Roles integrados de Azure para Internet de las cosas
En este artículo se enumeran los roles integrados de Azure en la categoría Internet de las cosas.
Propietario de datos de Azure Digital Twins
Rol de acceso completo para plano de datos de Digital Twins
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.DigitalTwins/digitaltwins/* | Lee, crea, actualiza o elimina cualquier gemelo digital. |
| Microsoft.DigitalTwins/digitaltwins/commands/* | Invoca cualquier comando en un gemelo digital. |
| Microsoft.DigitalTwins/digitaltwins/relationships/* | Lee, crea, actualiza o elimina cualquier relación de gemelo digital. |
| Microsoft.DigitalTwins/eventroutes/* | Lee, elimina, crea o actualiza cualquier ruta de eventos. |
| Microsoft.DigitalTwins/jobs/* | |
| Microsoft.DigitalTwins/models/* | Lee, crea, actualiza o elimina cualquier modelo. |
| Microsoft.DigitalTwins/query/* | Consulta cualquier grafo de Digital Twins. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Full access role for Digital Twins data-plane",
"id": "/providers/Microsoft.Authorization/roleDefinitions/bcd981a7-7f74-457b-83e1-cceb9e632ffe",
"name": "bcd981a7-7f74-457b-83e1-cceb9e632ffe",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.DigitalTwins/digitaltwins/*",
"Microsoft.DigitalTwins/digitaltwins/commands/*",
"Microsoft.DigitalTwins/digitaltwins/relationships/*",
"Microsoft.DigitalTwins/eventroutes/*",
"Microsoft.DigitalTwins/jobs/*",
"Microsoft.DigitalTwins/models/*",
"Microsoft.DigitalTwins/query/*"
],
"notDataActions": []
}
],
"roleName": "Azure Digital Twins Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de datos de Azure Digital Twins
Rol de solo lectura para las propiedades del plano de datos de Digital Twins
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.DigitalTwins/digitaltwins/read | Lee cualquier gemelo digital. |
| Microsoft.DigitalTwins/digitaltwins/relationships/read | Lee cualquier relación de gemelo digital. |
| Microsoft.DigitalTwins/eventroutes/read | Lee cualquier ruta de eventos. |
| Microsoft.DigitalTwins/jobs/import/read | Lee cualquier trabajo de importación en bloque |
| Microsoft.DigitalTwins/jobs/imports/read | Lee cualquier trabajo de importación en bloque |
| Microsoft.DigitalTwins/jobs/deletions/read | Leer cualquier trabajo de eliminación masiva |
| Microsoft.DigitalTwins/models/read | Lee cualquier modelo. |
| Microsoft.DigitalTwins/query/action | Consulta cualquier grafo de Digital Twins. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read-only role for Digital Twins data-plane properties",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d57506d4-4c8d-48b1-8587-93c323f6a5a3",
"name": "d57506d4-4c8d-48b1-8587-93c323f6a5a3",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.DigitalTwins/digitaltwins/read",
"Microsoft.DigitalTwins/digitaltwins/relationships/read",
"Microsoft.DigitalTwins/eventroutes/read",
"Microsoft.DigitalTwins/jobs/import/read",
"Microsoft.DigitalTwins/jobs/imports/read",
"Microsoft.DigitalTwins/jobs/deletions/read",
"Microsoft.DigitalTwins/models/read",
"Microsoft.DigitalTwins/query/action"
],
"notDataActions": []
}
],
"roleName": "Azure Digital Twins Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador de datos del servicio de aprovisionamiento de dispositivos
Permite el acceso completo a las operaciones del plano de datos del servicio de aprovisionamiento de dispositivos.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Devices/provisioningServices/* | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Device Provisioning Service data-plane operations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/dfce44e4-17b7-4bd1-a6d1-04996ec95633",
"name": "dfce44e4-17b7-4bd1-a6d1-04996ec95633",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/provisioningServices/*"
],
"notDataActions": []
}
],
"roleName": "Device Provisioning Service Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de datos del servicio aprovisionamiento de dispositivos
Permite el acceso de lectura completo a las propiedades del plano de datos del servicio de aprovisionamiento de dispositivos.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Devices/provisioningServices/*/read | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full read access to Device Provisioning Service data-plane properties.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/10745317-c249-44a1-a5ce-3a4353c0bbd8",
"name": "10745317-c249-44a1-a5ce-3a4353c0bbd8",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/provisioningServices/*/read"
],
"notDataActions": []
}
],
"roleName": "Device Provisioning Service Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrador de Device Update
Proporciona acceso total a operaciones de contenido y administración.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.DeviceUpdate/accounts/instances/updates/read | Realiza una operación de lectura relacionada con las actualizaciones. |
| Microsoft.DeviceUpdate/accounts/instances/updates/write | Realiza una operación de escritura relacionada con las actualizaciones. |
| Microsoft.DeviceUpdate/accounts/instances/updates/delete | Realiza una operación de eliminación relacionada con las actualizaciones. |
| Microsoft.DeviceUpdate/accounts/instances/management/read | Realiza una operación de lectura relacionada con la administración. |
| Microsoft.DeviceUpdate/accounts/instances/management/write | Realiza una operación de escritura relacionada con la administración. |
| Microsoft.DeviceUpdate/accounts/instances/management/delete | Realiza una operación de eliminación relacionada con la administración. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Gives you full access to management and content operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/02ca0879-e8e4-47a5-a61e-5c618b76e64a",
"name": "02ca0879-e8e4-47a5-a61e-5c618b76e64a",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/updates/read",
"Microsoft.DeviceUpdate/accounts/instances/updates/write",
"Microsoft.DeviceUpdate/accounts/instances/updates/delete",
"Microsoft.DeviceUpdate/accounts/instances/management/read",
"Microsoft.DeviceUpdate/accounts/instances/management/write",
"Microsoft.DeviceUpdate/accounts/instances/management/delete"
],
"notDataActions": []
}
],
"roleName": "Device Update Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrador de contenido de Device Update
Proporciona acceso total a operaciones de contenido.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.DeviceUpdate/accounts/instances/updates/read | Realiza una operación de lectura relacionada con las actualizaciones. |
| Microsoft.DeviceUpdate/accounts/instances/updates/write | Realiza una operación de escritura relacionada con las actualizaciones. |
| Microsoft.DeviceUpdate/accounts/instances/updates/delete | Realiza una operación de eliminación relacionada con las actualizaciones. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Gives you full access to content operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0378884a-3af5-44ab-8323-f5b22f9f3c98",
"name": "0378884a-3af5-44ab-8323-f5b22f9f3c98",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/updates/read",
"Microsoft.DeviceUpdate/accounts/instances/updates/write",
"Microsoft.DeviceUpdate/accounts/instances/updates/delete"
],
"notDataActions": []
}
],
"roleName": "Device Update Content Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de contenido de Device Update
Proporciona acceso de lectura a operaciones de contenido, pero no permite realizar cambios.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.DeviceUpdate/accounts/instances/updates/read | Realiza una operación de lectura relacionada con las actualizaciones. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Gives you read access to content operations, but does not allow making changes",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d1ee9a80-8b14-47f0-bdc2-f4a351625a7b",
"name": "d1ee9a80-8b14-47f0-bdc2-f4a351625a7b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/updates/read"
],
"notDataActions": []
}
],
"roleName": "Device Update Content Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrador de implementaciones de Device Update
Proporciona acceso total a operaciones de administración.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.DeviceUpdate/accounts/instances/management/read | Realiza una operación de lectura relacionada con la administración. |
| Microsoft.DeviceUpdate/accounts/instances/management/write | Realiza una operación de escritura relacionada con la administración. |
| Microsoft.DeviceUpdate/accounts/instances/management/delete | Realiza una operación de eliminación relacionada con la administración. |
| Microsoft.DeviceUpdate/accounts/instances/updates/read | Realiza una operación de lectura relacionada con las actualizaciones. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Gives you full access to management operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e4237640-0e3d-4a46-8fda-70bc94856432",
"name": "e4237640-0e3d-4a46-8fda-70bc94856432",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/management/read",
"Microsoft.DeviceUpdate/accounts/instances/management/write",
"Microsoft.DeviceUpdate/accounts/instances/management/delete",
"Microsoft.DeviceUpdate/accounts/instances/updates/read"
],
"notDataActions": []
}
],
"roleName": "Device Update Deployments Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de implementaciones de Device Update
Proporciona acceso de lectura a operaciones de administración, pero no permite realizar cambios.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.DeviceUpdate/accounts/instances/management/read | Realiza una operación de lectura relacionada con la administración. |
| Microsoft.DeviceUpdate/accounts/instances/updates/read | Realiza una operación de lectura relacionada con las actualizaciones. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Gives you read access to management operations, but does not allow making changes",
"id": "/providers/Microsoft.Authorization/roleDefinitions/49e2f5d2-7741-4835-8efa-19e1fe35e47f",
"name": "49e2f5d2-7741-4835-8efa-19e1fe35e47f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/management/read",
"Microsoft.DeviceUpdate/accounts/instances/updates/read"
],
"notDataActions": []
}
],
"roleName": "Device Update Deployments Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de Device Update
Proporciona acceso de lectura a operaciones de contenido y administración, pero no permite realizar cambios.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.DeviceUpdate/accounts/instances/updates/read | Realiza una operación de lectura relacionada con las actualizaciones. |
| Microsoft.DeviceUpdate/accounts/instances/management/read | Realiza una operación de lectura relacionada con la administración. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Gives you read access to management and content operations, but does not allow making changes",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f",
"name": "e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.DeviceUpdate/accounts/instances/updates/read",
"Microsoft.DeviceUpdate/accounts/instances/management/read"
],
"notDataActions": []
}
],
"roleName": "Device Update Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrador de análisis de firmware
Carga y análisis de imágenes de firmware en Defender para IoT
| Acciones | Descripción |
|---|---|
| Microsoft.IoTFirmwareDefense/* | |
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Upload and analyze firmware images in Defender for IoT",
"id": "/providers/Microsoft.Authorization/roleDefinitions/9c1607d1-791d-4c68-885d-c7b7aaff7c8a",
"name": "9c1607d1-791d-4c68-885d-c7b7aaff7c8a",
"permissions": [
{
"actions": [
"Microsoft.IoTFirmwareDefense/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Firmware Analysis Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador de datos de IoT Hub
Permite el acceso total a las operaciones del plano de datos de IoT Hub.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Devices/IotHubs/* | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to IoT Hub data plane operations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4fc6c259-987e-4a07-842e-c321cc9d413f",
"name": "4fc6c259-987e-4a07-842e-c321cc9d413f",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/IotHubs/*"
],
"notDataActions": []
}
],
"roleName": "IoT Hub Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de datos de IoT Hub
Permite el acceso de lectura total a las propiedades del plano de datos de IoT Hub.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Devices/IotHubs/*/read | |
| Microsoft.Devices/IotHubs/fileUpload/notifications/action | Recibe, completa o abandona notificaciones de carga de archivos. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full read access to IoT Hub data-plane properties",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b447c946-2db7-41ec-983d-d8bf3b1c77e3",
"name": "b447c946-2db7-41ec-983d-d8bf3b1c77e3",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/IotHubs/*/read",
"Microsoft.Devices/IotHubs/fileUpload/notifications/action"
],
"notDataActions": []
}
],
"roleName": "IoT Hub Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador del registro de IoT Hub
Permite el acceso completo al registro de dispositivos de IoT Hub.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Devices/IotHubs/devices/* | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to IoT Hub device registry.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4ea46cd5-c1b2-4a8e-910b-273211f9ce47",
"name": "4ea46cd5-c1b2-4a8e-910b-273211f9ce47",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/IotHubs/devices/*"
],
"notDataActions": []
}
],
"roleName": "IoT Hub Registry Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador de gemelos de IoT Hub
Permite el acceso de lectura y escritura a todos los dispositivos y módulos gemelos de IoT Hub.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Devices/IotHubs/twins/* | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read and write access to all IoT Hub device and module twins.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/494bdba2-168f-4f31-a0a1-191d2f7c028c",
"name": "494bdba2-168f-4f31-a0a1-191d2f7c028c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Devices/IotHubs/twins/*"
],
"notDataActions": []
}
],
"roleName": "IoT Hub Twin Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}