適用於分析的 Azure 內建角色
本文列出 Analytics 類別中的 Azure 內建角色。
Azure 事件中樞資料擁有者
允許完整存取 Azure 事件中樞 資源。
| 動作 | 描述 |
|---|---|
| Microsoft.EventHub/* | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/* | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
"name": "f526a384-b230-433a-b45c-95f59c4a2dec",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 事件中樞資料接收者
允許接收 Azure 事件中樞資源。
| 動作 | 描述 |
|---|---|
| Microsoft.EventHub/*/eventhubs/consumergroups/read | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/*/receive/action | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows receive access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/consumergroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 事件中樞資料傳送者
允許傳送 Azure 事件中樞資源。
| 動作 | 描述 |
|---|---|
| Microsoft.EventHub/*/eventhubs/read | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/*/send/action | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows send access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
"name": "2b629674-e913-4c01-ae53-ef4638d8f975",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Factory 參與者
建立和管理數據處理站,以及其中的子資源。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.DataFactory/dataFactories/* | 建立和管理數據處理站,以及其中子資源。 |
| Microsoft.DataFactory/factories/* | 建立和管理數據處理站,以及其中子資源。 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立和更新支援票證 |
| Microsoft.EventGrid/eventSubscriptions/write | 建立或更新 eventSubscription |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Create and manage data factories, as well as child resources within them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
"name": "673868aa-7521-48a0-acc6-0f60742d39f5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DataFactory/dataFactories/*",
"Microsoft.DataFactory/factories/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.EventGrid/eventSubscriptions/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Factory Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
資料清除者
從 Log Analytics 工作區刪除私人數據。
| 動作 | 描述 |
|---|---|
| Microsoft.Insights/components/*/read | |
| Microsoft.Insights/components/purge/action | 從 Application Insights 清除數據 |
| Microsoft.OperationalInsights/workspaces/*/read | 檢視記錄分析數據 |
| Microsoft.OperationalInsights/workspaces/purge/action | 從工作區依查詢刪除指定的數據。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can purge analytics data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"permissions": [
{
"actions": [
"Microsoft.Insights/components/*/read",
"Microsoft.Insights/components/purge/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/purge/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Purger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight 叢集操作員
可讓您讀取和修改 HDInsight 叢集組態。
| 動作 | 描述 |
|---|---|
| Microsoft.HDInsight/*/read | |
| Microsoft.HDInsight/clusters/getGatewaySettings/action | 取得 HDInsight 叢集的閘道設定 |
| Microsoft.HDInsight/clusters/updateGatewaySettings/action | 更新 HDInsight 叢集的閘道設定 |
| Microsoft.HDInsight/clusters/configurations/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and modify HDInsight cluster configurations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
"name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
"permissions": [
{
"actions": [
"Microsoft.HDInsight/*/read",
"Microsoft.HDInsight/clusters/getGatewaySettings/action",
"Microsoft.HDInsight/clusters/updateGatewaySettings/action",
"Microsoft.HDInsight/clusters/configurations/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Cluster Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight 網域服務參與者
可讀取、建立、修改及刪除 HDInsight 企業安全性套件所需的網域服務相關作業
| 動作 | 描述 |
|---|---|
| Microsoft.AAD/*/read | |
| Microsoft.AAD/domainServices/*/read | |
| Microsoft.AAD/domainServices/oucontainer/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
"name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
"permissions": [
{
"actions": [
"Microsoft.AAD/*/read",
"Microsoft.AAD/domainServices/*/read",
"Microsoft.AAD/domainServices/oucontainer/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Domain Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AKS 上的 HDInsight 叢集管理員
授與使用者/群組在指定叢集集區內建立、刪除和管理叢集的能力。 叢集管理員也可以執行工作負載、監視及管理這些叢集上的所有用戶活動。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.HDInsight/clusterPools/clusters/read | 取得 AKS 叢集上 HDInsight 的詳細數據 |
| Microsoft.HDInsight/clusterPools/clusters/write | 在 AKS 叢集上建立或更新 HDInsight |
| Microsoft.HDInsight/clusterPools/clusters/delete | 刪除 AKS 叢集上的 HDInsight |
| Microsoft.HDInsight/clusterPools/clusters/resize/action | 調整 AKS 叢集上的 HDInsight 大小 |
| Microsoft.HDInsight/clusterpools/clusters/instanceviews/read | 取得 AKS 叢集實例檢視上 HDInsight 的詳細數據 |
| Microsoft.HDInsight/clusterPools/clusters/jobs/read | 列出 AKS 叢集作業上的 HDInsight |
| Microsoft.HDInsight/clusterPools/clusters/runjob/action | 在 AKS 叢集作業上執行 HDInsight |
| Microsoft.HDInsight/clusterpools/clusters/serviceconfigs/read | 取得 AKS 叢集服務組態上 HDInsight 的詳細數據 |
| Microsoft.HDInsight/clusterPools/clusters/availableupgrades/read | 取得 AKS 叢集上 HDInsight 的 Avaliable 升級 |
| Microsoft.HDInsight/clusterPools/clusters/upgrade/action | 升級 AKS 叢集上的 HDInsight |
| Microsoft.HDInsight/clusterPools/clusters/rollback/action | 在 AKS 叢集升級上復原 HDInsight |
| Microsoft.HDInsight/clusterPools/clusters/upgradehistories/read | 讀取 AKS 叢集升級歷程記錄上的 HDInsight |
| Microsoft.HDInsight/clusterPools/clusters/libraries/read | 讀取 AKS 叢集連結庫上的 HDInsight |
| Microsoft.HDInsight/clusterPools/clusters/managelibraries/action | 管理 AKS 叢集連結庫上的 HDInsight |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
| Microsoft.Resources/deployments/*/read | |
| Microsoft.Resources/deployments/read | 取得或列出部署。 |
| Microsoft.Resources/deployments/validate/action | 驗證部署。 |
| Microsoft.Resources/deployments/write | 建立或更新部署。 |
| Microsoft.Resources/deployments/exportTemplate/action | 匯出部署的範本 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | 取得或列出部署作業。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | 取得或列出部署。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
| Microsoft.Insights/AlertRules/Write | 建立或更新傳統計量警示 |
| Microsoft.Insights/AlertRules/Delete | 刪除傳統計量警示 |
| Microsoft.Insights/AlertRules/Read | 讀取傳統計量警示 |
| Microsoft.Insights/AlertRules/Activated/Action | 已啟動傳統計量警示 |
| Microsoft.Insights/AlertRules/Resolved/Action | 已解決傳統計量警示 |
| Microsoft.Insights/AlertRules/Throttled/Action | 傳統計量警示規則已節流 |
| Microsoft.Insights/AlertRules/Incidents/Read | 讀取傳統計量警示事件 |
| Microsoft.Insights/metrics/read | 讀取計量 |
| Microsoft.Insights/logs/read | 從所有記錄讀取數據 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Grants a user/group the ability to create, delete and manage clusters within a given cluster pool. Cluster Admin can also run workloads, monitor, and manage all user activity on these clusters.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fd036e6b-1266-47a0-b0bb-a05d04831731",
"name": "fd036e6b-1266-47a0-b0bb-a05d04831731",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.HDInsight/clusterPools/clusters/read",
"Microsoft.HDInsight/clusterPools/clusters/write",
"Microsoft.HDInsight/clusterPools/clusters/delete",
"Microsoft.HDInsight/clusterPools/clusters/resize/action",
"Microsoft.HDInsight/clusterpools/clusters/instanceviews/read",
"Microsoft.HDInsight/clusterPools/clusters/jobs/read",
"Microsoft.HDInsight/clusterPools/clusters/runjob/action",
"Microsoft.HDInsight/clusterpools/clusters/serviceconfigs/read",
"Microsoft.HDInsight/clusterPools/clusters/availableupgrades/read",
"Microsoft.HDInsight/clusterPools/clusters/upgrade/action",
"Microsoft.HDInsight/clusterPools/clusters/rollback/action",
"Microsoft.HDInsight/clusterPools/clusters/upgradehistories/read",
"Microsoft.HDInsight/clusterPools/clusters/libraries/read",
"Microsoft.HDInsight/clusterPools/clusters/managelibraries/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/*/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/logs/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight on AKS Cluster Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AKS 上的 HDInsight 叢集集區管理員
可以在 AKS 叢集集集區上讀取、建立、修改和刪除 HDInsight,以及建立叢集
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.HDInsight/clusterPools/clusters/read | 取得 AKS 叢集上 HDInsight 的詳細數據 |
| Microsoft.HDInsight/clusterPools/clusters/write | 在 AKS 叢集上建立或更新 HDInsight |
| Microsoft.HDInsight/clusterPools/delete | 刪除 AKS 叢集集區上的 HDInsight |
| Microsoft.HDInsight/clusterPools/read | 取得 AKS 叢集集區上 HDInsight 的詳細數據 |
| Microsoft.HDInsight/clusterPools/write | 在 AKS 叢集集區上建立或更新 HDInsight |
| Microsoft.HDInsight/clusterpools/availableupgrades/read | 取得 AKS 叢集集區上 HDInsight 的 Avaliable 升級 |
| Microsoft.HDInsight/clusterpools/upgrade/action | 升級 AKS 叢集集區上的 HDInsight |
| Microsoft.HDInsight/clusterPools/upgradehistories/read | 讀取 AKS 叢集集區升級歷程記錄上的 HDInsight |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
| Microsoft.Resources/deployments/validate/action | 驗證部署。 |
| Microsoft.Resources/deployments/*/read | |
| Microsoft.Resources/deployments/read | 取得或列出部署。 |
| Microsoft.Resources/deployments/write | 建立或更新部署。 |
| Microsoft.Resources/deployments/exportTemplate/action | 匯出部署的範本 |
| Microsoft.Resources/deployments/validate/action | 驗證部署。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | 取得或列出部署作業。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | 取得或列出部署。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
| Microsoft.Insights/AlertRules/Write | 建立或更新傳統計量警示 |
| Microsoft.Insights/AlertRules/Delete | 刪除傳統計量警示 |
| Microsoft.Insights/AlertRules/Read | 讀取傳統計量警示 |
| Microsoft.Insights/AlertRules/Activated/Action | 已啟動傳統計量警示 |
| Microsoft.Insights/AlertRules/Resolved/Action | 已解決傳統計量警示 |
| Microsoft.Insights/AlertRules/Throttled/Action | 傳統計量警示規則已節流 |
| Microsoft.Insights/AlertRules/Incidents/Read | 讀取傳統計量警示事件 |
| Microsoft.Insights/metrics/read | 讀取計量 |
| Microsoft.Insights/logs/read | 從所有記錄讀取數據 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read, create, modify and delete HDInsight on AKS cluster pools and create clusters",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7656b436-37d4-490a-a4ab-d39f838f0042",
"name": "7656b436-37d4-490a-a4ab-d39f838f0042",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.HDInsight/clusterPools/clusters/read",
"Microsoft.HDInsight/clusterPools/clusters/write",
"Microsoft.HDInsight/clusterPools/delete",
"Microsoft.HDInsight/clusterPools/read",
"Microsoft.HDInsight/clusterPools/write",
"Microsoft.HDInsight/clusterpools/availableupgrades/read",
"Microsoft.HDInsight/clusterpools/upgrade/action",
"Microsoft.HDInsight/clusterPools/upgradehistories/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/*/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/logs/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight on AKS Cluster Pool Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Log Analytics 參與者
「Log Analytics 參與者」角色可以讀取所有監視資料和編輯監視設定。 編輯監視設定包括將 VM 擴充功能新增至 VM;讀取記憶體帳戶密鑰,以設定從 Azure 儲存體 收集記錄、新增解決方案,以及在所有 Azure 資源上設定 Azure 診斷。
| 動作 | 描述 |
|---|---|
| */read | 讀取除了秘密以外的所有類型的資源。 |
| Microsoft.ClassicCompute/virtualMachines/extensions/* | |
| Microsoft.ClassicStorage/storageAccounts/listKeys/action | 列出記憶體帳戶的存取金鑰。 |
| Microsoft.Compute/virtualMachines/extensions/* | |
| Microsoft.HybridCompute/machines/extensions/write | 安裝或更新 Azure Arc 擴充功能 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Insights/diagnosticSettings/* | 建立、更新或讀取 Analysis Server 的診斷設定 |
| Microsoft.OperationalInsights/* | |
| Microsoft.OperationsManagement/* | |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.Storage/storageAccounts/listKeys/action | 傳回指定儲存體帳戶的存取金鑰。 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.ClassicCompute/virtualMachines/extensions/*",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.Compute/virtualMachines/extensions/*",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/*",
"Microsoft.OperationsManagement/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Log Analytics 讀者
Log Analytics 讀者可以檢視和搜尋所有監視數據,以及檢視監視設定,包括檢視所有 Azure 資源的 Azure 診斷設定。
| 動作 | 描述 |
|---|---|
| */read | 讀取除了秘密以外的所有類型的資源。 |
| Microsoft.OperationalInsights/workspaces/analytics/query/action | 使用新引擎進行搜尋。 |
| Microsoft.OperationalInsights/workspaces/search/action | 執行搜尋查詢 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| Microsoft.OperationalInsights/workspaces/sharedKeys/read | 擷取工作區的共用金鑰。 這些密鑰可用來將 operational Insights 代理程式Microsoft連線到工作區。 |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
"name": "73c42c96-874c-492b-b04d-ab87d138a893",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.OperationalInsights/workspaces/sharedKeys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
架構登入參與者 (預覽)
讀取、寫入及刪除結構描述登錄群組和結構描述。
| 動作 | 描述 |
|---|---|
| Microsoft.EventHub/namespaces/schemagroups/* | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/namespaces/schemas/* | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read, write, and delete Schema Registry groups and schemas.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
"name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/*"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Contributor (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
架構登入讀取器 (預覽)
讀取並列出結構描述登錄群組和結構描述。
| 動作 | 描述 |
|---|---|
| Microsoft.EventHub/namespaces/schemagroups/read | 取得 SchemaGroup 資源描述的清單 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/namespaces/schemas/read | 擷取架構 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read and list Schema Registry groups and schemas.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/read"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
串流分析查詢測試人員
可讓您先執行查詢測試,而不需先建立串流分析作業
| 動作 | 描述 |
|---|---|
| Microsoft.StreamAnalytics/locations/TestQuery/action | 串流分析資源提供者的測試查詢 |
| Microsoft.StreamAnalytics/locations/OperationResults/read | 讀取串流分析作業結果 |
| Microsoft.StreamAnalytics/locations/SampleInput/action | 串流分析資源提供者的範例輸入 |
| Microsoft.StreamAnalytics/locations/CompileQuery/action | 編譯串流分析資源提供者的查詢 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform query testing without creating a stream analytics job first",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf",
"name": "1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf",
"permissions": [
{
"actions": [
"Microsoft.StreamAnalytics/locations/TestQuery/action",
"Microsoft.StreamAnalytics/locations/OperationResults/read",
"Microsoft.StreamAnalytics/locations/SampleInput/action",
"Microsoft.StreamAnalytics/locations/CompileQuery/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Stream Analytics Query Tester",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}