Roles integrados de Azure para Analytics
En este artículo se enumeran los roles integrados de Azure en la categoría Analytics.
Propietario de los datos de Azure Event Hubs
Concede acceso total a los recursos de Azure Event Hubs.
| Acciones | Descripción |
|---|---|
| Microsoft.EventHub/* | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/* | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
"name": "f526a384-b230-433a-b45c-95f59c4a2dec",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Receptor de datos de Azure Event Hubs
Concede acceso de recepción a los recursos de Azure Event Hubs.
| Acciones | Descripción |
|---|---|
| Microsoft.EventHub/*/eventhubs/consumergroups/read | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/*/receive/action | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows receive access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/consumergroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Emisor de datos de Azure Event Hubs
Concede acceso de emisión a los recursos de Azure Event Hubs.
| Acciones | Descripción |
|---|---|
| Microsoft.EventHub/*/eventhubs/read | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/*/send/action | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows send access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
"name": "2b629674-e913-4c01-ae53-ef4638d8f975",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador de Factoría de datos
Crea y administra factorías de datos, así como recursos secundarios dentro de ellas.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.DataFactory/dataFactories/* | Crear y administrar factorías de datos y recursos secundarios dentro de ellos. |
| Microsoft.DataFactory/factories/* | Crear y administrar factorías de datos y recursos secundarios dentro de ellos. |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.ResourceHealth/availabilityStatuses/read | Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificado |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| Microsoft.EventGrid/eventSubscriptions/write | Crea o actualiza una suscripción a eventos. |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Create and manage data factories, as well as child resources within them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
"name": "673868aa-7521-48a0-acc6-0f60742d39f5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DataFactory/dataFactories/*",
"Microsoft.DataFactory/factories/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.EventGrid/eventSubscriptions/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Factory Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Purgador de datos
Permite eliminar datos privados de un área de trabajo de Log Analytics.
| Acciones | Descripción |
|---|---|
| Microsoft.Insights/components/*/read | |
| Microsoft.Insights/components/purge/action | Purga datos de Application Insights. |
| Microsoft.OperationalInsights/workspaces/*/read | Consulta datos de Log Analytics. |
| Microsoft.OperationalInsights/workspaces/purge/action | Elimine los datos especificados por consulta del área de trabajo. |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can purge analytics data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"permissions": [
{
"actions": [
"Microsoft.Insights/components/*/read",
"Microsoft.Insights/components/purge/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/purge/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Purger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operador de clústeres de HDInsight
Permite leer y modificar las configuraciones de clúster de HDInsight.
| Acciones | Descripción |
|---|---|
| Microsoft.HDInsight/*/read | |
| Microsoft.HDInsight/clusters/getGatewaySettings/action | Obtiene la configuración de puerta de enlace para el clúster de HDInsight. |
| Microsoft.HDInsight/clusters/updateGatewaySettings/action | Actualiza la configuración de puerta de enlace para el clúster de HDInsight. |
| Microsoft.HDInsight/clusters/configurations/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Resources/deployments/operations/read | Obtiene o enumera las operaciones de implementación. |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and modify HDInsight cluster configurations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
"name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
"permissions": [
{
"actions": [
"Microsoft.HDInsight/*/read",
"Microsoft.HDInsight/clusters/getGatewaySettings/action",
"Microsoft.HDInsight/clusters/updateGatewaySettings/action",
"Microsoft.HDInsight/clusters/configurations/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Cluster Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador de Domain Services para HDInsight
Puede leer, crear, modificar y eliminar operaciones relacionadas con Domain Services para HDInsight Enterprise Security Package
| Acciones | Descripción |
|---|---|
| Microsoft.AAD/*/read | |
| Microsoft.AAD/domainServices/*/read | |
| Microsoft.AAD/domainServices/oucontainer/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
"name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
"permissions": [
{
"actions": [
"Microsoft.AAD/*/read",
"Microsoft.AAD/domainServices/*/read",
"Microsoft.AAD/domainServices/oucontainer/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Domain Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight en el administrador de clústeres de AKS
Concede a un usuario o grupo la capacidad de crear, eliminar y administrar clústeres dentro de un grupo de clústeres determinado. El administrador del clúster también puede ejecutar cargas de trabajo, supervisar y administrar toda la actividad del usuario en estos clústeres.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.HDInsight/clusterPools/clusters/read | Obtención de detalles sobre HDInsight en el clúster de AKS |
| Microsoft.HDInsight/clusterPools/clusters/write | Creación o actualización de HDInsight en un clúster de AKS |
| Microsoft.HDInsight/clusterPools/clusters/delete | Eliminación de un clúster de HDInsight en AKS |
| Microsoft.HDInsight/clusterPools/clusters/resize/action | Cambio del tamaño de un clúster de HDInsight en AKS |
| Microsoft.HDInsight/clusterpools/clusters/instanceviews/read | Obtención de detalles sobre HDInsight en la vista de instancia del clúster de AKS |
| Microsoft.HDInsight/clusterPools/clusters/jobs/read | Enumeración de HDInsight en trabajos de clúster de AKS |
| Microsoft.HDInsight/clusterPools/clusters/runjob/action | Ejecución de HDInsight en el trabajo de clúster de AKS |
| Microsoft.HDInsight/clusterpools/clusters/serviceconfigs/read | Obtención de detalles sobre HDInsight en configuraciones de servicio de clúster de AKS |
| Microsoft.HDInsight/clusterPools/clusters/availableupgrades/read | Obtención de actualizaciones de Avaliable para HDInsight en el clúster de AKS |
| Microsoft.HDInsight/clusterPools/clusters/upgrade/action | Actualización de HDInsight en el clúster de AKS |
| Microsoft.HDInsight/clusterPools/clusters/rollback/action | Reversión de HDInsight en la actualización del clúster de AKS |
| Microsoft.HDInsight/clusterPools/clusters/upgradehistories/read | Lee los historiales de actualización de clústeres de HDInsight en AKS. |
| Microsoft.HDInsight/clusterPools/clusters/libraries/read | Leer bibliotecas de clústeres de HDInsight en AKS |
| Microsoft.HDInsight/clusterPools/clusters/managelibraries/action | Administración de bibliotecas de clústeres de HDInsight en AKS |
| Microsoft.ResourceHealth/availabilityStatuses/read | Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificado |
| Microsoft.Resources/deployments/operations/read | Obtiene o enumera las operaciones de implementación. |
| Microsoft.Resources/deployments/*/read | |
| Microsoft.Resources/deployments/read | Obtiene o enumera implementaciones. |
| Microsoft.Resources/deployments/validate/action | Valida una implementación. |
| Microsoft.Resources/deployments/write | Crea o actualiza una implementación. |
| Microsoft.Resources/deployments/exportTemplate/action | Exporta la plantilla para una implementación. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Obtiene o enumera las operaciones de implementación. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Obtiene o enumera implementaciones. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Resources/subscriptions/operationresults/read | Obtiene los resultados de la operación de suscripción. |
| Microsoft.Insights/AlertRules/Write | Crea o actualiza una alerta de métrica clásica. |
| Microsoft.Insights/AlertRules/Delete | Elimina una alerta de métrica clásica. |
| Microsoft.Insights/AlertRules/Read | Lee una alerta de métrica clásica. |
| Microsoft.Insights/AlertRules/Activated/Action | Alerta de métrica clásica activada. |
| Microsoft.Insights/AlertRules/Resolved/Action | Alerta de métrica clásica resuelta. |
| Microsoft.Insights/AlertRules/Throttled/Action | Regla de alerta de métrica clásica acelerada. |
| Microsoft.Insights/AlertRules/Incidents/Read | Lee el incidente de una alerta de métrica clásica. |
| Microsoft.Insights/metrics/read | Lee métricas |
| Microsoft.Insights/logs/read | Lee datos de todos los registros. |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Grants a user/group the ability to create, delete and manage clusters within a given cluster pool. Cluster Admin can also run workloads, monitor, and manage all user activity on these clusters.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fd036e6b-1266-47a0-b0bb-a05d04831731",
"name": "fd036e6b-1266-47a0-b0bb-a05d04831731",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.HDInsight/clusterPools/clusters/read",
"Microsoft.HDInsight/clusterPools/clusters/write",
"Microsoft.HDInsight/clusterPools/clusters/delete",
"Microsoft.HDInsight/clusterPools/clusters/resize/action",
"Microsoft.HDInsight/clusterpools/clusters/instanceviews/read",
"Microsoft.HDInsight/clusterPools/clusters/jobs/read",
"Microsoft.HDInsight/clusterPools/clusters/runjob/action",
"Microsoft.HDInsight/clusterpools/clusters/serviceconfigs/read",
"Microsoft.HDInsight/clusterPools/clusters/availableupgrades/read",
"Microsoft.HDInsight/clusterPools/clusters/upgrade/action",
"Microsoft.HDInsight/clusterPools/clusters/rollback/action",
"Microsoft.HDInsight/clusterPools/clusters/upgradehistories/read",
"Microsoft.HDInsight/clusterPools/clusters/libraries/read",
"Microsoft.HDInsight/clusterPools/clusters/managelibraries/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/*/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/logs/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight on AKS Cluster Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrador del grupo de clústeres de HDInsight en AKS
Puede leer, crear, modificar y eliminar HDInsight en grupos de clústeres de AKS y crear clústeres
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.HDInsight/clusterPools/clusters/read | Obtención de detalles sobre HDInsight en el clúster de AKS |
| Microsoft.HDInsight/clusterPools/clusters/write | Creación o actualización de HDInsight en un clúster de AKS |
| Microsoft.HDInsight/clusterPools/delete | Eliminación de un grupo de clústeres de HDInsight en AKS |
| Microsoft.HDInsight/clusterPools/read | Obtención de detalles sobre HDInsight en el grupo de clústeres de AKS |
| Microsoft.HDInsight/clusterPools/write | Creación o actualización de HDInsight en el grupo de clústeres de AKS |
| Microsoft.HDInsight/clusterpools/availableupgrades/read | Obtención de actualizaciones de Avaliable para HDInsight en el grupo de clústeres de AKS |
| Microsoft.HDInsight/clusterpools/upgrade/action | Actualización de HDInsight en el grupo de clústeres de AKS |
| Microsoft.HDInsight/clusterPools/upgradehistories/read | Lee los historiales de actualización del grupo de clústeres de AKS en HDInsight. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificado |
| Microsoft.Resources/deployments/operations/read | Obtiene o enumera las operaciones de implementación. |
| Microsoft.Resources/deployments/validate/action | Valida una implementación. |
| Microsoft.Resources/deployments/*/read | |
| Microsoft.Resources/deployments/read | Obtiene o enumera implementaciones. |
| Microsoft.Resources/deployments/write | Crea o actualiza una implementación. |
| Microsoft.Resources/deployments/exportTemplate/action | Exporta la plantilla para una implementación. |
| Microsoft.Resources/deployments/validate/action | Valida una implementación. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Obtiene o enumera las operaciones de implementación. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Obtiene o enumera implementaciones. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Resources/subscriptions/operationresults/read | Obtiene los resultados de la operación de suscripción. |
| Microsoft.Insights/AlertRules/Write | Crea o actualiza una alerta de métrica clásica. |
| Microsoft.Insights/AlertRules/Delete | Elimina una alerta de métrica clásica. |
| Microsoft.Insights/AlertRules/Read | Lee una alerta de métrica clásica. |
| Microsoft.Insights/AlertRules/Activated/Action | Alerta de métrica clásica activada. |
| Microsoft.Insights/AlertRules/Resolved/Action | Alerta de métrica clásica resuelta. |
| Microsoft.Insights/AlertRules/Throttled/Action | Regla de alerta de métrica clásica acelerada. |
| Microsoft.Insights/AlertRules/Incidents/Read | Lee el incidente de una alerta de métrica clásica. |
| Microsoft.Insights/metrics/read | Lee métricas |
| Microsoft.Insights/logs/read | Lee datos de todos los registros. |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read, create, modify and delete HDInsight on AKS cluster pools and create clusters",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7656b436-37d4-490a-a4ab-d39f838f0042",
"name": "7656b436-37d4-490a-a4ab-d39f838f0042",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.HDInsight/clusterPools/clusters/read",
"Microsoft.HDInsight/clusterPools/clusters/write",
"Microsoft.HDInsight/clusterPools/delete",
"Microsoft.HDInsight/clusterPools/read",
"Microsoft.HDInsight/clusterPools/write",
"Microsoft.HDInsight/clusterpools/availableupgrades/read",
"Microsoft.HDInsight/clusterpools/upgrade/action",
"Microsoft.HDInsight/clusterPools/upgradehistories/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/*/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/logs/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight on AKS Cluster Pool Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador de Log Analytics
Un colaborador de Log Analytics puede leer todos los datos de supervisión y editar la configuración de supervisión. La edición de la configuración de supervisión incluye la posibilidad de agregar la extensión de máquina virtual a las máquinas virtuales, leer las claves de las cuentas de almacenamiento para poder configurar la recopilación de registros de Azure Storage, agregar soluciones y configurar Azure Diagnostics en todos los recursos de Azure.
| Acciones | Descripción |
|---|---|
| */read | Leer recursos de todos los tipos, excepto secretos. |
| Microsoft.ClassicCompute/virtualMachines/extensions/* | |
| Microsoft.ClassicStorage/storageAccounts/listKeys/action | Enumera las claves de acceso de las cuentas de almacenamiento. |
| Microsoft.Compute/virtualMachines/extensions/* | |
| Microsoft.HybridCompute/machines/extensions/write | Instala o actualiza las extensiones de Azure Arc. |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.Insights/diagnosticSettings/* | Crea, actualiza o lee la configuración de diagnóstico de Analysis Server. |
| Microsoft.OperationalInsights/* | |
| Microsoft.OperationsManagement/* | |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.Storage/storageAccounts/listKeys/action | Devuelve las claves de acceso de la cuenta de almacenamiento especificada. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.ClassicCompute/virtualMachines/extensions/*",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.Compute/virtualMachines/extensions/*",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/*",
"Microsoft.OperationsManagement/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de Log Analytics
Un lector de Log Analytics puede ver y buscar todos los datos de supervisión, así como consultar la configuración de supervisión, incluida la de Azure Diagnostics en todos los recursos de Azure.
| Acciones | Descripción |
|---|---|
| */read | Leer recursos de todos los tipos, excepto secretos. |
| Microsoft.OperationalInsights/workspaces/analytics/query/action | Realiza búsquedas mediante el nuevo motor. |
| Microsoft.OperationalInsights/workspaces/search/action | Ejecuta una consulta de búsqueda |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| NotActions | |
| Microsoft.OperationalInsights/workspaces/sharedKeys/read | Recupera las claves compartidas del área de trabajo. Estas claves se utilizan para conectar los agentes de Microsoft Operational Insights al área de trabajo. |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
"name": "73c42c96-874c-492b-b04d-ab87d138a893",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.OperationalInsights/workspaces/sharedKeys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador del registro de esquemas (versión preliminar)
Leer, escribir y eliminar esquemas y grupos de registros de esquema.
| Acciones | Descripción |
|---|---|
| Microsoft.EventHub/namespaces/schemagroups/* | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/namespaces/schemas/* | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read, write, and delete Schema Registry groups and schemas.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
"name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/*"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Contributor (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector del registro de esquemas (versión preliminar)
Leer y enumerar grupos y esquemas del registro de esquemas.
| Acciones | Descripción |
|---|---|
| Microsoft.EventHub/namespaces/schemagroups/read | Obtiene una lista de descripciones de recursos de SchemaGroup |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/namespaces/schemas/read | Recuperación de esquemas |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read and list Schema Registry groups and schemas.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/read"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Evaluador de consultas de Stream Analytics
Permite hacer pruebas de consultas sin crear primero un trabajo de Stream Analytics.
| Acciones | Descripción |
|---|---|
| Microsoft.StreamAnalytics/locations/TestQuery/action | Prueba la consulta del proveedor de recursos de Stream Analytics. |
| Microsoft.StreamAnalytics/locations/OperationResults/read | Lee el resultado de las operaciones de Stream Analytics. |
| Microsoft.StreamAnalytics/locations/SampleInput/action | Entrada de ejemplo del proveedor de recursos de Stream Analytics. |
| Microsoft.StreamAnalytics/locations/CompileQuery/action | Compila la consulta del proveedor de recursos de Stream Analytics. |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform query testing without creating a stream analytics job first",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf",
"name": "1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf",
"permissions": [
{
"actions": [
"Microsoft.StreamAnalytics/locations/TestQuery/action",
"Microsoft.StreamAnalytics/locations/OperationResults/read",
"Microsoft.StreamAnalytics/locations/SampleInput/action",
"Microsoft.StreamAnalytics/locations/CompileQuery/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Stream Analytics Query Tester",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}