適用於 AI + 機器學習的 Azure 內建角色
本文列出 AI + 機器學習類別中的 Azure 內建角色。
Azure AI 開發人員
除了管理資源本身之外,還可以在 Azure AI 資源內執行所有動作。
動作 | 描述 |
---|---|
Microsoft.MachineLearningServices/workspaces/*/read | |
Microsoft.MachineLearningServices/workspaces/*/action | |
Microsoft.MachineLearningServices/workspaces/*/delete | |
Microsoft.MachineLearningServices/workspaces/*/write | |
Microsoft.MachineLearningServices/locations/*/read | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
NotActions | |
Microsoft.MachineLearningServices/workspaces/delete | 刪除 機器學習 服務工作區(s) |
Microsoft.MachineLearningServices/workspaces/write | 建立或更新 機器學習 Services 工作區(s) |
Microsoft.MachineLearningServices/workspaces/listKeys/action | 列出 機器學習 服務工作區的秘密 |
Microsoft.MachineLearningServices/workspaces/hubs/write | 建立或更新 機器學習 Services Hub 工作區(s) |
Microsoft.MachineLearningServices/workspaces/hubs/delete | 刪除 機器學習 Services Hub 工作區(s) |
Microsoft.MachineLearningServices/workspaces/featurestores/write | 建立或更新 機器學習 Services FeatureStore(s) |
Microsoft.MachineLearningServices/workspaces/featurestores/delete | 刪除 機器學習 Services FeatureStore(s) |
DataActions | |
Microsoft.CognitiveServices/accounts/OpenAI/* | |
Microsoft.CognitiveServices/accounts/SpeechServices/* | |
Microsoft.CognitiveServices/accounts/ContentSafety/* | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Can perform all actions within an Azure AI resource besides managing the resource itself.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/64702f94-c441-49e6-a78b-ef80e0188fee",
"name": "64702f94-c441-49e6-a78b-ef80e0188fee",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/workspaces/*/read",
"Microsoft.MachineLearningServices/workspaces/*/action",
"Microsoft.MachineLearningServices/workspaces/*/delete",
"Microsoft.MachineLearningServices/workspaces/*/write",
"Microsoft.MachineLearningServices/locations/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*"
],
"notActions": [
"Microsoft.MachineLearningServices/workspaces/delete",
"Microsoft.MachineLearningServices/workspaces/write",
"Microsoft.MachineLearningServices/workspaces/listKeys/action",
"Microsoft.MachineLearningServices/workspaces/hubs/write",
"Microsoft.MachineLearningServices/workspaces/hubs/delete",
"Microsoft.MachineLearningServices/workspaces/featurestores/write",
"Microsoft.MachineLearningServices/workspaces/featurestores/delete"
],
"dataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*",
"Microsoft.CognitiveServices/accounts/SpeechServices/*",
"Microsoft.CognitiveServices/accounts/ContentSafety/*"
],
"notDataActions": []
}
],
"roleName": "Azure AI Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure AI Enterprise 網路連線核准者
可核准私人端點連線至 Azure AI 通用相依性資源
動作 | 描述 |
---|---|
Microsoft.ContainerRegistry/registries/privateEndpointConnectionsApproval/action | 自動核准私人端點連線 |
Microsoft.ContainerRegistry/registries/privateEndpointConnections/read | 取得私人端點連線的屬性,或列出指定容器登錄的所有私人端點連線 |
Microsoft.ContainerRegistry/registries/privateEndpointConnections/write | 核准/拒絕私人端點連線 |
Microsoft.Cache/redis/read | 在管理入口網站中檢視 Redis 快取的設定和組態 |
Microsoft.Cache/redis/privateEndpointConnections/read | 讀取私人端點連線 |
Microsoft.Cache/redis/privateEndpointConnections/write | 撰寫私人端點連線 |
Microsoft.Cache/redis/privateLinkResources/read | 讀取 redis 子資源的 'groupId',讓私人連結可以連線到 |
Microsoft.Cache/redis/privateEndpointConnectionsApproval/action | 核准私人端點連線 |
Microsoft.Cache/redisEnterprise/read | 在管理入口網站中檢視 Redis Enterprise 快取的設定和組態 |
Microsoft.Cache/redisEnterprise/privateEndpointConnections/read | 讀取私人端點連線 |
Microsoft.Cache/redisEnterprise/privateEndpointConnections/write | 撰寫私人端點連線 |
Microsoft.Cache/redisEnterprise/privateLinkResources/read | 讀取 redis 子資源的 'groupId',讓私人連結可以連線到 |
Microsoft.Cache/redisEnterprise/privateEndpointConnectionsApproval/action | 核准私人端點連線 |
Microsoft.CognitiveServices/accounts/read | 讀取 API 帳戶。 |
Microsoft.CognitiveServices/accounts/privateEndpointConnections/read | 讀取私人端點連線。 |
Microsoft.CognitiveServices/accounts/privateEndpointConnections/write | 寫入私人端點連線。 |
Microsoft.CognitiveServices/accounts/privateLinkResources/read | 讀取帳戶的私人鏈接資源。 |
Microsoft.DocumentDB/databaseAccounts/privateEndpointConnectionsApproval/action | 管理資料庫帳戶的私人端點連線 |
Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read | 讀取私人端點連線,或列出資料庫帳戶的所有私人端點連線 |
Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/write | 建立或更新資料庫帳戶的私人端點連線 |
Microsoft.DocumentDB/databaseAccounts/privateLinkResources/read | 讀取私人鏈接資源,或列出資料庫帳戶的所有私人鏈接資源 |
Microsoft.DocumentDB/databaseAccounts/read | 讀取資料庫帳戶。 |
Microsoft.KeyVault/vaults/privateEndpointConnectionsApproval/action | 核准或拒絕Microsoft.Network 提供者的私人端點資源連線 |
Microsoft.KeyVault/vaults/privateEndpointConnections/read | 檢視Microsoft.Network 提供者私人端點資源的連線狀態 |
Microsoft.KeyVault/vaults/privateEndpointConnections/write | 將連線的狀態變更為 Microsoft.Network 提供者的私人端點資源 |
Microsoft.KeyVault/vaults/privateLinkResources/read | 取得指定實例的可用私人鏈接資源 金鑰保存庫 |
Microsoft.KeyVault/vaults/read | 檢視金鑰保存庫的屬性 |
Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionsApproval/action | 核准或拒絕Microsoft.Network 提供者的私人端點資源連線 |
Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read | 檢視Microsoft.Network 提供者私人端點資源的連線狀態 |
Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write | 將連線的狀態變更為 Microsoft.Network 提供者的私人端點資源 |
Microsoft.MachineLearningServices/workspaces/privateLinkResources/read | 取得 機器學習 服務工作區之指定實例的可用私人鏈接資源 |
Microsoft.MachineLearningServices/workspaces/read | 取得 機器學習 服務工作區(s) |
Microsoft.Storage/storageAccounts/privateEndpointConnections/read | 取得私人端點連線 |
Microsoft.Storage/storageAccounts/privateEndpointConnections/write | 放置私人端點連線 |
Microsoft.Storage/storageAccounts/privateLinkResources/read | 取得 StorageAccount groupids |
Microsoft.Storage/storageAccounts/read | 傳回記憶體帳戶的清單,或取得指定之記憶體帳戶的屬性。 |
Microsoft.Sql/servers/privateEndpointConnectionsApproval/action | 判斷是否允許使用者核准私人端點連線 |
Microsoft.Sql/servers/privateEndpointConnections/read | 傳回私人端點連線的清單,或取得指定之私人端點連線的屬性。 |
Microsoft.Sql/servers/privateEndpointConnections/write | 核准或拒絕現有的私人端點連線 |
Microsoft.Sql/servers/privateLinkResources/read | 取得對應 SQL Server 的私人鏈接資源 |
Microsoft.Sql/servers/read | 傳回伺服器清單,或取得指定伺服器的屬性。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Can approve private endpoint connections to Azure AI common dependency resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b556d68e-0be0-4f35-a333-ad7ee1ce17ea",
"name": "b556d68e-0be0-4f35-a333-ad7ee1ce17ea",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/privateEndpointConnectionsApproval/action",
"Microsoft.ContainerRegistry/registries/privateEndpointConnections/read",
"Microsoft.ContainerRegistry/registries/privateEndpointConnections/write",
"Microsoft.Cache/redis/read",
"Microsoft.Cache/redis/privateEndpointConnections/read",
"Microsoft.Cache/redis/privateEndpointConnections/write",
"Microsoft.Cache/redis/privateLinkResources/read",
"Microsoft.Cache/redis/privateEndpointConnectionsApproval/action",
"Microsoft.Cache/redisEnterprise/read",
"Microsoft.Cache/redisEnterprise/privateEndpointConnections/read",
"Microsoft.Cache/redisEnterprise/privateEndpointConnections/write",
"Microsoft.Cache/redisEnterprise/privateLinkResources/read",
"Microsoft.Cache/redisEnterprise/privateEndpointConnectionsApproval/action",
"Microsoft.CognitiveServices/accounts/read",
"Microsoft.CognitiveServices/accounts/privateEndpointConnections/read",
"Microsoft.CognitiveServices/accounts/privateEndpointConnections/write",
"Microsoft.CognitiveServices/accounts/privateLinkResources/read",
"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnectionsApproval/action",
"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read",
"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/write",
"Microsoft.DocumentDB/databaseAccounts/privateLinkResources/read",
"Microsoft.DocumentDB/databaseAccounts/read",
"Microsoft.KeyVault/vaults/privateEndpointConnectionsApproval/action",
"Microsoft.KeyVault/vaults/privateEndpointConnections/read",
"Microsoft.KeyVault/vaults/privateEndpointConnections/write",
"Microsoft.KeyVault/vaults/privateLinkResources/read",
"Microsoft.KeyVault/vaults/read",
"Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionsApproval/action",
"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read",
"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write",
"Microsoft.MachineLearningServices/workspaces/privateLinkResources/read",
"Microsoft.MachineLearningServices/workspaces/read",
"Microsoft.Storage/storageAccounts/privateEndpointConnections/read",
"Microsoft.Storage/storageAccounts/privateEndpointConnections/write",
"Microsoft.Storage/storageAccounts/privateLinkResources/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Sql/servers/privateEndpointConnectionsApproval/action",
"Microsoft.Sql/servers/privateEndpointConnections/read",
"Microsoft.Sql/servers/privateEndpointConnections/write",
"Microsoft.Sql/servers/privateLinkResources/read",
"Microsoft.Sql/servers/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure AI Enterprise Network Connection Approver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure AI 推斷部署操作員
可以執行在資源群組內建立資源部署所需的所有動作。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Insights/AutoscaleSettings/write | 建立或更新自動調整設定 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Can perform all actions required to create a resource deployment within a resource group.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3afb7f49-54cb-416e-8c09-6dc049efa503",
"name": "3afb7f49-54cb-416e-8c09-6dc049efa503",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/AutoscaleSettings/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure AI Inference Deployment Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AzureML 計算運算子
可以在 機器學習 Services 受控計算資源上存取和執行 CRUD 作業(包括 Notebook VM)。
動作 | 描述 |
---|---|
Microsoft.MachineLearningServices/workspaces/computes/* | |
Microsoft.MachineLearningServices/workspaces/notebooks/vm/* | |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Can access and perform CRUD operations on Machine Learning Services managed compute resources (including Notebook VMs).",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e503ece1-11d0-4e8e-8e2c-7a6c3bf38815",
"name": "e503ece1-11d0-4e8e-8e2c-7a6c3bf38815",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/workspaces/computes/*",
"Microsoft.MachineLearningServices/workspaces/notebooks/vm/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AzureML Compute Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AzureML 資料科學家
可以在 Azure Machine Learning 工作區內執行所有動作,但建立或删除計算資源以及修改工作區本身除外。
動作 | 描述 |
---|---|
Microsoft.MachineLearningServices/workspaces/*/read | |
Microsoft.MachineLearningServices/workspaces/*/action | |
Microsoft.MachineLearningServices/workspaces/*/delete | |
Microsoft.MachineLearningServices/workspaces/*/write | |
NotActions | |
Microsoft.MachineLearningServices/workspaces/delete | 刪除 機器學習 服務工作區(s) |
Microsoft.MachineLearningServices/workspaces/write | 建立或更新 機器學習 服務工作區(s) |
Microsoft.MachineLearningServices/workspaces/computes/*/write | |
Microsoft.MachineLearningServices/workspaces/computes/*/delete | |
Microsoft.MachineLearningServices/workspaces/computes/listKeys/action | 列出 機器學習 Services 工作區中計算資源的秘密 |
Microsoft.MachineLearningServices/workspaces/listKeys/action | 列出 機器學習 服務工作區的秘密 |
Microsoft.MachineLearningServices/workspaces/hubs/write | 建立或更新 機器學習 Services Hub 工作區(s) |
Microsoft.MachineLearningServices/workspaces/hubs/delete | 刪除 機器學習 Services Hub 工作區(s) |
Microsoft.MachineLearningServices/workspaces/featurestores/write | 建立或更新 機器學習 Services FeatureStore(s) |
Microsoft.MachineLearningServices/workspaces/featurestores/delete | 刪除 機器學習 Services FeatureStore(s) |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f6c7c914-8db3-469d-8ca1-694a8f32e121",
"name": "f6c7c914-8db3-469d-8ca1-694a8f32e121",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/workspaces/*/read",
"Microsoft.MachineLearningServices/workspaces/*/action",
"Microsoft.MachineLearningServices/workspaces/*/delete",
"Microsoft.MachineLearningServices/workspaces/*/write"
],
"notActions": [
"Microsoft.MachineLearningServices/workspaces/delete",
"Microsoft.MachineLearningServices/workspaces/write",
"Microsoft.MachineLearningServices/workspaces/computes/*/write",
"Microsoft.MachineLearningServices/workspaces/computes/*/delete",
"Microsoft.MachineLearningServices/workspaces/computes/listKeys/action",
"Microsoft.MachineLearningServices/workspaces/listKeys/action",
"Microsoft.MachineLearningServices/workspaces/hubs/write",
"Microsoft.MachineLearningServices/workspaces/hubs/delete",
"Microsoft.MachineLearningServices/workspaces/featurestores/write",
"Microsoft.MachineLearningServices/workspaces/featurestores/delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AzureML Data Scientist",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務參與者
可讓您建立、讀取、更新、刪除和管理認知服務的金鑰。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.CognitiveServices/* | |
Microsoft.Features/features/read | 取得訂用帳戶的功能。 |
Microsoft.Features/providers/features/read | 取得指定資源提供者中訂用帳戶的功能。 |
Microsoft.Features/providers/features/register/action | 在指定的資源提供者中註冊訂用帳戶的功能。 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Insights/diagnosticSettings/* | 建立、更新或讀取 Analysis Server 的診斷設定 |
Microsoft.Insights/logDefinitions/read | 讀取記錄定義 |
Microsoft.Insights/metricdefinitions/read | 讀取計量定義 |
Microsoft.Insights/metrics/read | 讀取計量 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.CognitiveServices/*",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Features/providers/features/register/action",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cognitive Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務 自訂視覺 參與者
專案的完整存取權,包括檢視、建立、編輯或刪除專案的能力。
動作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
NotActions | |
none | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/* | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Full access to the project, including the ability to view, create, edit, or delete projects.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
"name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Custom Vision Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務 自訂視覺部署
發佈、取消發佈或導出模型。 部署可以檢視專案,但無法更新。
動作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
NotActions | |
none | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/*/read | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/* | |
Microsoft.CognitiveServices/accounts/CustomVision/classify/* | |
Microsoft.CognitiveServices/accounts/CustomVision/detect/* | |
NotDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 匯出專案。 |
{
"assignableScopes": [
"/"
],
"description": "Publish, unpublish or export models. Deployment can view the project but can't update.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f",
"name": "5c4089e1-6d96-4d2f-b296-c1bc7137275f",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*",
"Microsoft.CognitiveServices/accounts/CustomVision/classify/*",
"Microsoft.CognitiveServices/accounts/CustomVision/detect/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Deployment",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務 自訂視覺 標籤器
檢視、編輯訓練影像,並建立、新增、移除或刪除影像卷標。 卷標者可以檢視專案,但無法更新訓練影像和標籤以外的任何專案。
動作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
NotActions | |
none | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/*/read | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action | 取得傳送至預測端點的影像。 |
Microsoft.CognitiveServices/accounts/CustomVision/projects/images/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action | 此 API 會取得數位/批次未標記影像的建議標籤和區域,以及標記的信心。 如果找不到標記,則會傳回空陣列。 |
NotDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 匯出專案。 |
{
"assignableScopes": [
"/"
],
"description": "View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c",
"name": "88424f51-ebe7-446f-bc41-7fa16989e96c",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Labeler",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務 自訂視覺 讀取者
專案中的只讀動作。 讀者無法建立或更新專案。
動作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
NotActions | |
none | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/*/read | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action | 取得傳送至預測端點的影像。 |
NotDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 匯出專案。 |
{
"assignableScopes": [
"/"
],
"description": "Read-only actions in the project. Readers can't create or update the project.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/93586559-c37d-4a6b-ba08-b9f0940c2d73",
"name": "93586559-c37d-4a6b-ba08-b9f0940c2d73",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務 自訂視覺 定型器
檢視、編輯專案並定型模型,包括發佈、取消發佈、匯出模型的能力。 訓練人員無法建立或刪除專案。
動作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
NotActions | |
none | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/* | |
NotDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/action | 建立專案。 |
Microsoft.CognitiveServices/accounts/CustomVision/projects/delete | 刪除特定專案。 |
Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action | 匯入專案。 |
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 匯出專案。 |
{
"assignableScopes": [
"/"
],
"description": "View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can't create or delete the project.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
"name": "0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/delete",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Trainer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務資料讀者 (預覽)
可讓您讀取認知服務數據。
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.CognitiveServices/*/read | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read Cognitive Services data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
"name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Data Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務臉部辨識器
可讓您在臉部 API 上執行偵測、驗證、識別、分組及尋找類似的作業。 此角色不允許建立或刪除作業,因此非常適合只需要推斷功能的端點,請遵循「最低許可權」最佳做法。
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.CognitiveServices/accounts/Face/detect/action | 偵測影像中的人臉、傳回臉部矩形,以及選擇性地使用faceId、地標和屬性。 |
Microsoft.CognitiveServices/accounts/Face/verify/action | 確認兩張臉部是否屬於同一個人,或一張臉部是否屬於某個人。 |
Microsoft.CognitiveServices/accounts/Face/identify/action | 1 對多識別,從人員群組或大型人員群組尋找特定查詢人員臉部最接近的相符專案。 |
Microsoft.CognitiveServices/accounts/Face/group/action | 根據臉部相似性,將候選臉部分成群組。 |
Microsoft.CognitiveServices/accounts/Face/findsimilars/action | 給定查詢臉部的faceId,從faceId陣列、臉部清單或大型臉部清單搜尋類似外觀的臉部。 faceId |
Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action | 以紅外、色彩和/或深度影像序列對目標臉部執行活躍度偵測,並傳回目標臉部的活躍度分類為「真實臉部」、「詐騙臉部」或「不確定」,如果無法透過指定的輸入進行分類。 |
Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action | 以相同形式(例如色彩或紅外)的影像序列,對目標臉部執行活躍度偵測,並傳回目標臉部的活躍度分類為「真實臉部」、「詐騙臉部」或「不確定」,如果無法透過指定的輸入進行分類。 |
Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action | 偵測相同數據流類型影像序列中目標臉部的活躍度,然後與 VerifyImage 進行比較,以傳回身分識別案例的信賴分數。 |
Microsoft.CognitiveServices/accounts/Face/*/sessions/action | |
Microsoft.CognitiveServices/accounts/Face/*/sessions/delete | |
Microsoft.CognitiveServices/accounts/Face/*/sessions/read | |
Microsoft.CognitiveServices/accounts/Face/*/sessions/audit/read | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/9894cab4-e18a-44aa-828b-cb588cd6f2d7",
"name": "9894cab4-e18a-44aa-828b-cb588cd6f2d7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/Face/detect/action",
"Microsoft.CognitiveServices/accounts/Face/verify/action",
"Microsoft.CognitiveServices/accounts/Face/identify/action",
"Microsoft.CognitiveServices/accounts/Face/group/action",
"Microsoft.CognitiveServices/accounts/Face/findsimilars/action",
"Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action",
"Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action",
"Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/action",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/delete",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/read",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/audit/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Face Recognizer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務計量建議程式管理員
專案的完整存取權,包括系統層級設定。
動作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
NotActions | |
none | |
DataActions | |
Microsoft.CognitiveServices/accounts/MetricsAdvisor/* | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Full access to the project, including the system level configuration.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cb43c632-a144-4ec5-977c-e80c4affc34a",
"name": "cb43c632-a144-4ec5-977c-e80c4affc34a",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/MetricsAdvisor/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Metrics Advisor Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務 OpenAI 參與者
完整存取權,包括微調、部署和產生文字的能力
動作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.CognitiveServices/accounts/deployments/write | 寫入部署。 |
Microsoft.CognitiveServices/accounts/deployments/delete | 刪除部署。 |
Microsoft.CognitiveServices/accounts/raiPolicies/read | 取得帳戶下的所有適用原則,包括默認原則。 |
Microsoft.CognitiveServices/accounts/raiPolicies/write | 建立或更新自定義的負責任 AI 原則。 |
Microsoft.CognitiveServices/accounts/raiPolicies/delete | 刪除現有部署未參考的自定義負責任 AI 原則。 |
Microsoft.CognitiveServices/accounts/commitmentplans/read | 讀取承諾用量方案。 |
Microsoft.CognitiveServices/accounts/commitmentplans/write | 撰寫承諾方案。 |
Microsoft.CognitiveServices/accounts/commitmentplans/delete | 刪除承諾用量方案。 |
Microsoft.Authorization/roleAssignments/read | 取得角色指派的相關信息。 |
Microsoft.Authorization/roleDefinitions/read | 取得角色定義的相關信息。 |
NotActions | |
none | |
DataActions | |
Microsoft.CognitiveServices/accounts/OpenAI/* | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Full access including the ability to fine-tune, deploy and generate text",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a001fd3d-188f-4b5d-821b-7da978bf7442",
"name": "a001fd3d-188f-4b5d-821b-7da978bf7442",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/deployments/write",
"Microsoft.CognitiveServices/accounts/deployments/delete",
"Microsoft.CognitiveServices/accounts/raiPolicies/read",
"Microsoft.CognitiveServices/accounts/raiPolicies/write",
"Microsoft.CognitiveServices/accounts/raiPolicies/delete",
"Microsoft.CognitiveServices/accounts/commitmentplans/read",
"Microsoft.CognitiveServices/accounts/commitmentplans/write",
"Microsoft.CognitiveServices/accounts/commitmentplans/delete",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services OpenAI Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務 OpenAI 使用者
檢視檔案、模型、部署的讀取許可權。 建立完成和內嵌呼叫的能力。
動作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 取得角色指派的相關信息。 |
Microsoft.Authorization/roleDefinitions/read | 取得角色定義的相關信息。 |
NotActions | |
none | |
DataActions | |
Microsoft.CognitiveServices/accounts/OpenAI/*/read | |
Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action | 從所選模型建立完成 |
Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action | 使用目前的引擎搜尋最相關的檔。 |
Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action | (僅適用於瀏覽器。透過 GET 要求從模型串流產生的文字。 因為瀏覽器原生 EventSource 方法只能傳送 GET 要求,因此會提供這個方法。 它支援比 POST 變體更有限的組態選項。 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/audio/action | 傳回指定音訊檔案的文字記錄或翻譯。 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action | 使用目前的引擎搜尋最相關的檔。 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action | 從所選的模型建立完成。 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action | 建立聊天訊息的完成 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action | 使用延伸模組建立聊天訊息的完成 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action | 傳回指定提示的內嵌。 |
Microsoft.CognitiveServices/accounts/OpenAI/images/generations/action | 建立映像世代。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Ability to view files, models, deployments. Readers can't make any changes They can inference and create images",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5e0bd9bd-7b93-4f28-af87-19fc36ad61bd",
"name": "5e0bd9bd-7b93-4f28-af87-19fc36ad61bd",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*/read",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/audio/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action",
"Microsoft.CognitiveServices/accounts/OpenAI/images/generations/action"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services OpenAI User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務 QnA Maker 編輯器
讓我們建立、編輯、匯入和導出 KB。 您無法發佈或刪除 KB。
動作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 取得角色指派的相關信息。 |
Microsoft.Authorization/roleDefinitions/read | 取得角色定義的相關信息。 |
NotActions | |
none | |
DataActions | |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read | 取得特定知識庫的清單或特定知識庫的詳細數據。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read | 下載知識庫。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write | 建立新知識庫的異步操作。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write | 修改知識庫或取代知識庫內容的異步操作。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action | GenerateAnswer 呼叫以查詢知識庫。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action | 將建議新增至知識庫的訓練呼叫。 |
Microsoft.CognitiveServices/accounts/QnAMaker/變更/read | 從運行時間下載變更。 |
Microsoft.CognitiveServices/accounts/QnAMaker/變更/write | 取代改變數據。 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read | 取得端點的端點金鑰 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action | 重新產生端點金鑰。 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read | 取得端點的端點設定 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write | 更新端點查看端點。 |
Microsoft.CognitiveServices/accounts/QnAMaker/operations/read | 取得特定長時間執行作業的詳細數據。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read | 取得特定知識庫的清單或特定知識庫的詳細數據。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read | 下載知識庫。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write | 建立新知識庫的異步操作。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write | 修改知識庫或取代知識庫內容的異步操作。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action | GenerateAnswer 呼叫以查詢知識庫。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action | 將建議新增至知識庫的訓練呼叫。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/變更/read | 從運行時間下載變更。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/變更/write | 取代改變數據。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read | 取得端點的端點金鑰 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action | 重新產生端點金鑰。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read | 取得端點的端點設定 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write | 更新端點查看端點。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read | 取得特定長時間執行作業的詳細數據。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read | 取得特定知識庫的清單或特定知識庫的詳細數據。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read | 下載知識庫。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write | 建立新知識庫的異步操作。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write | 修改知識庫或取代知識庫內容的異步操作。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action | GenerateAnswer 呼叫以查詢知識庫。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action | 將建議新增至知識庫的訓練呼叫。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/變更/read | 從運行時間下載變更。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/變更/write | 取代改變數據。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read | 取得端點的端點金鑰 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action | 重新產生端點金鑰。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read | 取得端點的端點設定 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write | 更新端點查看端點。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read | 取得特定長時間執行作業的詳細數據。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Let's you create, edit, import and export a KB. You cannot publish or delete a KB.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f4cc2bf9-21be-47a1-bdf1-5c5804381025",
"name": "f4cc2bf9-21be-47a1-bdf1-5c5804381025",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/operations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services QnA Maker Editor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務 QnA Maker 讀取器
讓我們只讀取並測試 KB。
動作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 取得角色指派的相關信息。 |
Microsoft.Authorization/roleDefinitions/read | 取得角色定義的相關信息。 |
NotActions | |
none | |
DataActions | |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read | 取得特定知識庫的清單或特定知識庫的詳細數據。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read | 下載知識庫。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action | GenerateAnswer 呼叫以查詢知識庫。 |
Microsoft.CognitiveServices/accounts/QnAMaker/變更/read | 從運行時間下載變更。 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read | 取得端點的端點金鑰 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read | 取得端點的端點設定 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read | 取得特定知識庫的清單或特定知識庫的詳細數據。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read | 下載知識庫。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action | GenerateAnswer 呼叫以查詢知識庫。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/變更/read | 從運行時間下載變更。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read | 取得端點的端點金鑰 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read | 取得端點的端點設定 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read | 取得特定知識庫的清單或特定知識庫的詳細數據。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read | 下載知識庫。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action | GenerateAnswer 呼叫以查詢知識庫。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/變更/read | 從運行時間下載變更。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read | 取得端點的端點金鑰 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read | 取得端點的端點設定 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Let's you read and test a KB only.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/466ccd10-b268-4a11-b098-b4849f024126",
"name": "466ccd10-b268-4a11-b098-b4849f024126",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services QnA Maker Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務使用量讀取者
檢視認知服務使用量的最低許可權。
動作 | 描述 |
---|---|
Microsoft.CognitiveServices/locations/usages/read | 讀取所有使用量數據 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Minimal permission to view Cognitive Services usages.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/bba48692-92b0-4667-a9ad-c31c7b334ac2",
"name": "bba48692-92b0-4667-a9ad-c31c7b334ac2",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/locations/usages/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cognitive Services Usages Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務使用者
可讓您讀取和列出認知服務的金鑰。
動作 | 描述 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.CognitiveServices/accounts/listkeys/action | 列出金鑰 |
Microsoft.Insights/alertRules/read | 讀取傳統計量警示 |
Microsoft.Insights/diagnosticSettings/read | 讀取資源診斷設定 |
Microsoft.Insights/logDefinitions/read | 讀取記錄定義 |
Microsoft.Insights/metricdefinitions/read | 讀取計量定義 |
Microsoft.Insights/metrics/read | 讀取計量 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立及更新支援票證 |
NotActions | |
none | |
DataActions | |
Microsoft.CognitiveServices/* | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and list keys of Cognitive Services.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
"name": "a97b65f3-24c7-4388-baec-2e87135dc908",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/listkeys/action",
"Microsoft.Insights/alertRules/read",
"Microsoft.Insights/diagnosticSettings/read",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
搜尋索引資料參與者
授與 Azure 認知搜尋 索引數據的完整存取權。
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.Search/searchServices/indexes/documents/* | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to Azure Cognitive Search index data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7",
"name": "8ebe5a00-799e-43f5-93ac-243d3dce84a7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Search/searchServices/indexes/documents/*"
],
"notDataActions": []
}
],
"roleName": "Search Index Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
搜尋索引資料讀取者
授與 Azure 認知搜尋 索引數據的讀取許可權。
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.Search/searchServices/indexes/documents/read | 從索引讀取檔或建議的查詢字詞。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Grants read access to Azure Cognitive Search index data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f",
"name": "1407120a-92aa-4202-b7e9-c0e197c71c8f",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Search/searchServices/indexes/documents/read"
],
"notDataActions": []
}
],
"roleName": "Search Index Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
搜尋服務參與者
可讓您管理 搜尋服務,但無法存取它們。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Search/searchServices/* | 建立和管理搜尋服務 |
Microsoft.Support/* | 建立及更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Search services, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Search/searchServices/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Search Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
下一步
意見反應
https://aka.ms/ContentUserFeedback。
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:提交並檢視相關的意見反應