適用於DevOps的 Azure 內建角色
本文列出DevOps類別中的 Azure 內建角色。
部署環境讀者
提供環境資源的讀取許可權。
| 動作 | 描述 |
|---|---|
| Microsoft.DevCenter/projects/read | 取得特定專案。 |
| Microsoft.DevCenter/projects/*/read | |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| NotActions | |
| Microsoft.DevCenter/projects/pools/read | 取得計算機集區 |
| Microsoft.DevCenter/projects/pools/schedules/read | 取得排程資源。 |
| DataActions | |
| Microsoft.DevCenter/projects/users/environments/adminRead/action | 可讓專案管理員讀取專案中的所有環境。 |
| Microsoft.DevCenter/projects/users/environments/adminActionRead/action | 允許系統管理員讀取環境動作。 |
| Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action | 允許系統管理員從環境部署讀取輸出值。 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Provides read access to environment resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/eb960402-bf75-4cc3-8d68-35b34f960f72",
"name": "eb960402-bf75-4cc3-8d68-35b34f960f72",
"permissions": [
{
"actions": [
"Microsoft.DevCenter/projects/read",
"Microsoft.DevCenter/projects/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [
"Microsoft.DevCenter/projects/pools/read",
"Microsoft.DevCenter/projects/pools/schedules/read"
],
"dataActions": [
"Microsoft.DevCenter/projects/users/environments/adminRead/action",
"Microsoft.DevCenter/projects/users/environments/adminActionRead/action",
"Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action"
],
"notDataActions": []
}
],
"roleName": "Deployment Environments Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
部署環境使用者
提供管理環境資源的存取權。
| 動作 | 描述 |
|---|---|
| Microsoft.DevCenter/projects/read | 取得特定專案。 |
| Microsoft.DevCenter/projects/*/read | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| NotActions | |
| Microsoft.DevCenter/projects/pools/read | 取得計算機集區 |
| Microsoft.DevCenter/projects/pools/schedules/read | 取得排程資源。 |
| DataActions | |
| Microsoft.DevCenter/projects/users/environments/userRead/action | 允許使用者讀取他們在專案中可存取的環境。 |
| Microsoft.DevCenter/projects/users/environments/userWrite/action | 允許使用者在專案中寫入他們可存取的環境。 |
| Microsoft.DevCenter/projects/users/environments/userDelete/action | 允許使用者刪除他們在專案中可存取的環境。 |
| Microsoft.DevCenter/projects/users/environments/userActionManage/action | 允許使用者略過、延遲等環境動作。 |
| Microsoft.DevCenter/projects/users/environments/userOutputsRead/action | 允許使用者從環境部署讀取輸出值。 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Provides access to manage environment resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/18e40d4e-8d2e-438d-97e1-9528336e149c",
"name": "18e40d4e-8d2e-438d-97e1-9528336e149c",
"permissions": [
{
"actions": [
"Microsoft.DevCenter/projects/read",
"Microsoft.DevCenter/projects/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Authorization/*/read"
],
"notActions": [
"Microsoft.DevCenter/projects/pools/read",
"Microsoft.DevCenter/projects/pools/schedules/read"
],
"dataActions": [
"Microsoft.DevCenter/projects/users/environments/userRead/action",
"Microsoft.DevCenter/projects/users/environments/userWrite/action",
"Microsoft.DevCenter/projects/users/environments/userDelete/action",
"Microsoft.DevCenter/projects/users/environments/userActionManage/action",
"Microsoft.DevCenter/projects/users/environments/userOutputsRead/action"
],
"notDataActions": []
}
],
"roleName": "Deployment Environments User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DevCenter Dev Box 使用者
提供建立和管理開發方塊的存取權。
| 動作 | 描述 |
|---|---|
| Microsoft.DevCenter/projects/read | 取得特定專案。 |
| Microsoft.DevCenter/projects/*/read | |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.DevCenter/projects/users/devboxes/userStop/action | 允許使用者停止自己的開發箱資源。 |
| Microsoft.DevCenter/projects/users/devboxes/userStart/action | 允許用戶啟動自己的開發箱資源。 |
| Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action | 允許使用者取得自己的開發箱資源的 RDP 連線資訊。 |
| Microsoft.DevCenter/projects/users/devboxes/userRead/action | 允許使用者讀取自己的開發箱資源。 |
| Microsoft.DevCenter/projects/users/devboxes/userWrite/action | 允許使用者建立及更新自己的開發箱資源。 |
| Microsoft.DevCenter/projects/users/devboxes/userDelete/action | 允許使用者刪除自己的開發箱資源。 |
| Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionRead/action | 允許使用者讀取即將執行的動作。 |
| Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionManage/action | 允許使用者略過或延遲即將到來的動作。 |
| Microsoft.DevCenter/projects/users/devboxes/userActionRead/action | 允許使用者讀取開發方塊動作。 |
| Microsoft.DevCenter/projects/users/devboxes/userActionManage/action | 允許使用者略過或延遲開發方塊動作。 |
| Microsoft.DevCenter/projects/users/devboxes/userCustomize/action | 允許使用者自定義自己的開發箱資源。 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Provides access to create and manage dev boxes.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/45d50f46-0b78-4001-a660-4198cbe8cd05",
"name": "45d50f46-0b78-4001-a660-4198cbe8cd05",
"permissions": [
{
"actions": [
"Microsoft.DevCenter/projects/read",
"Microsoft.DevCenter/projects/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.DevCenter/projects/users/devboxes/userStop/action",
"Microsoft.DevCenter/projects/users/devboxes/userStart/action",
"Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action",
"Microsoft.DevCenter/projects/users/devboxes/userRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userWrite/action",
"Microsoft.DevCenter/projects/users/devboxes/userDelete/action",
"Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionManage/action",
"Microsoft.DevCenter/projects/users/devboxes/userActionRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userActionManage/action",
"Microsoft.DevCenter/projects/users/devboxes/userCustomize/action"
],
"notDataActions": []
}
],
"roleName": "DevCenter Dev Box User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DevCenter 專案管理員
提供管理項目資源的存取權。
| 動作 | 描述 |
|---|---|
| Microsoft.DevCenter/projects/* | |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| NotActions | |
| Microsoft.DevCenter/projects/write | 部分更新專案。 |
| Microsoft.DevCenter/projects/delete | 刪除項目資源。 |
| DataActions | |
| Microsoft.DevCenter/projects/users/devboxes/adminStart/action | 允許用戶啟動任何 Dev Box 資源。 |
| Microsoft.DevCenter/projects/users/devboxes/adminStop/action | 允許使用者停止任何 Dev Box 資源。 |
| Microsoft.DevCenter/projects/users/devboxes/adminRead/action | 允許使用者讀取任何 Dev Box 資源的存取權。 |
| Microsoft.DevCenter/projects/users/devboxes/adminWrite/action | 允許使用者寫入任何 Dev Box 資源的存取權。 |
| Microsoft.DevCenter/projects/users/devboxes/adminDelete/action | 允許使用者刪除任何 Dev Box 資源。 |
| Microsoft.DevCenter/projects/users/devboxes/userStop/action | 允許使用者停止自己的開發箱資源。 |
| Microsoft.DevCenter/projects/users/devboxes/userStart/action | 允許用戶啟動自己的開發箱資源。 |
| Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action | 允許使用者取得自己的開發箱資源的 RDP 連線資訊。 |
| Microsoft.DevCenter/projects/users/devboxes/userRead/action | 允許使用者讀取自己的開發箱資源。 |
| Microsoft.DevCenter/projects/users/devboxes/userWrite/action | 允許使用者建立及更新自己的開發箱資源。 |
| Microsoft.DevCenter/projects/users/devboxes/userDelete/action | 允許使用者刪除自己的開發箱資源。 |
| Microsoft.DevCenter/projects/users/devboxes/userActionRead/action | 允許使用者讀取開發方塊動作。 |
| Microsoft.DevCenter/projects/users/devboxes/userActionManage/action | 允許使用者略過或延遲開發方塊動作。 |
| Microsoft.DevCenter/projects/users/devboxes/userCustomize/action | 允許使用者自定義自己的開發箱資源。 |
| Microsoft.DevCenter/projects/users/environments/adminRead/action | 可讓專案管理員讀取專案中的所有環境。 |
| Microsoft.DevCenter/projects/users/environments/userWrite/action | 允許使用者在專案中寫入他們可存取的環境。 |
| Microsoft.DevCenter/projects/users/environments/adminWrite/action | 可讓專案管理員在專案中寫入所有環境。 |
| Microsoft.DevCenter/projects/users/environments/userDelete/action | 允許使用者刪除他們在專案中可存取的環境。 |
| Microsoft.DevCenter/projects/users/environments/adminDelete/action | 允許專案管理員刪除專案中的所有環境。 |
| Microsoft.DevCenter/projects/users/environments/adminAction/action | 可讓專案管理員對專案中的所有環境執行動作。 |
| Microsoft.DevCenter/projects/users/environments/adminActionRead/action | 允許系統管理員讀取環境動作。 |
| Microsoft.DevCenter/projects/users/environments/adminActionManage/action | 允許系統管理員略過、延遲等環境動作。 |
| Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action | 允許系統管理員從環境部署讀取輸出值。 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Provides access to manage project resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/331c37c6-af14-46d9-b9f4-e1909e1b95a0",
"name": "331c37c6-af14-46d9-b9f4-e1909e1b95a0",
"permissions": [
{
"actions": [
"Microsoft.DevCenter/projects/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [
"Microsoft.DevCenter/projects/write",
"Microsoft.DevCenter/projects/delete"
],
"dataActions": [
"Microsoft.DevCenter/projects/users/devboxes/adminStart/action",
"Microsoft.DevCenter/projects/users/devboxes/adminStop/action",
"Microsoft.DevCenter/projects/users/devboxes/adminRead/action",
"Microsoft.DevCenter/projects/users/devboxes/adminWrite/action",
"Microsoft.DevCenter/projects/users/devboxes/adminDelete/action",
"Microsoft.DevCenter/projects/users/devboxes/userStop/action",
"Microsoft.DevCenter/projects/users/devboxes/userStart/action",
"Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action",
"Microsoft.DevCenter/projects/users/devboxes/userRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userWrite/action",
"Microsoft.DevCenter/projects/users/devboxes/userDelete/action",
"Microsoft.DevCenter/projects/users/devboxes/userActionRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userActionManage/action",
"Microsoft.DevCenter/projects/users/devboxes/userCustomize/action",
"Microsoft.DevCenter/projects/users/environments/adminRead/action",
"Microsoft.DevCenter/projects/users/environments/userWrite/action",
"Microsoft.DevCenter/projects/users/environments/adminWrite/action",
"Microsoft.DevCenter/projects/users/environments/userDelete/action",
"Microsoft.DevCenter/projects/users/environments/adminDelete/action",
"Microsoft.DevCenter/projects/users/environments/adminAction/action",
"Microsoft.DevCenter/projects/users/environments/adminActionRead/action",
"Microsoft.DevCenter/projects/users/environments/adminActionManage/action",
"Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action"
],
"notDataActions": []
}
],
"roleName": "DevCenter Project Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DevTest Labs 使用者
可讓您在 Azure DevTest Labs 中連線、啟動、重新啟動和關閉虛擬機。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Compute/availabilitySets/read | 取得可用性設定組的屬性 |
| Microsoft.Compute/virtualMachines/*/read | 讀取虛擬機器的屬性(VM 大小、執行時間狀態、VM 擴充功能等) |
| Microsoft.Compute/virtualMachines/deallocate/action | 關閉虛擬機並釋放計算資源 |
| Microsoft.Compute/virtualMachines/read | 取得虛擬機器的屬性 |
| Microsoft.Compute/virtualMachines/restart/action | 重新啟動虛擬機 |
| Microsoft.Compute/virtualMachines/start/action | 啟動虛擬機器 |
| Microsoft.DevTestLab/*/read | 讀取實驗室的屬性 |
| Microsoft.DevTestLab/labs/claimAnyVm/action | 在實驗室中宣告隨機可宣告的虛擬機。 |
| Microsoft.DevTestLab/labs/createEnvironment/action | 在實驗室中建立虛擬機。 |
| Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action | 請確定目前的用戶在實驗室中具有有效的配置檔。 |
| Microsoft.DevTestLab/labs/formulas/delete | 刪除公式。 |
| Microsoft.DevTestLab/labs/formulas/read | 讀取公式。 |
| Microsoft.DevTestLab/labs/formulas/write | 新增或修改公式。 |
| Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action | 評估實驗室原則。 |
| Microsoft.DevTestLab/labs/virtualMachines/claim/action | 取得現有虛擬機的擁有權 |
| Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action | 列出適用的啟動/停止排程,如果有的話。 |
| Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action | 取得字串,表示虛擬機之 RDP 檔案的內容 |
| Microsoft.Network/loadBalancers/backendAddressPools/join/action | 加入負載平衡器後端位址池。 不可警示。 |
| Microsoft.Network/loadBalancers/inboundNatRules/join/action | 聯結負載平衡器輸入 nat 規則。 不可警示。 |
| Microsoft.Network/networkInterfaces/*/read | 讀取網路介面的屬性(例如,網路介面所屬的所有負載平衡器) |
| Microsoft.Network/networkInterfaces/join/action | 將虛擬機加入網路介面。 不可警示。 |
| Microsoft.Network/networkInterfaces/read | 取得網路介面定義。 |
| Microsoft.Network/networkInterfaces/write | 建立網路介面或更新現有的網路介面。 |
| Microsoft.Network/publicIPAddresses/*/read | 讀取公用IP位址的屬性 |
| Microsoft.Network/publicIPAddresses/join/action | 加入公用IP位址。 不可警示。 |
| Microsoft.Network/publicIPAddresses/read | 取得公用 IP 位址定義。 |
| Microsoft.Network/virtualNetworks/subnets/join/action | 加入虛擬網路。 不可警示。 |
| Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
| Microsoft.Resources/deployments/read | 取得或列出部署。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Storage/storageAccounts/listKeys/action | 傳回指定儲存體帳戶的存取金鑰。 |
| NotActions | |
| Microsoft.Compute/virtualMachines/vmSizes/read | 列出虛擬機可更新為的可用大小 |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64",
"name": "76283e04-6283-4c54-8f91-bcf1374a3c64",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.Compute/virtualMachines/deallocate/action",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/restart/action",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.DevTestLab/*/read",
"Microsoft.DevTestLab/labs/claimAnyVm/action",
"Microsoft.DevTestLab/labs/createEnvironment/action",
"Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action",
"Microsoft.DevTestLab/labs/formulas/delete",
"Microsoft.DevTestLab/labs/formulas/read",
"Microsoft.DevTestLab/labs/formulas/write",
"Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action",
"Microsoft.DevTestLab/labs/virtualMachines/claim/action",
"Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action",
"Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/networkInterfaces/*/read",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/publicIPAddresses/*/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/listKeys/action"
],
"notActions": [
"Microsoft.Compute/virtualMachines/vmSizes/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DevTest Labs User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
實驗室小幫手
可讓您檢視現有的實驗室、在實驗室 VM 上執行動作,並將邀請傳送至實驗室。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.LabServices/labPlans/images/read | 取得影像的屬性。 |
| Microsoft.LabServices/labPlans/read | 取得實驗室計劃的屬性。 |
| Microsoft.LabServices/labs/read | 取得實驗室的屬性。 |
| Microsoft.LabServices/labs/schedules/read | 取得排程的屬性。 |
| Microsoft.LabServices/labs/users/read | 取得用戶的屬性。 |
| Microsoft.LabServices/labs/users/invite/action | 傳送電子郵件邀請給使用者以加入實驗室。 |
| Microsoft.LabServices/labs/virtualMachines/read | 取得虛擬機的屬性。 |
| Microsoft.LabServices/labs/virtualMachines/start/action | 啟動虛擬機。 |
| Microsoft.LabServices/labs/virtualMachines/stop/action | 停止並解除分配虛擬機。 |
| Microsoft.LabServices/labs/virtualMachines/reimage/action | 將虛擬機重新映像到最後一個已發佈的映像。 |
| Microsoft.LabServices/labs/virtualMachines/deploy/action | 將虛擬機重新部署至不同的計算節點。 |
| Microsoft.LabServices/locations/usages/read | 取得位置中的使用量 |
| Microsoft.LabServices/skus/read | 取得實驗室服務 SKU 的屬性。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "The lab assistant role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ce40b423-cede-4313-a93f-9b28290b72e1",
"name": "ce40b423-cede-4313-a93f-9b28290b72e1",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/users/invite/action",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/labs/virtualMachines/start/action",
"Microsoft.LabServices/labs/virtualMachines/stop/action",
"Microsoft.LabServices/labs/virtualMachines/reimage/action",
"Microsoft.LabServices/labs/virtualMachines/redeploy/action",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Lab Assistant",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
實驗室參與者
在實驗室層級套用,可讓您管理實驗室。 套用至資源群組,可讓您建立和管理實驗室。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.LabServices/labPlans/images/read | 取得影像的屬性。 |
| Microsoft.LabServices/labPlans/read | 取得實驗室計劃的屬性。 |
| Microsoft.LabServices/labPlans/saveImage/action | 從連結至實驗室計劃的資源庫中的虛擬機建立映像。 |
| Microsoft.LabServices/labs/read | 取得實驗室的屬性。 |
| Microsoft.LabServices/labs/write | 建立新的或更新現有的實驗室。 |
| Microsoft.LabServices/labs/delete | 刪除實驗室及其所有使用者、排程和虛擬機。 |
| Microsoft.LabServices/labs/publish/action | 藉由將範本虛擬機的映射傳播至實驗室中的所有虛擬機,以發佈實驗室。 |
| Microsoft.LabServices/labs/syncGroup/action | 從指派給實驗室的 Active Directory 群組更新使用者清單。 |
| Microsoft.LabServices/labs/schedules/read | 取得排程的屬性。 |
| Microsoft.LabServices/labs/schedules/write | 建立新的或更新現有的排程。 |
| Microsoft.LabServices/labs/schedules/delete | 刪除排程。 |
| Microsoft.LabServices/labs/users/read | 取得用戶的屬性。 |
| Microsoft.LabServices/labs/users/write | 建立新的或更新現有的使用者。 |
| Microsoft.LabServices/labs/users/delete | 刪除使用者。 |
| Microsoft.LabServices/labs/users/invite/action | 傳送電子郵件邀請給使用者以加入實驗室。 |
| Microsoft.LabServices/labs/virtualMachines/read | 取得虛擬機的屬性。 |
| Microsoft.LabServices/labs/virtualMachines/start/action | 啟動虛擬機。 |
| Microsoft.LabServices/labs/virtualMachines/stop/action | 停止並解除分配虛擬機。 |
| Microsoft.LabServices/labs/virtualMachines/reimage/action | 將虛擬機重新映像到最後一個已發佈的映像。 |
| Microsoft.LabServices/labs/virtualMachines/deploy/action | 將虛擬機重新部署至不同的計算節點。 |
| Microsoft.LabServices/labs/virtualMachines/resetPassword/action | 重設虛擬機上的本機用戶密碼。 |
| Microsoft.LabServices/locations/usages/read | 取得位置中的使用量 |
| Microsoft.LabServices/skus/read | 取得實驗室服務 SKU 的屬性。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.LabServices/labPlans/createLab/action | 從實驗室計劃建立新的實驗室。 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "The lab contributor role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5daaa2af-1fe8-407c-9122-bba179798270",
"name": "5daaa2af-1fe8-407c-9122-bba179798270",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labPlans/saveImage/action",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/write",
"Microsoft.LabServices/labs/delete",
"Microsoft.LabServices/labs/publish/action",
"Microsoft.LabServices/labs/syncGroup/action",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/schedules/write",
"Microsoft.LabServices/labs/schedules/delete",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/users/write",
"Microsoft.LabServices/labs/users/delete",
"Microsoft.LabServices/labs/users/invite/action",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/labs/virtualMachines/start/action",
"Microsoft.LabServices/labs/virtualMachines/stop/action",
"Microsoft.LabServices/labs/virtualMachines/reimage/action",
"Microsoft.LabServices/labs/virtualMachines/redeploy/action",
"Microsoft.LabServices/labs/virtualMachines/resetPassword/action",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.LabServices/labPlans/createLab/action"
],
"notDataActions": []
}
],
"roleName": "Lab Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
實驗室建立者
可讓您在 Azure 實驗室帳戶下建立新的實驗室。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.LabServices/labAccounts/*/read | |
| Microsoft.LabServices/labAccounts/createLab/action | 在實驗室帳戶中建立實驗室。 |
| Microsoft.LabServices/labAccounts/getPricingAndAvailability/action | 取得實驗室帳戶大小、地理位置和操作系統組合的定價和可用性。 |
| Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action | 取得此訂用帳戶的核心限制和使用量 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.LabServices/labPlans/images/read | 取得影像的屬性。 |
| Microsoft.LabServices/labPlans/read | 取得實驗室計劃的屬性。 |
| Microsoft.LabServices/labPlans/saveImage/action | 從連結至實驗室計劃的資源庫中的虛擬機建立映像。 |
| Microsoft.LabServices/labs/read | 取得實驗室的屬性。 |
| Microsoft.LabServices/labs/schedules/read | 取得排程的屬性。 |
| Microsoft.LabServices/labs/users/read | 取得用戶的屬性。 |
| Microsoft.LabServices/labs/virtualMachines/read | 取得虛擬機的屬性。 |
| Microsoft.LabServices/locations/usages/read | 取得位置中的使用量 |
| Microsoft.LabServices/skus/read | 取得實驗室服務 SKU 的屬性。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.LabServices/labPlans/createLab/action | 從實驗室計劃建立新的實驗室。 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you create new labs under your Azure Lab Accounts.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
"name": "b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.LabServices/labAccounts/*/read",
"Microsoft.LabServices/labAccounts/createLab/action",
"Microsoft.LabServices/labAccounts/getPricingAndAvailability/action",
"Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labPlans/saveImage/action",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [
"Microsoft.LabServices/labPlans/createLab/action"
],
"notDataActions": []
}
],
"roleName": "Lab Creator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
實驗室操作員
讓您能夠管理現有的實驗室。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.LabServices/labPlans/images/read | 取得影像的屬性。 |
| Microsoft.LabServices/labPlans/read | 取得實驗室計劃的屬性。 |
| Microsoft.LabServices/labPlans/saveImage/action | 從連結至實驗室計劃的資源庫中的虛擬機建立映像。 |
| Microsoft.LabServices/labs/publish/action | 藉由將範本虛擬機的映射傳播至實驗室中的所有虛擬機,以發佈實驗室。 |
| Microsoft.LabServices/labs/read | 取得實驗室的屬性。 |
| Microsoft.LabServices/labs/schedules/read | 取得排程的屬性。 |
| Microsoft.LabServices/labs/schedules/write | 建立新的或更新現有的排程。 |
| Microsoft.LabServices/labs/schedules/delete | 刪除排程。 |
| Microsoft.LabServices/labs/users/read | 取得用戶的屬性。 |
| Microsoft.LabServices/labs/users/write | 建立新的或更新現有的使用者。 |
| Microsoft.LabServices/labs/users/delete | 刪除使用者。 |
| Microsoft.LabServices/labs/users/invite/action | 傳送電子郵件邀請給使用者以加入實驗室。 |
| Microsoft.LabServices/labs/virtualMachines/read | 取得虛擬機的屬性。 |
| Microsoft.LabServices/labs/virtualMachines/start/action | 啟動虛擬機。 |
| Microsoft.LabServices/labs/virtualMachines/stop/action | 停止並解除分配虛擬機。 |
| Microsoft.LabServices/labs/virtualMachines/reimage/action | 將虛擬機重新映像到最後一個已發佈的映像。 |
| Microsoft.LabServices/labs/virtualMachines/deploy/action | 將虛擬機重新部署至不同的計算節點。 |
| Microsoft.LabServices/labs/virtualMachines/resetPassword/action | 重設虛擬機上的本機用戶密碼。 |
| Microsoft.LabServices/locations/usages/read | 取得位置中的使用量 |
| Microsoft.LabServices/skus/read | 取得實驗室服務 SKU 的屬性。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "The lab operator role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a36e6959-b6be-4b12-8e9f-ef4b474d304d",
"name": "a36e6959-b6be-4b12-8e9f-ef4b474d304d",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labPlans/saveImage/action",
"Microsoft.LabServices/labs/publish/action",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/schedules/write",
"Microsoft.LabServices/labs/schedules/delete",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/users/write",
"Microsoft.LabServices/labs/users/delete",
"Microsoft.LabServices/labs/users/invite/action",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/labs/virtualMachines/start/action",
"Microsoft.LabServices/labs/virtualMachines/stop/action",
"Microsoft.LabServices/labs/virtualMachines/reimage/action",
"Microsoft.LabServices/labs/virtualMachines/redeploy/action",
"Microsoft.LabServices/labs/virtualMachines/resetPassword/action",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Lab Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
實驗室服務參與者
可讓您完全控制資源群組中的所有實驗室服務案例。
| 動作 | 描述 |
|---|---|
| Microsoft.LabServices/* | 建立和管理實驗室服務元件 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.LabServices/labPlans/createLab/action | 從實驗室計劃建立新的實驗室。 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "The lab services contributor role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f69b8690-cc87-41d6-b77a-a4bc3c0a966f",
"name": "f69b8690-cc87-41d6-b77a-a4bc3c0a966f",
"permissions": [
{
"actions": [
"Microsoft.LabServices/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.LabServices/labPlans/createLab/action"
],
"notDataActions": []
}
],
"roleName": "Lab Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
實驗室服務讀取者
可讓您檢視但未變更的所有實驗室計劃和實驗室資源。
| 動作 | 描述 |
|---|---|
| Microsoft.LabServices/*/read | 讀取實驗室服務屬性 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "The lab services reader role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc",
"name": "2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc",
"permissions": [
{
"actions": [
"Microsoft.LabServices/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Lab Services Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
負載測試參與者
檢視、建立、更新、刪除和執行負載測試。 檢視和列出負載測試資源,但無法進行任何變更。
| 動作 | 描述 |
|---|---|
| Microsoft.LoadTestService/*/read | 讀取負載測試資源 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.LoadTestService/loadtests/* | 建立和管理負載測試 |
| Microsoft.LoadTestService/testProfiles/* | |
| Microsoft.LoadTestService/testProfileRuns/* | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "View, create, update, delete and execute load tests. View and list load test resources but can not make any changes.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/749a398d-560b-491b-bb21-08924219302e",
"name": "749a398d-560b-491b-bb21-08924219302e",
"permissions": [
{
"actions": [
"Microsoft.LoadTestService/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.LoadTestService/loadtests/*",
"Microsoft.LoadTestService/testProfiles/*",
"Microsoft.LoadTestService/testProfileRuns/*"
],
"notDataActions": []
}
],
"roleName": "Load Test Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
負載測試擁有者
在負載測試資源和負載測試上執行所有作業
| 動作 | 描述 |
|---|---|
| Microsoft.LoadTestService/* | 建立和管理負載測試資源 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.LoadTestService/* | 建立和管理負載測試資源 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Execute all operations on load test resources and load tests",
"id": "/providers/Microsoft.Authorization/roleDefinitions/45bb0b16-2f0c-4e78-afaa-a07599b003f6",
"name": "45bb0b16-2f0c-4e78-afaa-a07599b003f6",
"permissions": [
{
"actions": [
"Microsoft.LoadTestService/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.LoadTestService/*"
],
"notDataActions": []
}
],
"roleName": "Load Test Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
負載測試讀取者
檢視及列出所有負載測試和負載測試資源,但無法進行任何變更
| 動作 | 描述 |
|---|---|
| Microsoft.LoadTestService/*/read | 讀取負載測試資源 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.LoadTestService/loadtests/readTest/action | 讀取負載測試 |
| Microsoft.LoadTestService/testProfiles/read | 讀取測試配置檔 |
| Microsoft.LoadTestService/testProfileRuns/read | 讀取測試配置檔執行 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "View and list all load tests and load test resources but can not make any changes",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3ae3fb29-0000-4ccd-bf80-542e7b26e081",
"name": "3ae3fb29-0000-4ccd-bf80-542e7b26e081",
"permissions": [
{
"actions": [
"Microsoft.LoadTestService/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.LoadTestService/loadtests/readTest/action",
"Microsoft.LoadTestService/testProfiles/read",
"Microsoft.LoadTestService/testProfileRuns/read"
],
"notDataActions": []
}
],
"roleName": "Load Test Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}