適用於整合的 Azure 內建角色
本文列出整合類別中的 Azure 內建角色。
API 管理服務參與者
可以管理服務和 API
動作 | 描述 |
---|---|
Microsoft.ApiManagement/service/* | 建立和管理 API 管理 服務 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Can manage service and the APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c",
"name": "312a565d-c81f-4fd8-895a-4e21e48d571c",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API 管理服務操作員角色
可以管理服務,但不能管理服務
動作 | 描述 |
---|---|
Microsoft.ApiManagement/service/*/read | 讀取服務實例 API 管理 |
Microsoft.ApiManagement/service/backup/action | 將 API 管理 服務備份至使用者提供的記憶體帳戶中指定的容器 |
Microsoft.ApiManagement/service/delete | 刪除服務實例 API 管理 |
Microsoft.ApiManagement/service/managedeployments/action | 變更 SKU/單位、新增/移除 API 管理 服務的區域性部署 |
Microsoft.ApiManagement/service/read | 讀取 API 管理 服務實例的元數據 |
Microsoft.ApiManagement/service/restore/action | 從使用者提供的記憶體帳戶中指定的容器還原 API 管理 服務 |
Microsoft.ApiManagement/service/updatecertificate/action | 上傳 API 管理 服務的 TLS/SSL 憑證 |
Microsoft.ApiManagement/service/updatehostname/action | 設定、更新或移除 API 管理 服務的自定義功能變數名稱 |
Microsoft.ApiManagement/service/write | 建立或更新服務實例 API 管理 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
NotActions | |
Microsoft.ApiManagement/service/users/keys/read | 取得與使用者相關聯的金鑰 |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Can manage service but not the APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61",
"name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*/read",
"Microsoft.ApiManagement/service/backup/action",
"Microsoft.ApiManagement/service/delete",
"Microsoft.ApiManagement/service/managedeployments/action",
"Microsoft.ApiManagement/service/read",
"Microsoft.ApiManagement/service/restore/action",
"Microsoft.ApiManagement/service/updatecertificate/action",
"Microsoft.ApiManagement/service/updatehostname/action",
"Microsoft.ApiManagement/service/write",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.ApiManagement/service/users/keys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API 管理服務讀取者角色
服務和 API 的唯讀存取權
動作 | 描述 |
---|---|
Microsoft.ApiManagement/service/*/read | 讀取服務實例 API 管理 |
Microsoft.ApiManagement/service/read | 讀取 API 管理 服務實例的元數據 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
NotActions | |
Microsoft.ApiManagement/service/users/keys/read | 取得與使用者相關聯的金鑰 |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Read-only access to service and APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d",
"name": "71522526-b88f-4d52-b57f-d31fc3546d0d",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*/read",
"Microsoft.ApiManagement/service/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.ApiManagement/service/users/keys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
APIM 服務工作區 API 開發人員
具有標籤和產品的讀取許可權,以及允許的寫入許可權:將 API 指派給產品、將標籤指派給產品和 API。 此角色應在服務範圍上指派。
動作 | 描述 |
---|---|
Microsoft.ApiManagement/service/tags/read | 列出服務實例內定義的標記集合。 或取得其識別碼所指定標記的詳細數據。 |
Microsoft.ApiManagement/service/tags/apiLinks/* | |
Microsoft.ApiManagement/service/tags/operationLinks/* | |
Microsoft.ApiManagement/service/tags/productLinks/* | |
Microsoft.ApiManagement/service/products/read | 列出指定服務實例中的產品集合。 或取得其識別碼所指定產品的詳細數據。 |
Microsoft.ApiManagement/service/products/apiLinks/* | |
Microsoft.ApiManagement/service/read | 讀取 API 管理 服務實例的元數據 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Has read access to tags and products and write access to allow: assigning APIs to products, assigning tags to products and APIs. This role should be assigned on the service scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/9565a273-41b9-4368-97d2-aeb0c976a9b3",
"name": "9565a273-41b9-4368-97d2-aeb0c976a9b3",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/tags/read",
"Microsoft.ApiManagement/service/tags/apiLinks/*",
"Microsoft.ApiManagement/service/tags/operationLinks/*",
"Microsoft.ApiManagement/service/tags/productLinks/*",
"Microsoft.ApiManagement/service/products/read",
"Microsoft.ApiManagement/service/products/apiLinks/*",
"Microsoft.ApiManagement/service/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Workspace API Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
APIM 服務工作區 API 產品管理員
具備與 APIM 服務工作區 API 開發人員相同的存取權,以及使用者的讀取權限和寫入權限,以允許將使用者指派給群組。 此角色應在服務範圍上指派。
動作 | 描述 |
---|---|
Microsoft.ApiManagement/service/users/read | 列出指定服務實例中已註冊用戶的集合。 或取得其識別碼所指定之用戶的詳細數據。 |
Microsoft.ApiManagement/service/tags/read | 列出服務實例內定義的標記集合。 或取得其識別碼所指定標記的詳細數據。 |
Microsoft.ApiManagement/service/tags/apiLinks/* | |
Microsoft.ApiManagement/service/tags/operationLinks/* | |
Microsoft.ApiManagement/service/tags/productLinks/* | |
Microsoft.ApiManagement/service/products/read | 列出指定服務實例中的產品集合。 或取得其識別碼所指定產品的詳細數據。 |
Microsoft.ApiManagement/service/products/apiLinks/* | |
Microsoft.ApiManagement/service/groups/read | 列出服務實例內定義的群組集合。 或取得其識別碼所指定群組的詳細數據。 |
Microsoft.ApiManagement/service/groups/users/* | |
Microsoft.ApiManagement/service/read | 讀取 API 管理 服務實例的元數據 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da",
"name": "d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/users/read",
"Microsoft.ApiManagement/service/tags/read",
"Microsoft.ApiManagement/service/tags/apiLinks/*",
"Microsoft.ApiManagement/service/tags/operationLinks/*",
"Microsoft.ApiManagement/service/tags/productLinks/*",
"Microsoft.ApiManagement/service/products/read",
"Microsoft.ApiManagement/service/products/apiLinks/*",
"Microsoft.ApiManagement/service/groups/read",
"Microsoft.ApiManagement/service/groups/users/*",
"Microsoft.ApiManagement/service/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Workspace API Product Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
APIM 工作區 API 開發人員
具備工作區中實體的讀取權限,以及用於編輯 API 之實體的讀取和寫入權限。 此角色應在工作區範圍上指派。
動作 | 描述 |
---|---|
Microsoft.ApiManagement/service/workspaces/*/read | |
Microsoft.ApiManagement/service/workspaces/apis/* | |
Microsoft.ApiManagement/service/workspaces/apiVersionSets/* | |
Microsoft.ApiManagement/service/workspaces/policies/* | |
Microsoft.ApiManagement/service/workspaces/schemas/* | |
Microsoft.ApiManagement/service/workspaces/products/* | |
Microsoft.ApiManagement/service/workspaces/policyFragments/* | |
Microsoft.ApiManagement/service/workspaces/namedValues/* | |
Microsoft.ApiManagement/service/workspaces/tags/* | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Has read access to entities in the workspace and read and write access to entities for editing APIs. This role should be assigned on the workspace scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/56328988-075d-4c6a-8766-d93edd6725b6",
"name": "56328988-075d-4c6a-8766-d93edd6725b6",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/workspaces/*/read",
"Microsoft.ApiManagement/service/workspaces/apis/*",
"Microsoft.ApiManagement/service/workspaces/apiVersionSets/*",
"Microsoft.ApiManagement/service/workspaces/policies/*",
"Microsoft.ApiManagement/service/workspaces/schemas/*",
"Microsoft.ApiManagement/service/workspaces/products/*",
"Microsoft.ApiManagement/service/workspaces/policyFragments/*",
"Microsoft.ApiManagement/service/workspaces/namedValues/*",
"Microsoft.ApiManagement/service/workspaces/tags/*",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Workspace API Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
APIM 工作區 API 產品管理員
具備工作區中實體的讀取權限,以及用於發佈 API 之實體的讀取和寫入權限。 此角色應在工作區範圍上指派。
動作 | 描述 |
---|---|
Microsoft.ApiManagement/service/workspaces/*/read | |
Microsoft.ApiManagement/service/workspaces/products/* | |
Microsoft.ApiManagement/service/workspaces/subscriptions/* | |
Microsoft.ApiManagement/service/workspaces/groups/* | |
Microsoft.ApiManagement/service/workspaces/tags/* | |
Microsoft.ApiManagement/service/workspaces/notifications/* | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Has read access to entities in the workspace and read and write access to entities for publishing APIs. This role should be assigned on the workspace scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/73c2c328-d004-4c5e-938c-35c6f5679a1f",
"name": "73c2c328-d004-4c5e-938c-35c6f5679a1f",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/workspaces/*/read",
"Microsoft.ApiManagement/service/workspaces/products/*",
"Microsoft.ApiManagement/service/workspaces/subscriptions/*",
"Microsoft.ApiManagement/service/workspaces/groups/*",
"Microsoft.ApiManagement/service/workspaces/tags/*",
"Microsoft.ApiManagement/service/workspaces/notifications/*",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Workspace API Product Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
APIM 工作區參與者
可以管理工作區和檢視,但無法修改其成員。 此角色應在工作區範圍上指派。
動作 | 描述 |
---|---|
Microsoft.ApiManagement/service/workspaces/* | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Can manage the workspace and view, but not modify its members. This role should be assigned on the workspace scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0c34c906-8d99-4cb7-8bb7-33f5b0a1a799",
"name": "0c34c906-8d99-4cb7-8bb7-33f5b0a1a799",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/workspaces/*",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Workspace Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
APIM 工作區讀者
具備工作區中實體的唯讀權限。 此角色應在工作區範圍上指派。
動作 | 描述 |
---|---|
Microsoft.ApiManagement/service/workspaces/*/read | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Has read-only access to entities in the workspace. This role should be assigned on the workspace scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2",
"name": "ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/workspaces/*/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Workspace Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
應用程式組態資料擁有者
允許完整存取 應用程式組態 數據。
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.AppConfiguration/configurationStores/*/read | |
Microsoft.AppConfiguration/configurationStores/*/write | |
Microsoft.AppConfiguration/configurationStores/*/delete | |
Microsoft.AppConfiguration/configurationStores/*/action | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows full access to App Configuration data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
"name": "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppConfiguration/configurationStores/*/read",
"Microsoft.AppConfiguration/configurationStores/*/write",
"Microsoft.AppConfiguration/configurationStores/*/delete",
"Microsoft.AppConfiguration/configurationStores/*/action"
],
"notDataActions": []
}
],
"roleName": "App Configuration Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
應用程式組態資料讀者
允許讀取 應用程式組態 數據。
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.AppConfiguration/configurationStores/*/read | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to App Configuration data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071",
"name": "516239f1-63e1-4d78-a4de-a74fb236a071",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppConfiguration/configurationStores/*/read"
],
"notDataActions": []
}
],
"roleName": "App Configuration Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure API 中心合規性管理員
允許在 Azure API 中心服務中管理 API 合規性。
動作 | 描述 |
---|---|
Microsoft.ApiCenter/services/*/read | |
Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/updateAnalysisState/action | 更新 指定 API 定義的分析結果。 |
Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action | 匯出 API 定義檔。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows managing API compliance in Azure API Center service.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ede9aaa3-4627-494e-be13-4aa7c256148d",
"name": "ede9aaa3-4627-494e-be13-4aa7c256148d",
"permissions": [
{
"actions": [
"Microsoft.ApiCenter/services/*/read",
"Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/updateAnalysisState/action",
"Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure API Center Compliance Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure API 中心數據讀取器
允許存取 Azure API 中心數據平面讀取作業。
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.ApiCenter/services/*/read | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for access to Azure API Center data plane read operations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c7244dfb-f447-457d-b2ba-3999044d1706",
"name": "c7244dfb-f447-457d-b2ba-3999044d1706",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.ApiCenter/services/*/read"
],
"notDataActions": []
}
],
"roleName": "Azure API Center Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure API 中心服務參與者
允許管理 Azure API 中心服務。
動作 | 描述 |
---|---|
Microsoft.ApiCenter/services/* | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
NotActions | |
Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/updateAnalysisState/action | 更新 指定 API 定義的分析結果。 |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows managing Azure API Center service.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/dd24193f-ef65-44e5-8a7e-6fa6e03f7713",
"name": "dd24193f-ef65-44e5-8a7e-6fa6e03f7713",
"permissions": [
{
"actions": [
"Microsoft.ApiCenter/services/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [
"Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/updateAnalysisState/action"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure API Center Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure API 中心服務讀取器
允許唯讀存取 Azure API 中心服務。
動作 | 描述 |
---|---|
Microsoft.ApiCenter/services/*/read | |
Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action | 匯出 API 定義檔。 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows read-only access to Azure API Center service.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6cba8790-29c5-48e5-bab1-c7541b01cb04",
"name": "6cba8790-29c5-48e5-bab1-c7541b01cb04",
"permissions": [
{
"actions": [
"Microsoft.ApiCenter/services/*/read",
"Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure API Center Service Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 轉接聽程式
允許接聽 Azure 轉播資源的存取權。
動作 | 描述 |
---|---|
Microsoft.Relay/*/wcfRelays/read | |
Microsoft.Relay/*/hybrid 連線 ions/read | |
NotActions | |
none | |
DataActions | |
Microsoft.Relay/*/listen/action | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for listen access to Azure Relay resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/26e0b698-aa6d-4085-9386-aadae190014d",
"name": "26e0b698-aa6d-4085-9386-aadae190014d",
"permissions": [
{
"actions": [
"Microsoft.Relay/*/wcfRelays/read",
"Microsoft.Relay/*/hybridConnections/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Relay/*/listen/action"
],
"notDataActions": []
}
],
"roleName": "Azure Relay Listener",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 轉送擁有者
允許完整存取 Azure 轉播資源。
動作 | 描述 |
---|---|
Microsoft.Relay/* | |
NotActions | |
none | |
DataActions | |
Microsoft.Relay/* | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Relay resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2787bf04-f1f5-4bfe-8383-c8a24483ee38",
"name": "2787bf04-f1f5-4bfe-8383-c8a24483ee38",
"permissions": [
{
"actions": [
"Microsoft.Relay/*"
],
"notActions": [],
"dataActions": [
"Microsoft.Relay/*"
],
"notDataActions": []
}
],
"roleName": "Azure Relay Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 轉送寄件者
允許傳送對 Azure 轉送資源的存取權。
動作 | 描述 |
---|---|
Microsoft.Relay/*/wcfRelays/read | |
Microsoft.Relay/*/hybrid 連線 ions/read | |
NotActions | |
none | |
DataActions | |
Microsoft.Relay/*/send/action | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for send access to Azure Relay resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/26baccc8-eea7-41f1-98f4-1762cc7f685d",
"name": "26baccc8-eea7-41f1-98f4-1762cc7f685d",
"permissions": [
{
"actions": [
"Microsoft.Relay/*/wcfRelays/read",
"Microsoft.Relay/*/hybridConnections/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Relay/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Relay Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 服務匯流排 數據擁有者
允許完整存取 Azure 服務匯流排 資源。
動作 | 描述 |
---|---|
Microsoft.ServiceBus/* | |
NotActions | |
none | |
DataActions | |
Microsoft.ServiceBus/* | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Service Bus resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419",
"name": "090c5cfd-751d-490a-894a-3ce6f1109419",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 服務匯流排 數據接收器
允許接收 Azure 服務匯流排 資源的存取權。
動作 | 描述 |
---|---|
Microsoft.ServiceBus/*/queues/read | |
Microsoft.ServiceBus/*/topics/read | |
Microsoft.ServiceBus/*/topics/subscriptions/read | |
NotActions | |
none | |
DataActions | |
Microsoft.ServiceBus/*/receive/action | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for receive access to Azure Service Bus resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
"name": "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*/queues/read",
"Microsoft.ServiceBus/*/topics/read",
"Microsoft.ServiceBus/*/topics/subscriptions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 服務匯流排資料傳送者
允許傳送 Azure 服務匯流排 資源的存取權。
動作 | 描述 |
---|---|
Microsoft.ServiceBus/*/queues/read | |
Microsoft.ServiceBus/*/topics/read | |
Microsoft.ServiceBus/*/topics/subscriptions/read | |
NotActions | |
none | |
DataActions | |
Microsoft.ServiceBus/*/send/action | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for send access to Azure Service Bus resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
"name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*/queues/read",
"Microsoft.ServiceBus/*/topics/read",
"Microsoft.ServiceBus/*/topics/subscriptions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
BizTalk 參與者
可讓您管理 BizTalk 服務,但無法存取它們。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.BizTalkServices/BizTalk/* | 建立和管理 BizTalk 服務 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage BizTalk services, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5e3c6656-6cfa-4708-81fe-0de47ac73342",
"name": "5e3c6656-6cfa-4708-81fe-0de47ac73342",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.BizTalkServices/BizTalk/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "BizTalk Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid 參與者
可讓您管理 EventGrid 作業。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.EventGrid/* | 建立和管理事件方格資源 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage EventGrid operations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de",
"name": "1e241071-0855-49ea-94dc-649edcd759de",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid 數據傳送者
允許傳送事件方格事件的存取權。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.EventGrid/topics/read | 閱讀主題 |
Microsoft.EventGrid/domains/read | 讀取網域 |
Microsoft.EventGrid/partnerNamespaces/read | 讀取夥伴命名空間 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.EventGrid/namespaces/read | 讀取命名空間 |
NotActions | |
none | |
DataActions | |
Microsoft.EventGrid/events/send/action | 將事件傳送至主題 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows send access to event grid events.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d5a91429-5739-47e2-a06b-3470a27159e7",
"name": "d5a91429-5739-47e2-a06b-3470a27159e7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/topics/read",
"Microsoft.EventGrid/domains/read",
"Microsoft.EventGrid/partnerNamespaces/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.EventGrid/namespaces/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventGrid/events/send/action"
],
"notDataActions": []
}
],
"roleName": "EventGrid Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid EventSubscription 參與者
可讓您管理 EventGrid 事件訂用帳戶作業。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.EventGrid/eventSubscriptions/* | 建立和管理區域事件訂用帳戶 |
Microsoft.EventGrid/topicTypes/eventSubscriptions/read | 依主題類型列出全域事件訂閱 |
Microsoft.EventGrid/locations/eventSubscriptions/read | 列出區域事件訂用帳戶 |
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read | 依 topictype 列出區域事件訂用帳戶 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage EventGrid event subscription operations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
"name": "428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/eventSubscriptions/*",
"Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
"Microsoft.EventGrid/locations/eventSubscriptions/read",
"Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid EventSubscription Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid EventSubscription 讀取器
可讓您讀取 EventGrid 事件訂用帳戶。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.EventGrid/eventSubscriptions/read | 讀取 eventSubscription |
Microsoft.EventGrid/topicTypes/eventSubscriptions/read | 依主題類型列出全域事件訂閱 |
Microsoft.EventGrid/locations/eventSubscriptions/read | 列出區域事件訂用帳戶 |
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read | 依 topictype 列出區域事件訂用帳戶 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read EventGrid event subscriptions.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405",
"name": "2414bbcf-6497-4faf-8c65-045460748405",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/eventSubscriptions/read",
"Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
"Microsoft.EventGrid/locations/eventSubscriptions/read",
"Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid EventSubscription Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR 數據參與者
角色可讓使用者或主體完整存取 FHIR 數據
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthcareApis/services/fhir/resources/* | |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/* | |
NotDataActions | |
Microsoft.HealthcareApis/services/fhir/resources/smart/action | 允許使用者根據SMART on FHIR規格存取FHIR服務。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/smart/action | 允許使用者根據SMART on FHIR規格存取FHIR服務。 |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal full access to FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5a1fc7df-4bf1-4951-a576-89034ee01acd",
"name": "5a1fc7df-4bf1-4951-a576-89034ee01acd",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/*",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/*"
],
"notDataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/smart/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/smart/action"
]
}
],
"roleName": "FHIR Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR 數據匯出工具
角色可讓使用者或主體讀取和導出 FHIR 數據
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthcareApis/services/fhir/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
Microsoft.HealthcareApis/services/fhir/resources/export/action | 匯出作業($export)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action | 匯出作業($export)。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to read and export FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3db33094-8700-4567-8da5-1501d4e7e843",
"name": "3db33094-8700-4567-8da5-1501d4e7e843",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/read",
"Microsoft.HealthcareApis/services/fhir/resources/export/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/read",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Exporter",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR 資料匯入工具
角色可讓使用者或主體讀取和匯入 FHIR 數據
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action | 以批次的方式匯入 FHIR 資源。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to read and import FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4465e953-8ced-4406-a58e-0f6e3f3b530b",
"name": "4465e953-8ced-4406-a58e-0f6e3f3b530b",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/read",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Importer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR 數據讀取器
角色可讓使用者或主體讀取 FHIR 數據
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthcareApis/services/fhir/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to read FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4c8d0bbc-75d3-4935-991f-5f3c56d81508",
"name": "4c8d0bbc-75d3-4935-991f-5f3c56d81508",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/read",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/read"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR 數據寫入器
角色可讓使用者或主體讀取和寫入 FHIR 數據
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthcareApis/services/fhir/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
Microsoft.HealthcareApis/services/fhir/resources/write | 寫入 FHIR 資源(包括建立和更新)。 |
Microsoft.HealthcareApis/services/fhir/resources/delete | 刪除 FHIR 資源(虛刪除)。 |
Microsoft.HealthcareApis/services/fhir/resources/export/action | 匯出作業($export)。 |
Microsoft.HealthcareApis/services/fhir/resources/resourceValidate/action | 驗證作業 ($validate)。 |
Microsoft.HealthcareApis/services/fhir/resources/reindex/action | 允許使用者執行 Reindex 作業,以編製尚未編製索引的任何搜尋參數的索引。 |
Microsoft.HealthcareApis/services/fhir/resources/convertData/action | 資料轉換作業 ($convert-data) |
Microsoft.HealthcareApis/services/fhir/resources/editProfileDefinitions/action | 允許使用者在配置檔資源上執行建立更新刪除作業。 |
Microsoft.HealthcareApis/services/fhir/resources/import/action | 以批次的方式匯入 FHIR 資源。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/write | 寫入 FHIR 資源(包括建立和更新)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/delete | 刪除 FHIR 資源(虛刪除)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action | 匯出作業($export)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/resourceValidate/action | 驗證作業 ($validate)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/reindex/action | 允許使用者執行 Reindex 作業,以編製尚未編製索引的任何搜尋參數的索引。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/convertData/action | 資料轉換作業 ($convert-data) |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/editProfileDefinitions/action | 允許使用者在配置檔資源上執行建立更新刪除作業。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action | 以批次的方式匯入 FHIR 資源。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to read and write FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3f88fce4-5892-4214-ae73-ba5294559913",
"name": "3f88fce4-5892-4214-ae73-ba5294559913",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/read",
"Microsoft.HealthcareApis/services/fhir/resources/write",
"Microsoft.HealthcareApis/services/fhir/resources/delete",
"Microsoft.HealthcareApis/services/fhir/resources/export/action",
"Microsoft.HealthcareApis/services/fhir/resources/resourceValidate/action",
"Microsoft.HealthcareApis/services/fhir/resources/reindex/action",
"Microsoft.HealthcareApis/services/fhir/resources/convertData/action",
"Microsoft.HealthcareApis/services/fhir/resources/editProfileDefinitions/action",
"Microsoft.HealthcareApis/services/fhir/resources/import/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/read",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/write",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/delete",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/resourceValidate/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/reindex/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/convertData/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/editProfileDefinitions/action",
"Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Writer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Integration Service 環境參與者
可讓您管理整合服務環境,但無法存取它們。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Support/* | 建立及更新支援票證 |
Microsoft.Logic/integrationServiceEnvironments/* | |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage integration service environments, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a41e2c5b-bd99-4a07-88f4-9bf657a760b8",
"name": "a41e2c5b-bd99-4a07-88f4-9bf657a760b8",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Support/*",
"Microsoft.Logic/integrationServiceEnvironments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Integration Service Environment Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Integration Service Environment Developer
可讓開發人員在整合服務環境中建立和更新工作流程、整合帳戶和 API 連線。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Support/* | 建立及更新支援票證 |
Microsoft.Logic/integrationServiceEnvironments/read | 讀取整合服務環境。 |
Microsoft.Logic/integrationServiceEnvironments/*/join/action | |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows developers to create and update workflows, integration accounts and API connections in integration service environments.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c7aa55d3-1abb-444a-a5ca-5e51e485d6ec",
"name": "c7aa55d3-1abb-444a-a5ca-5e51e485d6ec",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Support/*",
"Microsoft.Logic/integrationServiceEnvironments/read",
"Microsoft.Logic/integrationServiceEnvironments/*/join/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Integration Service Environment Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
智慧型系統帳戶參與者
可讓您管理智慧型手機系統帳戶,但無法存取它們。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.IntelligentSystems/accounts/* | 建立和管理智慧型手機系統帳戶 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Intelligent Systems accounts, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e",
"name": "03a6d094-3444-4b3d-88af-7477090a9e5e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.IntelligentSystems/accounts/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Intelligent Systems Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
邏輯應用程式參與者
可讓您管理邏輯應用程式,但無法變更其存取權。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Classic 儲存體/storageAccounts/listKeys/action | 列出記憶體帳戶的存取金鑰。 |
Microsoft.Classic 儲存體/storageAccounts/read | 傳回具有指定帳戶的記憶體帳戶。 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Insights/metricAlerts/* | |
Microsoft.Insights/diagnostic 設定/* | 建立、更新或讀取 Analysis Server 的診斷設定 |
Microsoft.Insights/logdefinitions/* | 需要透過入口網站存取活動記錄的使用者,需要此權限。 列出活動記錄中的記錄類別。 |
Microsoft.Insights/metricDefinitions/* | 讀取計量定義 (資源的可用指標類型清單)。 |
Microsoft.Logic/* | 管理 Logic Apps 資源。 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
微軟。儲存體/storageAccounts/listkeys/action | 傳回指定記憶體帳戶的存取金鑰。 |
微軟。儲存體/storageAccounts/read | 傳回記憶體帳戶的清單,或取得指定之記憶體帳戶的屬性。 |
Microsoft.Support/* | 建立及更新支援票證 |
Microsoft.Web/connectionGateways/* | 建立和管理 連線 閘道。 |
Microsoft.Web/connections/* | 建立和管理 連線。 |
Microsoft.Web/customApis/* | 建立和管理自定義 API。 |
Microsoft.Web/serverFarms/join/action | 加入 App Service 方案 |
Microsoft.Web/serverFarms/read | 取得 App Service 方案上的屬性 |
Microsoft.Web/sites/functions/listSecrets/action | 列出函式秘密。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage logic app, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e",
"name": "87a39d53-fc1b-424a-814c-f7e04687dc9e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.ClassicStorage/storageAccounts/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/logdefinitions/*",
"Microsoft.Insights/metricDefinitions/*",
"Microsoft.Logic/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*",
"Microsoft.Web/connectionGateways/*",
"Microsoft.Web/connections/*",
"Microsoft.Web/customApis/*",
"Microsoft.Web/serverFarms/join/action",
"Microsoft.Web/serverFarms/read",
"Microsoft.Web/sites/functions/listSecrets/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic App Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
邏輯應用程式操作員
可讓您讀取、啟用和停用邏輯應用程式,但無法編輯或更新邏輯應用程式。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/*/read | 讀取深入解析警示規則 |
Microsoft.Insights/metricAlerts/*/read | |
Microsoft.Insights/diagnostic 設定/*/read | 取得 Logic Apps 的診斷設定 |
Microsoft.Insights/metricDefinitions/*/read | 取得 Logic Apps 的可用計量。 |
Microsoft.Logic/*/read | 讀取 Logic Apps 資源。 |
Microsoft.Logic/workflows/disable/action | 停用工作流程。 |
Microsoft.Logic/workflows/enable/action | 啟用工作流程。 |
Microsoft.Logic/workflows/validate/action | 驗證工作流程。 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
Microsoft.Web/connectionGateways/*/read | 讀取 連線 閘道。 |
Microsoft.Web/connections/*/read | 讀取 連線。 |
Microsoft.Web/customApis/*/read | 讀取自定義 API。 |
Microsoft.Web/serverFarms/read | 取得 App Service 方案上的屬性 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read, enable and disable logic app.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
"name": "515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*/read",
"Microsoft.Insights/metricAlerts/*/read",
"Microsoft.Insights/diagnosticSettings/*/read",
"Microsoft.Insights/metricDefinitions/*/read",
"Microsoft.Logic/*/read",
"Microsoft.Logic/workflows/disable/action",
"Microsoft.Logic/workflows/enable/action",
"Microsoft.Logic/workflows/validate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/connectionGateways/*/read",
"Microsoft.Web/connections/*/read",
"Microsoft.Web/customApis/*/read",
"Microsoft.Web/serverFarms/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic App Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Logic Apps 標準參與者 (預覽)
您可以管理標準邏輯應用程式和工作流程的所有層面。 您無法變更存取權或擁有權。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
Microsoft.Web/*/read | |
Microsoft.Web/certificates/* | 建立和管理憑證。 |
Microsoft.Web/connectionGateways/* | 建立和管理 連線 閘道。 |
Microsoft.Web/connections/* | 建立和管理 連線。 |
Microsoft.Web/customApis/* | 建立和管理自定義 API。 |
Microsoft.Web/serverFarms/* | 建立和管理 App Service 方案。 |
Microsoft.Web/sites/* | 建立和管理 Web 應用程式。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "You can manage all aspects of a Standard logic app and workflows. You can't change access or ownership.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ad710c24-b039-4e85-a019-deb4a06e8570",
"name": "ad710c24-b039-4e85-a019-deb4a06e8570",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/*/read",
"Microsoft.Web/certificates/*",
"Microsoft.Web/connectionGateways/*",
"Microsoft.Web/connections/*",
"Microsoft.Web/customApis/*",
"Microsoft.Web/serverFarms/*",
"Microsoft.Web/sites/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic Apps Standard Contributor (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Logic Apps 標準開發人員 (預覽)
您可以建立和編輯標準邏輯應用程式的工作流程、連線和設定。 您無法在工作流程範圍之外進行變更。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
Microsoft.Web/*/read | |
Microsoft.Web/connections/* | 建立和管理 連線。 |
Microsoft.Web/customApis/* | 建立和管理自定義 API。 |
Microsoft.Web/sites/config/list/Action | 列出 Web 應用程式的安全性敏感性設定,例如發佈認證、應用程式設定和 連接字串 |
microsoft.web/sites/config/Write | 更新 Web 應用程式的組態設定 |
microsoft.web/sites/config/web/appsettings/delete | 刪除 Web Apps 應用程式設定 |
microsoft.web/sites/config/web/appsettings/write | 建立或更新 Web 應用程式單一應用程式設定 |
microsoft.web/sites/deployWorkflowArtifacts/action | 在邏輯應用程式中建立成品。 |
microsoft.web/sites/hostruntime/* | 取得或列出 Web 應用程式或函式應用程式的 hostruntime 成品。 |
microsoft.web/sites/listworkflowsconnections/action | 依邏輯應用程式中的標識碼列出邏輯應用程式的連線。 |
Microsoft.Web/sites/publish/Action | 發佈 Web 應用程式 |
microsoft.web/sites/slots/config/appsettings/write | 建立或更新 Web 應用程式位置的單一應用程式設定 |
Microsoft.Web/sites/slots/config/list/Action | 列出 Web 應用程式位置的安全性敏感性設定,例如發佈認證、應用程式設定和 連接字串 |
microsoft.web/sites/slots/config/web/appsettings/delete | 刪除 Web 應用程式位置的應用程式設定 |
microsoft.web/sites/slots/deployWorkflowArtifacts/action | 在邏輯應用程式中的部署位置中建立成品。 |
microsoft.web/sites/slots/listworkflowsconnections/action | 依邏輯應用程式部署位置中的識別碼,列出邏輯應用程式的連線。 |
Microsoft.Web/sites/slots/publish/Action | 發佈 Web 應用程式位置 |
microsoft.web/sites/workflows/* | |
microsoft.web/sites/workflowsconfiguration/* | |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "You can create and edit workflows, connections, and settings for a Standard logic app. You can't make changes outside the workflow scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/523776ba-4eb2-4600-a3c8-f2dc93da4bdb",
"name": "523776ba-4eb2-4600-a3c8-f2dc93da4bdb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/*/read",
"Microsoft.Web/connections/*",
"Microsoft.Web/customApis/*",
"Microsoft.Web/sites/config/list/Action",
"microsoft.web/sites/config/Write",
"microsoft.web/sites/config/web/appsettings/delete",
"microsoft.web/sites/config/web/appsettings/write",
"microsoft.web/sites/deployWorkflowArtifacts/action",
"microsoft.web/sites/hostruntime/*",
"microsoft.web/sites/listworkflowsconnections/action",
"Microsoft.Web/sites/publish/Action",
"microsoft.web/sites/slots/config/appsettings/write",
"Microsoft.Web/sites/slots/config/list/Action",
"microsoft.web/sites/slots/config/web/appsettings/delete",
"microsoft.web/sites/slots/deployWorkflowArtifacts/action",
"microsoft.web/sites/slots/listworkflowsconnections/action",
"Microsoft.Web/sites/slots/publish/Action",
"microsoft.web/sites/workflows/*",
"microsoft.web/sites/workflowsconfiguration/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic Apps Standard Developer (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Logic Apps 標準操作員 (預覽)
您可以啟用和停用邏輯應用程式、重新提交工作流程執行,以及建立連線。 您無法編輯工作流程或設定。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
Microsoft.Web/*/read | |
Microsoft.Web/sites/applySlotConfig/Action | 將 Web 應用程式位置設定從目標位置套用至目前的 Web 應用程式 |
microsoft.web/sites/hostruntime/* | 取得或列出 Web 應用程式或函式應用程式的 hostruntime 成品。 |
Microsoft.Web/sites/restart/Action | 重新啟動 Web 應用程式 |
Microsoft.Web/sites/slots/restart/Action | 重新啟動 Web 應用程式位置 |
Microsoft.Web/sites/slots/slotsswap/Action | 交換 Web 應用程式部署位置 |
Microsoft.Web/sites/slots/start/Action | 啟動 Web 應用程式位置 |
Microsoft.Web/sites/slots/stop/Action | 停止 Web 應用程式位置 |
Microsoft.Web/sites/slotsdiffs/Action | 取得 Web 應用程式和位置之間的設定差異 |
Microsoft.Web/sites/slotsswap/Action | 交換 Web 應用程式部署位置 |
Microsoft.Web/sites/start/Action | 啟動 Web 應用程式 |
Microsoft.Web/sites/stop/Action | 停止 Web 應用程式 |
Microsoft.Web/sites/write | 建立新的 Web 應用程式或更新現有的 Web 應用程式 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "You can enable and disable the logic app, resubmit workflow runs, as well as create connections. You can't edit workflows or settings.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b70c96e9-66fe-4c09-b6e7-c98e69c98555",
"name": "b70c96e9-66fe-4c09-b6e7-c98e69c98555",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/*/read",
"Microsoft.Web/sites/applySlotConfig/Action",
"microsoft.web/sites/hostruntime/*",
"Microsoft.Web/sites/restart/Action",
"Microsoft.Web/sites/slots/restart/Action",
"Microsoft.Web/sites/slots/slotsswap/Action",
"Microsoft.Web/sites/slots/start/Action",
"Microsoft.Web/sites/slots/stop/Action",
"Microsoft.Web/sites/slotsdiffs/Action",
"Microsoft.Web/sites/slotsswap/Action",
"Microsoft.Web/sites/start/Action",
"Microsoft.Web/sites/stop/Action",
"Microsoft.Web/sites/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic Apps Standard Operator (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Logic Apps 標準讀取者 (預覽)
您有標準邏輯應用程式和工作流程中所有資源的唯讀存取權,包括工作流程執行及其歷程記錄。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
Microsoft.Web/*/read | |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "You have read-only access to all resources in a Standard logic app and workflows, including the workflow runs and their history.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4accf36b-2c05-432f-91c8-5c532dff4c73",
"name": "4accf36b-2c05-432f-91c8-5c532dff4c73",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic Apps Standard Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
排程器作業集合參與者
可讓您管理排程器工作集合,但無法存取它們。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Scheduler/jobcollections/* | 建立和管理作業集合 |
Microsoft.Support/* | 建立及更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Scheduler job collections, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/188a0f2f-5c9e-469b-ae67-2aa5ce574b94",
"name": "188a0f2f-5c9e-469b-ae67-2aa5ce574b94",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Scheduler/jobcollections/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Scheduler Job Collections Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Services Hub 操作員
Services Hub 操作員可讓您執行與 Services Hub 連線 ors 相關的所有讀取、寫入和刪除作業。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.ServicesHub/connectors/write | 建立或更新 Services Hub 連線 or |
Microsoft.ServicesHub/connectors/read | 檢視或列出 Services Hub 連線 ors |
Microsoft.ServicesHub/connectors/delete | 刪除 Services Hub 連線 ors |
Microsoft.ServicesHub/connectors/checkAssessmentEntitlement/action | 列出指定 Services Hub 工作區的評定權利 |
Microsoft.ServicesHub/supportOfferingEntitlement/read | 檢視給定 Services Hub 工作區的支持供應項目權利 |
Microsoft.ServicesHub/workspaces/read | 列出指定使用者的 Services Hub 工作區 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/82200a5b-e217-47a5-b665-6d8765ee745b",
"name": "82200a5b-e217-47a5-b665-6d8765ee745b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.ServicesHub/connectors/write",
"Microsoft.ServicesHub/connectors/read",
"Microsoft.ServicesHub/connectors/delete",
"Microsoft.ServicesHub/connectors/checkAssessmentEntitlement/action",
"Microsoft.ServicesHub/supportOfferingEntitlement/read",
"Microsoft.ServicesHub/workspaces/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Services Hub Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
下一步
意見反應
https://aka.ms/ContentUserFeedback。
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:提交並檢視相關的意見反應