管理與治理的 Azure 內建角色
本文列出管理與治理類別中的 Azure 內建角色。
自動化參與者
使用 Azure 自動化管理 Azure 自動化資源和其他資源。
| 動作 | 描述 |
|---|---|
| Microsoft.Automation/automationAccounts/* | |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| Microsoft.Insights/ActionGroups/* | |
| Microsoft.Insights/ActivityLogAlerts/* | |
| Microsoft.Insights/MetricAlerts/* | |
| Microsoft.Insights/ScheduledQueryRules/* | |
| Microsoft.Insights/diagnostic 設定/* | 建立、更新或讀取 Analysis Server 的診斷設定 |
| Microsoft.OperationalInsights/workspaces/sharedKeys/action | 擷取工作區的共用金鑰。 這些密鑰可用來將 Microsoft Operational Insights 代理程式連線到工作區。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Manage azure automation resources and other resources using azure automation.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f353d9bd-d4a6-484e-a77a-8050b599b867",
"name": "f353d9bd-d4a6-484e-a77a-8050b599b867",
"permissions": [
{
"actions": [
"Microsoft.Automation/automationAccounts/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/ActionGroups/*",
"Microsoft.Insights/ActivityLogAlerts/*",
"Microsoft.Insights/MetricAlerts/*",
"Microsoft.Insights/ScheduledQueryRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/workspaces/sharedKeys/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
自動化作業操作員
使用自動化 Runbook 建立及管理作業。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read | 讀取混合式 Runbook 背景工作角色群組 |
| Microsoft.Automation/automationAccounts/jobs/read | 取得 Azure 自動化作業 |
| Microsoft.Automation/automationAccounts/jobs/resume/action | 繼續 Azure 自動化 作業 |
| Microsoft.Automation/automationAccounts/jobs/stop/action | 停止 Azure 自動化 作業 |
| Microsoft.Automation/automationAccounts/jobs/streams/read | 取得 Azure 自動化 作業數據流 |
| Microsoft.Automation/automationAccounts/jobs/suspend/action | 暫停 Azure 自動化作業 |
| Microsoft.Automation/automationAccounts/jobs/write | 建立 Azure 自動化 作業 |
| Microsoft.Automation/automationAccounts/jobs/output/read | 取得作業的輸出 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Create and Manage Jobs using Automation Runbooks.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f",
"name": "4fe576fe-1146-4730-92eb-48519fa6bf9f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Job Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
自動化操作員
自動化操作員可啟動、停止、暫止及繼續作業
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read | 讀取混合式 Runbook 背景工作角色群組 |
| Microsoft.Automation/automationAccounts/jobs/read | 取得 Azure 自動化作業 |
| Microsoft.Automation/automationAccounts/jobs/resume/action | 繼續 Azure 自動化 作業 |
| Microsoft.Automation/automationAccounts/jobs/stop/action | 停止 Azure 自動化 作業 |
| Microsoft.Automation/automationAccounts/jobs/streams/read | 取得 Azure 自動化 作業數據流 |
| Microsoft.Automation/automationAccounts/jobs/suspend/action | 暫停 Azure 自動化作業 |
| Microsoft.Automation/automationAccounts/jobs/write | 建立 Azure 自動化 作業 |
| Microsoft.Automation/automationAccounts/jobSchedules/read | 取得 Azure 自動化 作業排程 |
| Microsoft.Automation/automationAccounts/jobSchedules/write | 建立 Azure 自動化 作業排程 |
| Microsoft.Automation/automationAccounts/linkedWorkspace/read | 取得連結至自動化帳戶的工作區 |
| Microsoft.Automation/automationAccounts/read | 取得 Azure 自動化 帳戶 |
| Microsoft.Automation/automationAccounts/runbooks/read | 取得 Azure 自動化 Runbook |
| Microsoft.Automation/automationAccounts/schedules/read | 取得 Azure 自動化 排程資產 |
| Microsoft.Automation/automationAccounts/schedules/write | 建立或更新 Azure 自動化 排程資產 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Automation/automationAccounts/jobs/output/read | 取得作業的輸出 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Automation Operators are able to start, stop, suspend, and resume jobs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404",
"name": "d3881f73-407a-4167-8283-e981cbba0404",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobSchedules/read",
"Microsoft.Automation/automationAccounts/jobSchedules/write",
"Microsoft.Automation/automationAccounts/linkedWorkspace/read",
"Microsoft.Automation/automationAccounts/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Automation/automationAccounts/schedules/read",
"Microsoft.Automation/automationAccounts/schedules/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
自動化 Runbook 操作員
讀取 Runbook 屬性 - 能夠建立 Runbook 的作業。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Automation/automationAccounts/runbooks/read | 取得 Azure 自動化 Runbook |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read Runbook properties - to be able to create Jobs of the runbook.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"name": "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Runbook Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Connected Machine 上線
可以將 Azure Connected Machine 上線。
| 動作 | 描述 |
|---|---|
| Microsoft.HybridCompute/machines/read | 讀取任何 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/write | 寫入 Azure Arc 機器 |
| Microsoft.HybridCompute/privateLinkScopes/read | 讀取任何 Azure Arc privateLinkScopes |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/read | 取得來賓設定指派。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can onboard Azure Connected Machines.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"name": "b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/privateLinkScopes/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Onboarding",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Connected Machine 資源管理員
可以讀取、寫入、刪除 Azure Connected Machine 及將之重新上線。
| 動作 | 描述 |
|---|---|
| Microsoft.HybridCompute/machines/read | 讀取任何 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/write | 寫入 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/delete | 刪除 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/UpgradeExtensions/action | 升級 Azure Arc 機器上的擴充功能 |
| Microsoft.HybridCompute/machines/extensions/read | 讀取任何 Azure Arc 擴充功能 |
| Microsoft.HybridCompute/machines/extensions/write | 安裝或 更新 Azure Arc 擴充功能 |
| Microsoft.HybridCompute/machines/extensions/delete | 刪除 Azure Arc 擴充功能 |
| Microsoft.HybridCompute/privateLinkScopes/* | |
| Microsoft.HybridCompute/*/read | |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.HybridCompute/licenses/write | 安裝或 更新 Azure Arc 授權 |
| Microsoft.HybridCompute/licenses/delete | 刪除 Azure Arc 授權 |
| Microsoft.HybridCompute/machines/licenseProfiles/read | 讀取任何 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/machines/licenseProfiles/write | 安裝或 更新 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/machines/licenseProfiles/delete | 刪除 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/machines/runCommands/read | 讀取任何 Azure Arc Runcommands |
| Microsoft.HybridCompute/machines/runCommands/write | 安裝或 更新 Azure Arc runcommands |
| Microsoft.HybridCompute/machines/runCommands/delete | 刪除 Azure Arc Runcommands |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read, write, delete and re-onboard Azure Connected Machines.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302",
"name": "cd570a14-e51a-42ad-bac8-bafd67325302",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/privateLinkScopes/*",
"Microsoft.HybridCompute/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/machines/runCommands/read",
"Microsoft.HybridCompute/machines/runCommands/write",
"Microsoft.HybridCompute/machines/runCommands/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Resource Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Connected Machine Resource Manager
AzureStackHCI RP 的自訂角色,以管理資源群組中的混合式計算機器和混合式連線端點
| 動作 | 描述 |
|---|---|
| Microsoft.Hybrid 連線 ivity/endpoints/read | 取得資源的端點。 |
| Microsoft.Hybrid 連線 ivity/endpoints/write | 將端點更新為目標資源。 |
| Microsoft.Hybrid 連線 ivity/endpoints/serviceConfigurations/read | 取得資源服務的詳細數據。 |
| Microsoft.Hybrid 連線 ivity/endpoints/serviceConfigurations/write | 更新目標資源服務組態中的服務詳細數據。 |
| Microsoft.HybridCompute/machines/read | 讀取任何 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/write | 寫入 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/delete | 刪除 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/extensions/read | 讀取任何 Azure Arc 擴充功能 |
| Microsoft.HybridCompute/machines/extensions/write | 安裝或 更新 Azure Arc 延伸模組 |
| Microsoft.HybridCompute/machines/extensions/delete | 刪除 Azure Arc 擴充功能 |
| Microsoft.HybridCompute/*/read | |
| Microsoft.HybridCompute/machines/UpgradeExtensions/action | 升級 Azure Arc 機器上的擴充功能 |
| Microsoft.HybridCompute/machines/licenseProfiles/read | 讀取任何 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/machines/licenseProfiles/write | 安裝或 更新 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/machines/licenseProfiles/delete | 刪除 Azure Arc licenseProfiles |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/read | 取得來賓設定指派。 |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read | |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/write | 建立新的來賓設定指派。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f5819b54-e033-4d82-ac66-4fec3cbf3f4c",
"name": "f5819b54-e033-4d82-ac66-4fec3cbf3f4c",
"permissions": [
{
"actions": [
"Microsoft.HybridConnectivity/endpoints/read",
"Microsoft.HybridConnectivity/endpoints/write",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/*/read",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Resource Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
帳單讀取器
允許對計費資料進行讀取存取
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Billing/*/read | 閱讀帳單資訊 |
| Microsoft.Commerce/*/read | |
| Microsoft.Consumption/*/read | |
| Microsoft.Management/managementGroups/read | 列出已驗證使用者的管理群組。 |
| Microsoft.CostManagement/*/read | |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to billing data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"name": "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Billing/*/read",
"Microsoft.Commerce/*/read",
"Microsoft.Consumption/*/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Billing Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
藍圖參與者
可以管理藍圖定義,但無法加以指派。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Blueprint/blueprints/* | 建立和管理藍圖定義或藍圖成品。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can manage blueprint definitions, but not assign them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4",
"name": "41077137-e803-4205-871c-5a86e6a753b4",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprints/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
藍圖操作員
可以指派現有的已發佈藍圖,但無法建立新的藍圖。 請注意,只有當指派是透過使用者指派的受控識別完成時,這才能運作。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Blueprint/blueprintAssignments/* | 建立和管理藍圖指派。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090",
"name": "437d2ced-4a38-4302-8479-ed2bcb43d090",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprintAssignments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
碳優化讀取器
允許對 Azure 碳優化數據的讀取存取
| 動作 | 描述 |
|---|---|
| Microsoft.Carbon/carbonEmissionReports/action | 適用於碳排放報告的 API |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allow read access to Azure Carbon Optimization data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa0d39e6-28e5-40cf-8521-1eb320653a4c",
"name": "fa0d39e6-28e5-40cf-8521-1eb320653a4c",
"permissions": [
{
"actions": [
"Microsoft.Carbon/carbonEmissionReports/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Carbon Optimization Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
成本管理參與者
可以檢視成本及管理成本設定 (例如: 預算、匯出)
| 動作 | 描述 |
|---|---|
| Microsoft.Consumption/* | |
| Microsoft.CostManagement/* | |
| Microsoft.Billing/billingPeriods/read | |
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| Microsoft.Advisor/configurations/read | 取得組態 |
| Microsoft.Advisor/recommendations/read | 讀取建議 |
| Microsoft.Management/managementGroups/read | 列出已驗證使用者的管理群組。 |
| Microsoft.Billing/billingProperty/read | 取得訂用帳戶的計費屬性 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can view costs and manage cost configuration (e.g. budgets, exports)",
"id": "/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430",
"name": "434105ed-43f6-45c7-a02f-909b2ba83430",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*",
"Microsoft.CostManagement/*",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Billing/billingProperty/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
成本管理讀者
可以檢視成本資料及設定 (例如: 預算、匯出)
| 動作 | 描述 |
|---|---|
| Microsoft.Consumption/*/read | |
| Microsoft.CostManagement/*/read | |
| Microsoft.Billing/billingPeriods/read | |
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| Microsoft.Advisor/configurations/read | 取得組態 |
| Microsoft.Advisor/recommendations/read | 讀取建議 |
| Microsoft.Management/managementGroups/read | 列出已驗證使用者的管理群組。 |
| Microsoft.Billing/billingProperty/read | 取得訂用帳戶的計費屬性 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can view cost data and configuration (e.g. budgets, exports)",
"id": "/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3",
"name": "72fafb9e-0641-4937-9268-a91bfd8191a3",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Billing/billingProperty/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
階層設定系統管理員
允許使用者編輯和刪除階層設定
| 動作 | 描述 |
|---|---|
| Microsoft.Management/managementGroups/settings/write | 建立或更新管理群組階層設定。 |
| Microsoft.Management/managementGroups/settings/delete | 刪除管理群組階層設定。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows users to edit and delete Hierarchy Settings",
"id": "/providers/Microsoft.Authorization/roleDefinitions/350f8d15-c687-4448-8ae1-157740a3936d",
"name": "350f8d15-c687-4448-8ae1-157740a3936d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/settings/write",
"Microsoft.Management/managementGroups/settings/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Hierarchy Settings Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
受控應用程式參與者角色
允許建立受控應用程式資源。
| 動作 | 描述 |
|---|---|
| */read | 讀取除了秘密以外的所有類型的資源。 |
| Microsoft.Solutions/applications/* | |
| Microsoft.Solutions/register/action | 註冊 Microsoft.Solutions 的訂用帳戶 |
| Microsoft.Resources/subscriptions/resourceGroups/* | |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows for creating managed application resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e",
"name": "641177b8-a67a-45b9-a033-47bc880bb21e",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/*",
"Microsoft.Solutions/register/action",
"Microsoft.Resources/subscriptions/resourceGroups/*",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Contributor Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
受控應用程式操作員角色
可讓您在受控應用程式資源上讀取及執行動作
| 動作 | 描述 |
|---|---|
| */read | 讀取除了秘密以外的所有類型的資源。 |
| Microsoft.Solutions/applications/read | 列出訂用帳戶中的所有應用程式。 |
| Microsoft.Solutions/*/action | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and perform actions on Managed Application resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae",
"name": "c7393b34-138c-406f-901b-d8cf2b17e6ae",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/read",
"Microsoft.Solutions/*/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
受控應用程式讀者
可讓您讀取受控應用程式中的資源及要求 JIT 存取權。
| 動作 | 描述 |
|---|---|
| */read | 讀取除了秘密以外的所有類型的資源。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Solutions/jitRequests/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read resources in a managed app and request JIT access.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44",
"name": "b9331d33-8a36-4f8c-b097-4f54124fdb44",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Solutions/jitRequests/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Applications Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
受控服務註冊指派刪除角色
受控服務註冊指派刪除角色可讓管理租用戶使用者刪除指派給其租用戶的註冊指派。
| 動作 | 描述 |
|---|---|
| Microsoft.ManagedServices/registrationAssignments/read | 擷取受控服務註冊指派的清單。 |
| Microsoft.ManagedServices/registrationAssignments/delete | 拿掉受控服務註冊指派。 |
| Microsoft.ManagedServices/operationStatuses/read | 讀取資源的作業狀態。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46",
"name": "91c1777a-f3dc-4fae-b103-61d183457e46",
"permissions": [
{
"actions": [
"Microsoft.ManagedServices/registrationAssignments/read",
"Microsoft.ManagedServices/registrationAssignments/delete",
"Microsoft.ManagedServices/operationStatuses/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Services Registration assignment Delete Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
管理群組參與者
管理群組參與者角色
| 動作 | 描述 |
|---|---|
| Microsoft.Management/managementGroups/delete | 刪除管理群組。 |
| Microsoft.Management/managementGroups/read | 列出已驗證使用者的管理群組。 |
| Microsoft.Management/managementGroups/subscriptions/delete | 從管理群組取消關聯訂用帳戶。 |
| Microsoft.Management/managementGroups/subscriptions/write | 將現有的訂用帳戶與管理群組產生關聯。 |
| Microsoft.Management/managementGroups/write | 建立或更新管理群組。 |
| Microsoft.Management/managementGroups/subscriptions/read | 列出指定管理群組下的訂用帳戶。 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Management Group Contributor Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"name": "5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/delete",
"Microsoft.Management/managementGroups/read",
"Microsoft.Management/managementGroups/subscriptions/delete",
"Microsoft.Management/managementGroups/subscriptions/write",
"Microsoft.Management/managementGroups/write",
"Microsoft.Management/managementGroups/subscriptions/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
管理群組讀取者
管理群組讀取者角色
| 動作 | 描述 |
|---|---|
| Microsoft.Management/managementGroups/read | 列出已驗證使用者的管理群組。 |
| Microsoft.Management/managementGroups/subscriptions/read | 列出指定管理群組下的訂用帳戶。 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Management Group Reader Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d",
"name": "ac63b705-f282-497d-ac71-919bf39d939d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/read",
"Microsoft.Management/managementGroups/subscriptions/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
New Relic APM 帳戶參與者
可讓您管理 New Relic Application Performance Management 帳戶及應用程式,但無法加以存取。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NewRelic.APM/accounts/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237",
"name": "5d28c62d-5b37-4476-8438-e587778df237",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"NewRelic.APM/accounts/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "New Relic APM Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
原則深入解析資料寫入者 (預覽)
允許資源原則的讀取存取及資源元件原則事件的寫入存取。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/policyassignments/read | 取得原則指派的相關信息。 |
| Microsoft.Authorization/policydefinitions/read | 取得原則定義的相關信息。 |
| Microsoft.Authorization/policyexemptions/read | 取得原則豁免的相關信息。 |
| Microsoft.Authorization/policysetdefinitions/read | 取得原則集定義的相關信息。 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.PolicyInsights/checkDataPolicyCompliance/action | 根據數據原則檢查指定元件的合規性狀態。 |
| Microsoft.PolicyInsights/policyEvents/logDataEvents/action | 記錄資源元件原則事件。 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to resource policies and write access to resource component policy events.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84",
"name": "66bb4e9e-b016-4a94-8249-4c0511c2be84",
"permissions": [
{
"actions": [
"Microsoft.Authorization/policyassignments/read",
"Microsoft.Authorization/policydefinitions/read",
"Microsoft.Authorization/policyexemptions/read",
"Microsoft.Authorization/policysetdefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.PolicyInsights/checkDataPolicyCompliance/action",
"Microsoft.PolicyInsights/policyEvents/logDataEvents/action"
],
"notDataActions": []
}
],
"roleName": "Policy Insights Data Writer (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
配額要求操作員
讀取和建立配額要求、取得配額要求狀態,並建立支援票證。
| 動作 | 描述 |
|---|---|
| Microsoft.Capacity/resourceProviders/locations/serviceLimits/read | 取得指定資源和位置的目前服務限制或配額 |
| Microsoft.Capacity/resourceProviders/locations/serviceLimits/write | 為指定的資源和位置建立服務限制或配額 |
| Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read | 取得指定資源和位置的任何服務限制要求 |
| Microsoft.Capacity/register/action | 註冊容量資源提供者,並啟用容量資源的建立。 |
| Microsoft.Quota/usages/read | 取得資源提供者的使用方式 |
| Microsoft.Quota/quotas/read | 取得指定資源的目前服務限制或配額 |
| Microsoft.Quota/quotas/write | 建立指定資源的服務限制或配額要求 |
| Microsoft.Quota/quotaRequests/read | 取得指定資源的任何服務限制要求 |
| Microsoft.Quota/register/action | 向 Microsoft.Quota Resource Provider 註冊訂用帳戶 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read and create quota requests, get quota request status, and create support tickets.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0e5f05e5-9ab9-446b-b98d-1e2157c94125",
"name": "0e5f05e5-9ab9-446b-b98d-1e2157c94125",
"permissions": [
{
"actions": [
"Microsoft.Capacity/resourceProviders/locations/serviceLimits/read",
"Microsoft.Capacity/resourceProviders/locations/serviceLimits/write",
"Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read",
"Microsoft.Capacity/register/action",
"Microsoft.Quota/usages/read",
"Microsoft.Quota/quotas/read",
"Microsoft.Quota/quotas/write",
"Microsoft.Quota/quotaRequests/read",
"Microsoft.Quota/register/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Quota Request Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
保留購買者
可讓您購買保留
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/roleAssignments/read | 取得角色指派的相關信息。 |
| Microsoft.Capacity/catalogs/read | 讀取保留目錄 |
| Microsoft.Capacity/register/action | 註冊容量資源提供者,並啟用容量資源的建立。 |
| Microsoft.Compute/register/action | 向 Microsoft.Compute 資源提供者註冊訂用帳戶 |
| Microsoft.Consumption/register/action | 註冊至取用 RP |
| Microsoft.Consumption/reservationRecommendationDetails/read | 列出保留建議詳細數據 |
| Microsoft.Consumption/reservation 建議/read | 列出訂用帳戶保留實例的單一或共享建議。 |
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.SQL/register/action | 註冊 Microsoft SQL 資料庫 資源提供者的訂用帳戶,並啟用 Microsoft SQL 資料庫 的建立。 |
| Microsoft.Support/supporttickets/write | 允許建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you purchase reservations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f7b75c60-3036-4b75-91c3-6b41c27c1689",
"name": "f7b75c60-3036-4b75-91c3-6b41c27c1689",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Capacity/catalogs/read",
"Microsoft.Capacity/register/action",
"Microsoft.Compute/register/action",
"Microsoft.Consumption/register/action",
"Microsoft.Consumption/reservationRecommendationDetails/read",
"Microsoft.Consumption/reservationRecommendations/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SQL/register/action",
"Microsoft.Support/supporttickets/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservation Purchaser",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
保留系統管理員
可讓人員讀取和管理租用戶中的所有保留
| 動作 | 描述 |
|---|---|
| Microsoft.Capacity/*/read | |
| Microsoft.Capacity/*/action | |
| Microsoft.Capacity/*/write | |
| Microsoft.Authorization/roleAssignments/read | 取得角色指派的相關信息。 |
| Microsoft.Authorization/roleDefinitions/read | 取得角色定義的相關信息。 |
| Microsoft.Authorization/roleAssignments/write | 在指定的範圍建立角色指派。 |
| Microsoft.Authorization/roleAssignments/delete | 刪除指定範圍的角色指派。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/providers/Microsoft.Capacity"
],
"description": "Lets one read and manage all the reservations in a tenant",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a8889054-8d42-49c9-bc1c-52486c10e7cd",
"name": "a8889054-8d42-49c9-bc1c-52486c10e7cd",
"permissions": [
{
"actions": [
"Microsoft.Capacity/*/read",
"Microsoft.Capacity/*/action",
"Microsoft.Capacity/*/write",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservations Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
保留讀取者
可讓人員讀取租用戶中的所有保留
| 動作 | 描述 |
|---|---|
| Microsoft.Capacity/*/read | |
| Microsoft.Authorization/roleAssignments/read | 取得角色指派的相關信息。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/providers/Microsoft.Capacity"
],
"description": "Lets one read all the reservations in a tenant",
"id": "/providers/Microsoft.Authorization/roleDefinitions/582fc458-8989-419f-a480-75249bc5db7e",
"name": "582fc458-8989-419f-a480-75249bc5db7e",
"permissions": [
{
"actions": [
"Microsoft.Capacity/*/read",
"Microsoft.Authorization/roleAssignments/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservations Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
資源原則參與者
有權建立/修改資源原則、建立支援票證及讀取資源/階層的使用者。
| 動作 | 描述 |
|---|---|
| */read | 讀取除了秘密以外的所有類型的資源。 |
| Microsoft.Authorization/policyassignments/* | 建立和管理原則指派 |
| Microsoft.Authorization/policydefinitions/* | 建立和管理原則定義 |
| Microsoft.Authorization/policyexemptions/* | 建立和管理原則豁免 |
| Microsoft.Authorization/policysetdefinitions/* | 建立和管理原則集 |
| Microsoft.PolicyInsights/* | |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608",
"name": "36243c78-bf99-498c-9df9-86d9f8d28608",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/policyassignments/*",
"Microsoft.Authorization/policydefinitions/*",
"Microsoft.Authorization/policyexemptions/*",
"Microsoft.Authorization/policysetdefinitions/*",
"Microsoft.PolicyInsights/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Resource Policy Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
排程修補參與者
使用維護範圍 InGuestPatch 和對應的組態指派,提供管理維護設定的存取權
| 動作 | 描述 |
|---|---|
| Microsoft.Maintenance/maintenanceConfigurations/read | 讀取維護設定。 |
| Microsoft.Maintenance/maintenanceConfigurations/write | 建立或更新維護設定。 |
| Microsoft.Maintenance/maintenanceConfigurations/delete | 刪除維護設定。 |
| Microsoft.Maintenance/configurationAssignments/read | 讀取維護設定指派。 |
| Microsoft.Maintenance/configurationAssignments/write | 建立或更新維護組態指派。 |
| Microsoft.Maintenance/configurationAssignments/delete | 刪除維護組態指派。 |
| Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/read | 讀取 InGuestPatch 維護範圍的維護設定指派。 |
| Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/write | 建立或更新 InGuestPatch 維護範圍的維護組態指派。 |
| Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/delete | 刪除 InGuestPatch 維護範圍的維護組態指派。 |
| Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/read | 讀取 InGuestPatch 維護範圍的維護設定。 |
| Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/write | 建立或更新 InGuestPatch 維護範圍的維護組態。 |
| Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/delete | 刪除 InGuestPatch 維護範圍的維護設定。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cd08ab90-6b14-449c-ad9a-8f8e549482c6",
"name": "cd08ab90-6b14-449c-ad9a-8f8e549482c6",
"permissions": [
{
"actions": [
"Microsoft.Maintenance/maintenanceConfigurations/read",
"Microsoft.Maintenance/maintenanceConfigurations/write",
"Microsoft.Maintenance/maintenanceConfigurations/delete",
"Microsoft.Maintenance/configurationAssignments/read",
"Microsoft.Maintenance/configurationAssignments/write",
"Microsoft.Maintenance/configurationAssignments/delete",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/read",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/write",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/delete",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/read",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/write",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Scheduled Patching Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery 參與者
可讓您管理 Site Recovery 服務,但保存庫建立與角色指派除外
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
| Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp 是服務所使用的內部作業 |
| Microsoft.RecoveryServices/locations/allocateStamp/action | AllocateStamp 是服務所使用的內部作業 |
| Microsoft.RecoveryServices/Vaults/certificates/write | 更新資源憑證作業會更新資源/保存庫認證憑證。 |
| Microsoft.RecoveryServices/Vaults/extendedInformation/* | 建立和管理與保存庫相關的擴充資訊 |
| Microsoft.RecoveryServices/Vaults/read | Get Vault 作業會取得代表 『vault』 類型的 Azure 資源的物件 |
| Microsoft.RecoveryServices/Vaults/refreshContainers/read | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/* | 建立和管理已註冊的身分識別 |
| Microsoft.RecoveryServices/vaults/replicationAlert 設定/* | 建立或更新復寫警示設定 |
| Microsoft.RecoveryServices/vaults/replicationEvents/read | 讀取任何事件 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/* | 建立和管理複寫網狀架構 |
| Microsoft.RecoveryServices/vaults/replicationJobs/* | 建立和管理複寫作業 |
| Microsoft.RecoveryServices/vaults/replicationPolicies/* | 建立和管理複製策略 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/* | 建立和管理復原方案 |
| Microsoft.RecoveryServices/vaults/replicationVault 設定/* | |
| Microsoft.RecoveryServices/Vaults/storageConfig/* | 建立和管理復原服務保存庫的記憶體組態 |
| Microsoft.RecoveryServices/Vaults/tokenInfo/read | |
| Microsoft.RecoveryServices/Vaults/usages/read | 傳回復原服務保存庫的使用詳細數據。 |
| Microsoft.RecoveryServices/Vaults/vaultTokens/read | 保存庫令牌作業可用來取得保存庫層級後端作業的保存庫令牌。 |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | 讀取復原服務保存庫的警示 |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| 微軟。儲存體/storageAccounts/read | 傳回記憶體帳戶的清單,或取得指定之記憶體帳戶的屬性。 |
| Microsoft.RecoveryServices/vaults/replicationOperationStatus/read | 讀取任何保存庫複寫作業狀態 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Site Recovery service except vault creation and role assignment",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"name": "6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/*",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/*",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/*",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/*",
"Microsoft.RecoveryServices/Vaults/storageConfig/*",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/vaults/replicationOperationStatus/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery 操作員
可讓您容錯移轉及容錯回復,但無法執行其他 Site Recovery 管理作業
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
| Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp 是服務所使用的內部作業 |
| Microsoft.RecoveryServices/locations/allocateStamp/action | AllocateStamp 是服務所使用的內部作業 |
| Microsoft.RecoveryServices/Vaults/extendedInformation/read | 取得擴充資訊作業會取得對象的擴充資訊,代表類型為 ?vault 的 Azure 資源? |
| Microsoft.RecoveryServices/Vaults/read | Get Vault 作業會取得代表 『vault』 類型的 Azure 資源的物件 |
| Microsoft.RecoveryServices/Vaults/refreshContainers/read | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | 取得作業結果作業可用來取得異步送出作業的作業狀態和結果 |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/read | 您可以使用取得容器作業來取得為資源註冊的容器。 |
| Microsoft.RecoveryServices/vaults/replicationAlert 設定/read | 讀取任何警示 設定 |
| Microsoft.RecoveryServices/vaults/replicationEvents/read | 讀取任何事件 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action | 檢查網狀架構的一致性 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/read | 讀取任何網狀架構 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action | 重新關聯閘道 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action | 更新網狀架構的憑證 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read | 讀取任何網路 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read | 讀取任何網路對應 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read | 讀取任何保護容器 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read | 讀取任何可保護的專案 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action | 套用恢復點 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action | 故障轉移認可 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action | 規劃的容錯移轉 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read | 讀取任何受保護的專案 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read | 讀取任何復寫恢復點 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action | 修復複寫 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action | 重新保護受保護的專案 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action | 交換器保護容器 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action | 測試容錯移轉 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action | 測試故障轉移清除 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action | 容錯移轉 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action | 更新行動服務 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read | 讀取任何保護容器對應 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read | 讀取任何復原服務提供者 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action | 重新整理提供者 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replication 儲存體 Classifications/read | 讀取任何 儲存體 分類 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replication 儲存體 Classifications/replication 儲存體 ClassificationMappings/read | 讀取任何 儲存體 分類對應 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read | 讀取任何 vCenters |
| Microsoft.RecoveryServices/vaults/replicationJobs/* | 建立和管理複寫作業 |
| Microsoft.RecoveryServices/vaults/replicationPolicies/read | 讀取任何原則 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action | 故障轉移認可復原方案 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action | 計劃性故障轉移復原方案 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read | 讀取任何復原方案 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action | 重新保護復原方案 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action | 測試故障轉移復原方案 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action | 測試故障轉移清除復原方案 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action | 故障轉移復原方案 |
| Microsoft.RecoveryServices/vaults/replicationVault 設定/read | 讀取任何 |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | 讀取復原服務保存庫的警示 |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
| Microsoft.RecoveryServices/Vaults/storageConfig/read | |
| Microsoft.RecoveryServices/Vaults/tokenInfo/read | |
| Microsoft.RecoveryServices/Vaults/usages/read | 傳回復原服務保存庫的使用詳細數據。 |
| Microsoft.RecoveryServices/Vaults/vaultTokens/read | 保存庫令牌作業可用來取得保存庫層級後端作業的保存庫令牌。 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| 微軟。儲存體/storageAccounts/read | 傳回記憶體帳戶的清單,或取得指定之記憶體帳戶的屬性。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you failover and failback but not perform other Site Recovery management operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca",
"name": "494ae006-db33-4328-bf46-533a6560a3ca",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery 讀者
可讓您檢視 Site Recovery 狀態,但無法執行其他管理作業
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp 是服務所使用的內部作業 |
| Microsoft.RecoveryServices/Vaults/extendedInformation/read | 取得擴充資訊作業會取得對象的擴充資訊,代表類型為 ?vault 的 Azure 資源? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/read | 取得復原服務保存庫的警示。 |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
| Microsoft.RecoveryServices/Vaults/read | Get Vault 作業會取得代表 『vault』 類型的 Azure 資源的物件 |
| Microsoft.RecoveryServices/Vaults/refreshContainers/read | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | 取得作業結果作業可用來取得異步送出作業的作業狀態和結果 |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/read | 您可以使用取得容器作業來取得為資源註冊的容器。 |
| Microsoft.RecoveryServices/vaults/replicationAlert 設定/read | 讀取任何警示 設定 |
| Microsoft.RecoveryServices/vaults/replicationEvents/read | 讀取任何事件 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/read | 讀取任何網狀架構 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read | 讀取任何網路 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read | 讀取任何網路對應 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read | 讀取任何保護容器 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read | 讀取任何可保護的專案 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read | 讀取任何受保護的專案 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read | 讀取任何復寫恢復點 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read | 讀取任何保護容器對應 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read | 讀取任何復原服務提供者 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replication 儲存體 Classifications/read | 讀取任何 儲存體 分類 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replication 儲存體 Classifications/replication 儲存體 ClassificationMappings/read | 讀取任何 儲存體 分類對應 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read | 讀取任何 vCenters |
| Microsoft.RecoveryServices/vaults/replicationJobs/read | 讀取任何作業 |
| Microsoft.RecoveryServices/vaults/replicationPolicies/read | 讀取任何原則 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read | 讀取任何復原方案 |
| Microsoft.RecoveryServices/vaults/replicationVault 設定/read | 讀取任何 |
| Microsoft.RecoveryServices/Vaults/storageConfig/read | |
| Microsoft.RecoveryServices/Vaults/tokenInfo/read | |
| Microsoft.RecoveryServices/Vaults/usages/read | 傳回復原服務保存庫的使用詳細數據。 |
| Microsoft.RecoveryServices/Vaults/vaultTokens/read | 保存庫令牌作業可用來取得保存庫層級後端作業的保存庫令牌。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you view Site Recovery status but not perform other management operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/dbaa88c4-0c30-4179-9fb3-46319faa6149",
"name": "dbaa88c4-0c30-4179-9fb3-46319faa6149",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/read",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
支援要求參與者
可讓您建立及管理支援要求
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立及更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you create and manage Support requests",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"name": "cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Support Request Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
標記參與者
可讓您管理實體上的標籤,而無需提供實體本身的存取權。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/subscriptions/resourceGroups/resources/read | 取得資源群組的資源。 |
| Microsoft.Resources/subscriptions/resources/read | 取得訂用帳戶的資源。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Support/* | 建立及更新支援票證 |
| Microsoft.Resources/tags/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage tags on entities, without providing access to the entities themselves.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f",
"name": "4a9ae827-6dc8-4573-8ac7-8239d42aa03f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/resources/read",
"Microsoft.Resources/subscriptions/resources/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*",
"Microsoft.Resources/tags/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Tag Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
範本規格參與者
允許在指派的範圍內對範本規格作業的完整存取權。
| 動作 | 描述 |
|---|---|
| Microsoft.Resources/templateSpecs/* | 建立和管理範本規格和範本規格版本 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows full access to Template Spec operations at the assigned scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1c9b6475-caf0-4164-b5a1-2142a7116f4b",
"name": "1c9b6475-caf0-4164-b5a1-2142a7116f4b",
"permissions": [
{
"actions": [
"Microsoft.Resources/templateSpecs/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Template Spec Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
範本規格讀取者
允許在指派的範圍內對範本規格的讀取存取。
| 動作 | 描述 |
|---|---|
| Microsoft.Resources/templateSpecs/*/read | 取得或列出範本規格和範本規格版本 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to Template Specs at the assigned scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/392ae280-861d-42bd-9ea5-08ee6d83b80e",
"name": "392ae280-861d-42bd-9ea5-08ee6d83b80e",
"permissions": [
{
"actions": [
"Microsoft.Resources/templateSpecs/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Template Spec Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}