混合式 + 多重雲端的 Azure 內建角色
本文列出混合式 + 多重雲端類別中的 Azure 內建角色。
Azure 資源橋接器部署角色
Azure 資源橋接器部署角色
動作 | 描述 |
---|---|
Microsoft.Authorization/roleassignments/read | 取得角色指派的相關信息。 |
Microsoft.AzureStackHCI/Register/Action | 註冊 Azure Stack HCI 資源提供者的訂用帳戶,並啟用 Azure Stack HCI 資源的建立。 |
Microsoft.Resource 連線 or/register/action | 註冊設備資源提供者的訂用帳戶,並啟用設備建立。 |
Microsoft.Resource 連線 or/appliance/read | 取得設備資源 |
Microsoft.Resource 連線 or/appliance/write | 建立或 更新 設備資源 |
Microsoft.Resource 連線 or/appliance/delete | 刪除設備資源 |
Microsoft.Resource 連線 or/locations/operationresults/read | 取得設備作業的結果 |
Microsoft.Resource 連線 or/locations/operationsstatus/read | 取得設備作業的結果 |
Microsoft.Resource 連線 or/appliance/listClusterUserCredential/action | 取得設備叢集用戶認證 |
Microsoft.Resource 連線 or/appliance/listKeys/action | 取得設備叢集客戶用戶金鑰 |
Microsoft.Resource 連線 or/appliance/upgradeGraphs/read | 取得設備叢集的升級圖表 |
Microsoft.Resource 連線 or/telemetryconfig/read | 取得設備 CLI 所使用的設備遙測設定 |
Microsoft.Resource 連線 or/operations/read | 取得設備可用的作業清單 |
Microsoft.ExtendedLocation/register/action | 註冊自定義位置資源提供者的訂用帳戶,並啟用自定義位置的建立。 |
Microsoft.ExtendedLocation/customLocations/deploy/action | 將許可權部署至自定義位置資源 |
Microsoft.ExtendedLocation/customLocations/read | 取得自定義位置資源 |
Microsoft.ExtendedLocation/customLocations/write | 建立或 更新 自定義位置資源 |
Microsoft.ExtendedLocation/customLocations/delete | 刪除自訂位置資源 |
Microsoft.Hybrid 連線 ivity/register/action | 註冊 Microsoft.Hybrid 的訂用帳戶 連線 ivity |
Microsoft.Kubernetes/register/action | 向 Microsoft.Kubernetes 資源提供者註冊訂用帳戶 |
Microsoft.KubernetesConfiguration/register/action | 向 Microsoft.KubernetesConfiguration 資源提供者註冊訂用帳戶。 |
Microsoft.KubernetesConfiguration/extensions/write | 建立或更新延伸模組資源。 |
Microsoft.KubernetesConfiguration/extensions/read | 取得擴充實例資源。 |
Microsoft.KubernetesConfiguration/extensions/delete | 刪除擴充實例資源。 |
Microsoft.KubernetesConfiguration/extensions/operations/read | 取得異步操作狀態。 |
Microsoft.KubernetesConfiguration/namespaces/read | 取得命名空間資源 |
Microsoft.KubernetesConfiguration/operations/read | 取得 Microsoft.KubernetesConfiguration 資源提供者的可用作業。 |
Microsoft.GuestConfiguration/guestConfigurationAssignments/read | 取得來賓設定指派。 |
Microsoft.HybridContainerService/register/action | 註冊 Microsoft.HybridContainerService 的訂用帳戶 |
Microsoft.HybridContainerService/kubernetesVersions/read | 列出基礎自定義位置支援的 kubernetes 版本 |
Microsoft.HybridContainerService/kubernetesVersions/write | 放置 kubernetes 版本資源類型 |
Microsoft.HybridContainerService/skus/read | 列出基礎自定義位置中支援的 VM SKU |
Microsoft.HybridContainerService/skus/write | 放置 VM SKU 資源類型 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.AzureStackHCI/儲存體 Containers/Write | 建立/更新 記憶體容器資源 |
Microsoft.AzureStackHCI/儲存體 Containers/Read | 取得/列出記憶體容器資源 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Azure Resource Bridge Deployment Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7b1f81f9-4196-4058-8aae-762e593270df",
"name": "7b1f81f9-4196-4058-8aae-762e593270df",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleassignments/read",
"Microsoft.AzureStackHCI/Register/Action",
"Microsoft.ResourceConnector/register/action",
"Microsoft.ResourceConnector/appliances/read",
"Microsoft.ResourceConnector/appliances/write",
"Microsoft.ResourceConnector/appliances/delete",
"Microsoft.ResourceConnector/locations/operationresults/read",
"Microsoft.ResourceConnector/locations/operationsstatus/read",
"Microsoft.ResourceConnector/appliances/listClusterUserCredential/action",
"Microsoft.ResourceConnector/appliances/listKeys/action",
"Microsoft.ResourceConnector/appliances/upgradeGraphs/read",
"Microsoft.ResourceConnector/telemetryconfig/read",
"Microsoft.ResourceConnector/operations/read",
"Microsoft.ExtendedLocation/register/action",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.ExtendedLocation/customLocations/write",
"Microsoft.ExtendedLocation/customLocations/delete",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.Kubernetes/register/action",
"Microsoft.KubernetesConfiguration/register/action",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.KubernetesConfiguration/namespaces/read",
"Microsoft.KubernetesConfiguration/operations/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.HybridContainerService/register/action",
"Microsoft.HybridContainerService/kubernetesVersions/read",
"Microsoft.HybridContainerService/kubernetesVersions/write",
"Microsoft.HybridContainerService/skus/read",
"Microsoft.HybridContainerService/skus/write",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.AzureStackHCI/StorageContainers/Write",
"Microsoft.AzureStackHCI/StorageContainers/Read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Resource Bridge Deployment Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI 管理員 istrator
授與叢集及其資源的完整存取權,包括註冊 Azure Stack HCI 的能力,並將其他人指派為 Azure Arc HCI VM 參與者和/或 Azure Arc HCI VM 讀取器
動作 | 描述 |
---|---|
Microsoft.AzureStackHCI/register/action | 註冊 Azure Stack HCI 資源提供者的訂用帳戶,並啟用 Azure Stack HCI 資源的建立。 |
Microsoft.AzureStackHCI/Unregister/Action | 取消註冊 Azure Stack HCI 資源提供者的訂用帳戶。 |
Microsoft.AzureStackHCI/clusters/* | |
Microsoft.HybridCompute/register/action | 註冊 Microsoft.HybridCompute 資源提供者的訂用帳戶 |
Microsoft.GuestConfiguration/register/action | 註冊 Microsoft.GuestConfiguration 資源提供者的訂用帳戶。 |
Microsoft.GuestConfiguration/guestConfigurationAssignments/read | 取得來賓設定指派。 |
Microsoft.Resources/subscriptions/resourceGroups/write | 建立或更新資源群組。 |
Microsoft.Resources/subscriptions/resourceGroups/delete | 刪除資源群組及其所有資源。 |
Microsoft.Hybrid 連線 ivity/register/action | 註冊 Microsoft.Hybrid 的訂用帳戶 連線 ivity |
Microsoft.Authorization/roleAssignments/write | 在指定的範圍建立角色指派。 |
Microsoft.Authorization/roleAssignments/delete | 刪除指定範圍的角色指派。 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
Microsoft.Management/managementGroups/read | 列出已驗證使用者的管理群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
Microsoft.AzureStackHCI/* | |
Microsoft.Insights/AlertRules/Write | 建立或更新傳統計量警示 |
Microsoft.Insights/AlertRules/Delete | 刪除傳統計量警示 |
Microsoft.Insights/AlertRules/Read | 讀取傳統計量警示 |
Microsoft.Insights/AlertRules/Activated/Action | 已啟動傳統計量警示 |
Microsoft.Insights/AlertRules/Resolved/Action | 已解決傳統計量警示 |
Microsoft.Insights/AlertRules/Throttled/Action | 傳統計量警示規則已節流 |
Microsoft.Insights/AlertRules/Incidents/Read | 讀取傳統計量警示事件 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/read | 取得或列出部署。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/write | 建立或更新部署。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | 取得或列出部署作業狀態。 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.HybridCompute/machines/read | 讀取任何 Azure Arc 機器 |
Microsoft.HybridCompute/machines/write | 寫入 Azure Arc 機器 |
Microsoft.HybridCompute/machines/delete | 刪除 Azure Arc 機器 |
Microsoft.HybridCompute/machines/UpgradeExtensions/action | 升級 Azure Arc 機器上的擴充功能 |
Microsoft.HybridCompute/machines/assessPatches/action | 評估任何 Azure Arc 機器以取得遺漏的軟體修補程式 |
Microsoft.HybridCompute/machines/installPatches/action | 在任何 Azure Arc 計算機上安裝修補程式 |
Microsoft.HybridCompute/machines/extensions/read | 讀取任何 Azure Arc 擴充功能 |
Microsoft.HybridCompute/machines/extensions/write | 安裝或 更新 Azure Arc 擴充功能 |
Microsoft.HybridCompute/machines/extensions/delete | 刪除 Azure Arc 擴充功能 |
Microsoft.HybridCompute/operations/read | 讀取適用於伺服器的 Azure Arc 的所有作業 |
Microsoft.HybridCompute/locations/operationresults/read | 讀取 Microsoft.HybridCompute 資源提供者上作業的狀態 |
Microsoft.HybridCompute/locations/operationstatus/read | 讀取 Microsoft.HybridCompute 資源提供者上作業的狀態 |
Microsoft.HybridCompute/machines/patchAssessmentResults/read | 讀取任何 Azure Arc patchAssessmentResults |
Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | 讀取任何 Azure Arc patchAssessmentResults/softwarePatches |
Microsoft.HybridCompute/machines/patchInstallationResults/read | 讀取任何 Azure Arc patchInstallationResults |
Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | 讀取任何 Azure Arc patchInstallationResults/softwarePatches |
Microsoft.HybridCompute/locations/updateCenterOperationResults/read | 讀取電腦上更新中心作業的狀態 |
Microsoft.HybridCompute/machines/hybridIdentityMetadata/read | 讀取任何 Azure Arc 機器的混合式身分識別元數據 |
Microsoft.HybridCompute/osType/agentVersions/read | 讀取所有可用的 Azure 連線 Machine Agent 版本 |
Microsoft.HybridCompute/osType/agentVersions/latest/read | 閱讀最新的 Azure 連線 機器代理程式版本 |
Microsoft.HybridCompute/machines/runcommands/read | 讀取任何 Azure Arc Runcommands |
Microsoft.HybridCompute/machines/runcommands/write | 安裝或 更新 Azure Arc runcommands |
Microsoft.HybridCompute/machines/runcommands/delete | 刪除 Azure Arc Runcommands |
Microsoft.HybridCompute/machines/licenseProfiles/read | 讀取任何 Azure Arc licenseProfiles |
Microsoft.HybridCompute/machines/licenseProfiles/write | 安裝或 更新 Azure Arc licenseProfiles |
Microsoft.HybridCompute/machines/licenseProfiles/delete | 刪除 Azure Arc licenseProfiles |
Microsoft.HybridCompute/licenses/read | 讀取任何 Azure Arc 授權 |
Microsoft.HybridCompute/licenses/write | 安裝或 更新 Azure Arc 授權 |
Microsoft.HybridCompute/licenses/delete | 刪除 Azure Arc 授權 |
Microsoft.Resource 連線 or/register/action | 註冊設備資源提供者的訂用帳戶,並啟用設備建立。 |
Microsoft.Resource 連線 or/appliance/read | 取得設備資源 |
Microsoft.Resource 連線 or/appliance/write | 建立或 更新 設備資源 |
Microsoft.Resource 連線 or/appliance/delete | 刪除設備資源 |
Microsoft.Resource 連線 or/locations/operationresults/read | 取得設備作業的結果 |
Microsoft.Resource 連線 or/locations/operationsstatus/read | 取得設備作業的結果 |
Microsoft.Resource 連線 or/appliance/listClusterUserCredential/action | 取得設備叢集用戶認證 |
Microsoft.Resource 連線 or/appliance/listKeys/action | 取得設備叢集客戶用戶金鑰 |
Microsoft.Resource 連線 or/operations/read | 取得設備可用的作業清單 |
Microsoft.ExtendedLocation/register/action | 註冊自定義位置資源提供者的訂用帳戶,並啟用自定義位置的建立。 |
Microsoft.ExtendedLocation/customLocations/read | 取得自定義位置資源 |
Microsoft.ExtendedLocation/customLocations/deploy/action | 將許可權部署至自定義位置資源 |
Microsoft.ExtendedLocation/customLocations/write | 建立或 更新 自定義位置資源 |
Microsoft.ExtendedLocation/customLocations/delete | 刪除自訂位置資源 |
Microsoft.EdgeMarketplace/offers/read | 取得供應專案 |
Microsoft.EdgeMarketplace/publishers/read | 取得發行者 |
Microsoft.Kubernetes/register/action | 向 Microsoft.Kubernetes 資源提供者註冊訂用帳戶 |
Microsoft.KubernetesConfiguration/register/action | 向 Microsoft.KubernetesConfiguration 資源提供者註冊訂用帳戶。 |
Microsoft.KubernetesConfiguration/extensions/write | 建立或更新延伸模組資源。 |
Microsoft.KubernetesConfiguration/extensions/read | 取得擴充實例資源。 |
Microsoft.KubernetesConfiguration/extensions/delete | 刪除擴充實例資源。 |
Microsoft.KubernetesConfiguration/extensions/operations/read | 取得異步操作狀態。 |
Microsoft.KubernetesConfiguration/namespaces/read | 取得命名空間資源 |
Microsoft.KubernetesConfiguration/operations/read | 取得 Microsoft.KubernetesConfiguration 資源提供者的可用作業。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.AzureStackHCI/儲存體 Containers/Write | 建立/更新 記憶體容器資源 |
Microsoft.AzureStackHCI/儲存體 Containers/Read | 取得/列出記憶體容器資源 |
Microsoft.HybridContainerService/register/action | 註冊 Microsoft.HybridContainerService 的訂用帳戶 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none | |
Condition | |
((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'}))OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6})) | 新增或移除下列角色的角色指派: Azure Connected Machine Resource Manager Azure Connected Machine 資源管理員 Azure Connected Machine 上線 Azure Stack HCI VM 讀取器 Azure Stack HCI VM 參與者 Azure Stack HCI 裝置管理 角色 Azure 資源橋接器部署角色 Key Vault 祕密使用者 |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to the cluster and its resources, including the ability to register Azure Stack HCI and assign others as Azure Arc HCI VM Contributor and/or Azure Arc HCI VM Reader",
"id": "/providers/Microsoft.Authorization/roleDefinitions/bda0d508-adf1-4af0-9c28-88919fc3ae06",
"name": "bda0d508-adf1-4af0-9c28-88919fc3ae06",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/register/action",
"Microsoft.AzureStackHCI/Unregister/Action",
"Microsoft.AzureStackHCI/clusters/*",
"Microsoft.HybridCompute/register/action",
"Microsoft.GuestConfiguration/register/action",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourceGroups/delete",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Support/*",
"Microsoft.AzureStackHCI/*",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/assessPatches/action",
"Microsoft.HybridCompute/machines/installPatches/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/operations/read",
"Microsoft.HybridCompute/locations/operationresults/read",
"Microsoft.HybridCompute/locations/operationstatus/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
"Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
"Microsoft.HybridCompute/osType/agentVersions/read",
"Microsoft.HybridCompute/osType/agentVersions/latest/read",
"Microsoft.HybridCompute/machines/runcommands/read",
"Microsoft.HybridCompute/machines/runcommands/write",
"Microsoft.HybridCompute/machines/runcommands/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.ResourceConnector/register/action",
"Microsoft.ResourceConnector/appliances/read",
"Microsoft.ResourceConnector/appliances/write",
"Microsoft.ResourceConnector/appliances/delete",
"Microsoft.ResourceConnector/locations/operationresults/read",
"Microsoft.ResourceConnector/locations/operationsstatus/read",
"Microsoft.ResourceConnector/appliances/listClusterUserCredential/action",
"Microsoft.ResourceConnector/appliances/listKeys/action",
"Microsoft.ResourceConnector/operations/read",
"Microsoft.ExtendedLocation/register/action",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.ExtendedLocation/customLocations/write",
"Microsoft.ExtendedLocation/customLocations/delete",
"Microsoft.EdgeMarketplace/offers/read",
"Microsoft.EdgeMarketplace/publishers/read",
"Microsoft.Kubernetes/register/action",
"Microsoft.KubernetesConfiguration/register/action",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.KubernetesConfiguration/namespaces/read",
"Microsoft.KubernetesConfiguration/operations/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.AzureStackHCI/StorageContainers/Write",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.HybridContainerService/register/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"conditionVersion": "2.0",
"condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6}))"
}
],
"roleName": "Azure Stack HCI Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI 裝置管理 角色
Microsoft.AzureStackHCI 裝置管理 角色
動作 | 描述 |
---|---|
Microsoft.AzureStackHCI/Clusters/* | |
Microsoft.AzureStackHCI/EdgeDevices/* | |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Microsoft.AzureStackHCI Device Management Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/865ae368-6a45-4bd1-8fbf-0d5151f56fc1",
"name": "865ae368-6a45-4bd1-8fbf-0d5151f56fc1",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/Clusters/*",
"Microsoft.AzureStackHCI/EdgeDevices/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI Device Management Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI VM 參與者
授與執行所有 VM 動作的許可權
動作 | 描述 |
---|---|
Microsoft.AzureStackHCI/VirtualMachines/* | |
Microsoft.AzureStackHCI/virtualMachineInstances/* | |
Microsoft.AzureStackHCI/NetworkInterfaces/* | |
Microsoft.AzureStackHCI/VirtualHardDisks/* | |
Microsoft.AzureStackHCI/VirtualNetworks/Read | 取得/列出虛擬網路資源 |
Microsoft.AzureStackHCI/VirtualNetworks/join/action | 聯結虛擬網路資源 |
Microsoft.AzureStackHCI/LogicalNetworks/Read | 取得/列出邏輯網路資源 |
Microsoft.AzureStackHCI/LogicalNetworks/join/action | 聯結邏輯網路資源 |
Microsoft.AzureStackHCI/GalleryImages/Read | 取得/列出資源庫映像資源 |
Microsoft.AzureStackHCI/GalleryImages/deploy/action | 部署資源庫映像資源 |
Microsoft.AzureStackHCI/儲存體 Containers/Read | 取得/列出記憶體容器資源 |
Microsoft.AzureStackHCI/儲存體 Containers/deploy/action | 部署記憶體容器資源 |
Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read | 取得/列出市場位置資源庫映射資源 |
Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action | 部署市場位置資源庫映像資源 |
Microsoft.AzureStackHCI/Clusters/Read | 取得叢集 |
Microsoft.AzureStackHCI/Clusters/Arc 設定/Read | 取得 HCI 叢集的弧線資源 |
Microsoft.Insights/AlertRules/Write | 建立或更新傳統計量警示 |
Microsoft.Insights/AlertRules/Delete | 刪除傳統計量警示 |
Microsoft.Insights/AlertRules/Read | 讀取傳統計量警示 |
Microsoft.Insights/AlertRules/Activated/Action | 已啟動傳統計量警示 |
Microsoft.Insights/AlertRules/Resolved/Action | 已解決傳統計量警示 |
Microsoft.Insights/AlertRules/Throttled/Action | 傳統計量警示規則已節流 |
Microsoft.Insights/AlertRules/Incidents/Read | 讀取傳統計量警示事件 |
Microsoft.Resources/deployments/read | 取得或列出部署。 |
Microsoft.Resources/deployments/write | 建立或更新部署。 |
Microsoft.Resources/deployments/delete | 刪除部署。 |
Microsoft.Resources/deployments/cancel/action | 取消部署。 |
Microsoft.Resources/deployments/validate/action | 驗證部署。 |
Microsoft.Resources/deployments/whatIf/action | 預測範本部署變更。 |
Microsoft.Resources/deployments/exportTemplate/action | 匯出部署的範本 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/deployments/operationstatuses/read | 取得或列出部署作業狀態。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/read | 取得或列出部署。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/write | 建立或更新部署。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | 取得或列出部署作業狀態。 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.HybridCompute/machines/read | 讀取任何 Azure Arc 機器 |
Microsoft.HybridCompute/machines/write | 寫入 Azure Arc 機器 |
Microsoft.HybridCompute/machines/delete | 刪除 Azure Arc 機器 |
Microsoft.HybridCompute/machines/UpgradeExtensions/action | 升級 Azure Arc 機器上的擴充功能 |
Microsoft.HybridCompute/machines/assessPatches/action | 評估任何 Azure Arc 機器以取得遺漏的軟體修補程式 |
Microsoft.HybridCompute/machines/installPatches/action | 在任何 Azure Arc 計算機上安裝修補程式 |
Microsoft.HybridCompute/machines/extensions/read | 讀取任何 Azure Arc 擴充功能 |
Microsoft.HybridCompute/machines/extensions/write | 安裝或 更新 Azure Arc 擴充功能 |
Microsoft.HybridCompute/machines/extensions/delete | 刪除 Azure Arc 擴充功能 |
Microsoft.HybridCompute/operations/read | 讀取適用於伺服器的 Azure Arc 的所有作業 |
Microsoft.HybridCompute/locations/operationresults/read | 讀取 Microsoft.HybridCompute 資源提供者上作業的狀態 |
Microsoft.HybridCompute/locations/operationstatus/read | 讀取 Microsoft.HybridCompute 資源提供者上作業的狀態 |
Microsoft.HybridCompute/machines/patchAssessmentResults/read | 讀取任何 Azure Arc patchAssessmentResults |
Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | 讀取任何 Azure Arc patchAssessmentResults/softwarePatches |
Microsoft.HybridCompute/machines/patchInstallationResults/read | 讀取任何 Azure Arc patchInstallationResults |
Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | 讀取任何 Azure Arc patchInstallationResults/softwarePatches |
Microsoft.HybridCompute/locations/updateCenterOperationResults/read | 讀取電腦上更新中心作業的狀態 |
Microsoft.HybridCompute/machines/hybridIdentityMetadata/read | 讀取任何 Azure Arc 機器的混合式身分識別元數據 |
Microsoft.HybridCompute/osType/agentVersions/read | 讀取所有可用的 Azure 連線 Machine Agent 版本 |
Microsoft.HybridCompute/osType/agentVersions/latest/read | 閱讀最新的 Azure 連線 電腦代理程式版本 |
Microsoft.HybridCompute/machines/runcommands/read | 讀取任何 Azure Arc Runcommands |
Microsoft.HybridCompute/machines/runcommands/write | 安裝或 更新 Azure Arc runcommands |
Microsoft.HybridCompute/machines/runcommands/delete | 刪除 Azure Arc Runcommands |
Microsoft.HybridCompute/machines/licenseProfiles/read | 讀取任何 Azure Arc licenseProfiles |
Microsoft.HybridCompute/machines/licenseProfiles/write | 安裝或 更新 Azure Arc licenseProfiles |
Microsoft.HybridCompute/machines/licenseProfiles/delete | 刪除 Azure Arc licenseProfiles |
Microsoft.HybridCompute/licenses/read | 讀取任何 Azure Arc 授權 |
Microsoft.HybridCompute/licenses/write | 安裝或 更新 Azure Arc 授權 |
Microsoft.HybridCompute/licenses/delete | 刪除 Azure Arc 授權 |
Microsoft.ExtendedLocation/customLocations/Read | 取得自定義位置資源 |
Microsoft.ExtendedLocation/customLocations/deploy/action | 將許可權部署至自定義位置資源 |
Microsoft.KubernetesConfiguration/extensions/read | 取得擴充實例資源。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Grants permissions to perform all VM actions",
"id": "/providers/Microsoft.Authorization/roleDefinitions/874d1c73-6003-4e60-a13a-cb31ea190a85",
"name": "874d1c73-6003-4e60-a13a-cb31ea190a85",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/VirtualMachines/*",
"Microsoft.AzureStackHCI/virtualMachineInstances/*",
"Microsoft.AzureStackHCI/NetworkInterfaces/*",
"Microsoft.AzureStackHCI/VirtualHardDisks/*",
"Microsoft.AzureStackHCI/VirtualNetworks/Read",
"Microsoft.AzureStackHCI/VirtualNetworks/join/action",
"Microsoft.AzureStackHCI/LogicalNetworks/Read",
"Microsoft.AzureStackHCI/LogicalNetworks/join/action",
"Microsoft.AzureStackHCI/GalleryImages/Read",
"Microsoft.AzureStackHCI/GalleryImages/deploy/action",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.AzureStackHCI/StorageContainers/deploy/action",
"Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",
"Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action",
"Microsoft.AzureStackHCI/Clusters/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/delete",
"Microsoft.Resources/deployments/cancel/action",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/whatIf/action",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/assessPatches/action",
"Microsoft.HybridCompute/machines/installPatches/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/operations/read",
"Microsoft.HybridCompute/locations/operationresults/read",
"Microsoft.HybridCompute/locations/operationstatus/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
"Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
"Microsoft.HybridCompute/osType/agentVersions/read",
"Microsoft.HybridCompute/osType/agentVersions/latest/read",
"Microsoft.HybridCompute/machines/runcommands/read",
"Microsoft.HybridCompute/machines/runcommands/write",
"Microsoft.HybridCompute/machines/runcommands/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.ExtendedLocation/customLocations/Read",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.KubernetesConfiguration/extensions/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI VM Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI VM 讀取器
授與檢視 VM 的許可權
動作 | 描述 |
---|---|
Microsoft.AzureStackHCI/VirtualMachines/Read | 取得/列出虛擬機資源 |
Microsoft.AzureStackHCI/virtualMachineInstances/Read | 取得/列出虛擬機實例資源 |
Microsoft.AzureStackHCI/VirtualMachines/Extensions/Read | 取得/列出虛擬機擴充功能資源 |
Microsoft.AzureStackHCI/VirtualNetworks/Read | 取得/列出虛擬網路資源 |
Microsoft.AzureStackHCI/LogicalNetworks/Read | 取得/列出邏輯網路資源 |
Microsoft.AzureStackHCI/NetworkInterfaces/Read | 取得/列出網路介面資源 |
Microsoft.AzureStackHCI/VirtualHardDisks/Read | 取得/列出虛擬硬碟資源 |
Microsoft.AzureStackHCI/儲存體 Containers/Read | 取得/列出記憶體容器資源 |
Microsoft.AzureStackHCI/GalleryImages/Read | 取得/列出資源庫映像資源 |
Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read | 取得/列出市場位置資源庫映射資源 |
Microsoft.HybridCompute/licenses/read | 讀取任何 Azure Arc 授權 |
Microsoft.HybridCompute/machines/extensions/read | 讀取任何 Azure Arc 擴充功能 |
Microsoft.HybridCompute/machines/licenseProfiles/read | 讀取任何 Azure Arc licenseProfiles |
Microsoft.HybridCompute/machines/patchAssessmentResults/read | 讀取任何 Azure Arc patchAssessmentResults |
Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | 讀取任何 Azure Arc patchAssessmentResults/softwarePatches |
Microsoft.HybridCompute/machines/patchInstallationResults/read | 讀取任何 Azure Arc patchInstallationResults |
Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | 讀取任何 Azure Arc patchInstallationResults/softwarePatches |
Microsoft.HybridCompute/machines/read | 讀取任何 Azure Arc 機器 |
Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations/read | 讀取任何 Azure Arc networkSecurityPerimeterConfigurations |
Microsoft.HybridCompute/privateLinkScopes/privateEndpoint 連線 ions/read | 讀取任何 Azure Arc privateEndpoint 連線 ions |
Microsoft.HybridCompute/privateLinkScopes/read | 讀取任何 Azure Arc privateLinkScopes |
Microsoft.Insights/AlertRules/Write | 建立或更新傳統計量警示 |
Microsoft.Insights/AlertRules/Delete | 刪除傳統計量警示 |
Microsoft.Insights/AlertRules/Read | 讀取傳統計量警示 |
Microsoft.Insights/AlertRules/Activated/Action | 已啟動傳統計量警示 |
Microsoft.Insights/AlertRules/Resolved/Action | 已解決傳統計量警示 |
Microsoft.Insights/AlertRules/Throttled/Action | 傳統計量警示規則已節流 |
Microsoft.Insights/AlertRules/Incidents/Read | 讀取傳統計量警示事件 |
Microsoft.Resources/deployments/read | 取得或列出部署。 |
Microsoft.Resources/deployments/exportTemplate/action | 匯出部署的範本 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/deployments/operationstatuses/read | 取得或列出部署作業狀態。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/read | 取得或列出部署。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | 取得或列出部署作業狀態。 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Grants permissions to view VMs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4b3fe76c-f777-4d24-a2d7-b027b0f7b273",
"name": "4b3fe76c-f777-4d24-a2d7-b027b0f7b273",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/VirtualMachines/Read",
"Microsoft.AzureStackHCI/virtualMachineInstances/Read",
"Microsoft.AzureStackHCI/VirtualMachines/Extensions/Read",
"Microsoft.AzureStackHCI/VirtualNetworks/Read",
"Microsoft.AzureStackHCI/LogicalNetworks/Read",
"Microsoft.AzureStackHCI/NetworkInterfaces/Read",
"Microsoft.AzureStackHCI/VirtualHardDisks/Read",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.AzureStackHCI/GalleryImages/Read",
"Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations/read",
"Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/read",
"Microsoft.HybridCompute/privateLinkScopes/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI VM Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack 註冊擁有者
可讓您管理 Azure Stack 註冊。
動作 | 描述 |
---|---|
Microsoft.AzureStack/edgeSubscriptions/read | |
Microsoft.AzureStack/registrations/products/*/action | |
Microsoft.AzureStack/registrations/products/read | 取得 Azure Stack Marketplace 產品的屬性 |
Microsoft.AzureStack/registrations/read | 取得 Azure Stack 註冊的屬性 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Stack registrations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"permissions": [
{
"actions": [
"Microsoft.AzureStack/edgeSubscriptions/read",
"Microsoft.AzureStack/registrations/products/*/action",
"Microsoft.AzureStack/registrations/products/read",
"Microsoft.AzureStack/registrations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack Registration Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
下一步
意見反應
https://aka.ms/ContentUserFeedback。
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:提交並檢視相關的意見反應