subscriptions/acceptChangeTenant/action | 接受订阅的更改租户请求 |
| Microsoft.Subscription/subscriptions/acceptOwnershipStatus/read | 获取接受订阅所有权的状态 |
| Microsoft.Subscription/subscriptions/changeTenantStatus/read | 更改订阅的租户状态 |
Microsoft.Support
Azure 服务:核心
| 操作 | 说明 |
|---|---|
| Microsoft.Support/register/action | 注册支持资源提供程序 |
| Microsoft.Support/lookUpResourceId/action | 查找资源类型的资源 ID |
| Microsoft.Support/checkNameAvailability/action | 检查名称是否有效且未用于资源类型 |
| Microsoft.Support/operationresults/read | 获取异步操作的结果 |
| Microsoft.Support/operations/read | 列出 Microsoft.Support 资源提供程序上可用的所有操作 |
| Microsoft.Support/operationsstatus/read | 获取异步操作的状态 |
| Microsoft.Support/services/read | 列出一项或所有可用于支持的 Azure 服务 |
| Microsoft.Support/services/problemClassifications/read | 列出 Azure 服务的一个或多个问题分类 |
| Microsoft.Support/supportTickets/read | 列出一个或多个支持票证 |
| Microsoft.Support/supportTickets/write | 允许创建和更新支持票证 |