Roles integrados de Azure para Monitor
En este artículo se enumeran los roles integrados de Azure en la categoría Supervisión.
Colaborador de componentes de Application Insights
Puede administrar los componentes de Application Insights
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Insights/alertRules/* | Crear y administrar reglas de alertas clásicas |
| Microsoft.Insights/generateLiveToken/read | Obtención del token de las métricas en vivo |
| Microsoft.Insights/metricAlerts/* | Crear y administrar nuevas reglas de alertas |
| Microsoft.Insights/components/* | Crear y administrar componentes de Insights |
| Microsoft.Insights/scheduledqueryrules/* | |
| Microsoft.Insights/topology/read | Leer topología |
| Microsoft.Insights/transactions/read | Leer transacciones |
| Microsoft.Insights/webtests/* | Crear y administrar pruebas web de Insights |
| Microsoft.ResourceHealth/availabilityStatuses/read | Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificado |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can manage Application Insights components",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e",
"name": "ae349356-3a1b-4a5e-921d-050484c6347e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/generateLiveToken/read",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.Insights/components/*",
"Microsoft.Insights/scheduledqueryrules/*",
"Microsoft.Insights/topology/read",
"Microsoft.Insights/transactions/read",
"Microsoft.Insights/webtests/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Application Insights Component Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Depurador de instantáneas de Application Insights
Concede permiso al usuario para ver y descargar las instantáneas de depuración que se recopilan con Snapshot Debugger de Application Insights. Tenga en cuenta que estos permisos no se incluyen en los roles Propietario ni Colaborador. Si concede el rol Depurador de instantáneas de Application Insights a los usuarios, debe concederlo directamente al usuario. El rol no se reconoce cuando se agrega a un rol personalizado.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.Insights/components/*/read | |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Gives user permission to use Application Insights Snapshot Debugger features",
"id": "/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b",
"name": "08954f03-6346-4c2e-81c0-ec3a5cfae23b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/components/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Application Insights Snapshot Debugger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrador de Grafana
Administre la configuración de todo el servidor y administre el acceso a recursos como organizaciones, usuarios y licencias.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Dashboard/grafana/ActAsGrafanaAdmin/action | Actuar como rol de administrador de Grafana |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Manage server-wide settings and manage access to resources such as organizations, users, and licenses.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/22926164-76b3-42b3-bc55-97df8dab3e41",
"name": "22926164-76b3-42b3-bc55-97df8dab3e41",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Dashboard/grafana/ActAsGrafanaAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Grafana Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Editor de Grafana
Crear, editar, eliminar o ver paneles; crear, editar o eliminar carpetas; y editar o ver listas de reproducción.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action | Actuar como rol de editor de Grafana |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Create, edit, delete, or view dashboards; create, edit, or delete folders; and edit or view playlists.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a79a5197-3a5c-4973-a920-486035ffd60f",
"name": "a79a5197-3a5c-4973-a920-486035ffd60f",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action"
],
"notDataActions": []
}
],
"roleName": "Grafana Editor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Visor limitado de Grafana
Ver la página principal.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Dashboard/grafana/ActAsGrafanaLimitedViewer/action | Actuar como rol de visor limitado de Grafana |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "View home page.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/41e04612-9dac-4699-a02b-c82ff2cc3fb5",
"name": "41e04612-9dac-4699-a02b-c82ff2cc3fb5",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Dashboard/grafana/ActAsGrafanaLimitedViewer/action"
],
"notDataActions": []
}
],
"roleName": "Grafana Limited Viewer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Visor de Grafana
Ver paneles, listas de reproducción y consultar orígenes de datos.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action | Actuar como rol de visor de Grafana |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "View dashboards, playlists, and query data sources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/60921a7e-fef1-4a43-9b16-a26c52ad4769",
"name": "60921a7e-fef1-4a43-9b16-a26c52ad4769",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action"
],
"notDataActions": []
}
],
"roleName": "Grafana Viewer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador de supervisión
Puede leer todos los datos de supervisión y editar la configuración de supervisión. Consulte también Introducción a roles, permisos y seguridad con Azure Monitor.
| Acciones | Descripción |
|---|---|
| */read | Leer recursos de todos los tipos, excepto secretos. |
| Microsoft.AlertsManagement/alerts/* | |
| Microsoft.AlertsManagement/alertsSummary/* | |
| Microsoft.Insights/actiongroups/* | |
| Microsoft.Insights/activityLogAlerts/* | |
| Microsoft.Insights/AlertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.Insights/components/* | Crear y administrar componentes de Insights |
| Microsoft.Insights/createNotifications/* | |
| Microsoft.Insights/dataCollectionEndpoints/* | |
| Microsoft.Insights/dataCollectionRules/* | |
| Microsoft.Insights/dataCollectionRuleAssociations/* | |
| Microsoft.Insights/DiagnosticSettings/* | Crea, actualiza o lee la configuración de diagnóstico de Analysis Server. |
| Microsoft.Insights/eventtypes/* | Enumerar eventos del registro de actividades (eventos de administración) de una suscripción. Este permiso es aplicable para el acceso mediante programación y mediante el portal al registro de actividades. |
| Microsoft.Insights/LogDefinitions/* | Este permiso es necesario para los usuarios que necesitan acceder a registros de actividades a través del portal. Enumere las categorías de registro del registro de actividad. |
| Microsoft.Insights/metricalerts/* | |
| Microsoft.Insights/MetricDefinitions/* | Leer definiciones de métrica (lista de tipos de métricas disponibles para un recurso). |
| Microsoft.Insights/Metrics/* | Leer las métricas de un recurso. |
| Microsoft.Insights/notificationStatus/* | |
| Microsoft.Insights/Register/Action | Registra el proveedor de Microsoft Insights. |
| Microsoft.Insights/scheduledqueryrules/* | |
| Microsoft.Insights/webtests/* | Crear y administrar pruebas web de Insights |
| Microsoft.Insights/workbooks/* | |
| Microsoft.Insights/workbooktemplates/* | |
| Microsoft.Insights/privateLinkScopes/* | |
| Microsoft.Insights/privateLinkScopeOperationStatuses/* | |
| Microsoft.Monitor/accounts/* | |
| Microsoft.OperationalInsights/workspaces/write | Crea una nueva área de trabajo o vincula a un área de trabajo que ya existe proporcionando el identificador de cliente de esta. |
| Microsoft.OperationalInsights/workspaces/intelligencepacks/* | Lee, escribe o elimina paquetes de soluciones de Log Analytics. |
| Microsoft.OperationalInsights/workspaces/savedSearches/* | Lee, escribe o elimina búsquedas guardadas de Log Analytics. |
| Microsoft.OperationalInsights/workspaces/search/action | Ejecuta una consulta de búsqueda |
| Microsoft.OperationalInsights/workspaces/sharedKeys/action | Recupera las claves compartidas del área de trabajo. Estas claves se utilizan para conectar los agentes de Microsoft Operational Insights al área de trabajo. |
| Microsoft.OperationalInsights/workspaces/storageinsightconfigs/* | Lee, escribe o elimina configuraciones de visión de almacenamiento de Log Analytics. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| Microsoft.AlertsManagement/smartDetectorAlertRules/* | |
| Microsoft.AlertsManagement/actionRules/* | |
| Microsoft.AlertsManagement/smartGroups/* | |
| Microsoft.AlertsManagement/migrateFromSmartDetection/* | |
| Microsoft.AlertsManagement/investigations/* | |
| Microsoft.AlertsManagement/prometheusRuleGroups/* | |
| Microsoft.Monitor/investigations/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read all monitoring data and update monitoring settings.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"name": "749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.AlertsManagement/alerts/*",
"Microsoft.AlertsManagement/alertsSummary/*",
"Microsoft.Insights/actiongroups/*",
"Microsoft.Insights/activityLogAlerts/*",
"Microsoft.Insights/AlertRules/*",
"Microsoft.Insights/components/*",
"Microsoft.Insights/createNotifications/*",
"Microsoft.Insights/dataCollectionEndpoints/*",
"Microsoft.Insights/dataCollectionRules/*",
"Microsoft.Insights/dataCollectionRuleAssociations/*",
"Microsoft.Insights/DiagnosticSettings/*",
"Microsoft.Insights/eventtypes/*",
"Microsoft.Insights/LogDefinitions/*",
"Microsoft.Insights/metricalerts/*",
"Microsoft.Insights/MetricDefinitions/*",
"Microsoft.Insights/Metrics/*",
"Microsoft.Insights/notificationStatus/*",
"Microsoft.Insights/Register/Action",
"Microsoft.Insights/scheduledqueryrules/*",
"Microsoft.Insights/webtests/*",
"Microsoft.Insights/workbooks/*",
"Microsoft.Insights/workbooktemplates/*",
"Microsoft.Insights/privateLinkScopes/*",
"Microsoft.Insights/privateLinkScopeOperationStatuses/*",
"Microsoft.Monitor/accounts/*",
"Microsoft.OperationalInsights/workspaces/write",
"Microsoft.OperationalInsights/workspaces/intelligencepacks/*",
"Microsoft.OperationalInsights/workspaces/savedSearches/*",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.OperationalInsights/workspaces/sharedKeys/action",
"Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*",
"Microsoft.Support/*",
"Microsoft.AlertsManagement/smartDetectorAlertRules/*",
"Microsoft.AlertsManagement/actionRules/*",
"Microsoft.AlertsManagement/smartGroups/*",
"Microsoft.AlertsManagement/migrateFromSmartDetection/*",
"Microsoft.AlertsManagement/investigations/*",
"Microsoft.AlertsManagement/prometheusRuleGroups/*",
"Microsoft.Monitor/investigations/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Monitoring Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Supervisión del publicador de métricas
Permite publicar las métricas de los recursos de Azure.
| Acciones | Descripción |
|---|---|
| Microsoft.Insights/Register/Action | Registra el proveedor de Microsoft Insights. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Insights/Metrics/Write | Escribe métricas. |
| Microsoft.Insights/Telemetry/Write | Escribe datos de telemetría. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Enables publishing metrics against Azure resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb",
"name": "3913510d-42f4-4e42-8a64-420c390055eb",
"permissions": [
{
"actions": [
"Microsoft.Insights/Register/Action",
"Microsoft.Support/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Insights/Metrics/Write",
"Microsoft.Insights/Telemetry/Write"
],
"notDataActions": []
}
],
"roleName": "Monitoring Metrics Publisher",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de supervisión
Puede leer todos los datos de supervisión (métricas, registros, etc.). Consulte también Introducción a roles, permisos y seguridad con Azure Monitor.
| Acciones | Descripción |
|---|---|
| */read | Leer recursos de todos los tipos, excepto secretos. |
| Microsoft.OperationalInsights/workspaces/search/action | Ejecuta una consulta de búsqueda |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read all monitoring data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05",
"name": "43d0d8ad-25c7-4714-9337-8ba259a9fe05",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Monitoring Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador de libros
Puede guardar los libros compartidos.
| Acciones | Descripción |
|---|---|
| Microsoft.Insights/workbooks/write | Crea o actualiza un libro. |
| Microsoft.Insights/workbooks/delete | Elimina un libro. |
| Microsoft.Insights/workbooks/read | Lee un libro. |
| Microsoft.Insights/workbooks/revisions/read | Obtiene las revisiones del libro |
| Microsoft.Insights/workbooktemplates/write | Crea o actualiza una plantilla de libro. |
| Microsoft.Insights/workbooktemplates/delete | Elimina una plantilla de libro. |
| Microsoft.Insights/workbooktemplates/read | Lee una plantilla de libro. |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can save shared workbooks.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad",
"name": "e8ddcd69-c73f-4f9f-9844-4100522f16ad",
"permissions": [
{
"actions": [
"Microsoft.Insights/workbooks/write",
"Microsoft.Insights/workbooks/delete",
"Microsoft.Insights/workbooks/read",
"Microsoft.Insights/workbooks/revisions/read",
"Microsoft.Insights/workbooktemplates/write",
"Microsoft.Insights/workbooktemplates/delete",
"Microsoft.Insights/workbooktemplates/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Workbook Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de libros
Puede leer libros.
| Acciones | Descripción |
|---|---|
| microsoft.insights/workbooks/read | Lee un libro. |
| microsoft.insights/workbooks/revisions/read | Obtiene las revisiones del libro |
| microsoft.insights/workbooktemplates/read | Lee una plantilla de libro. |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read workbooks.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d",
"name": "b279062a-9be3-42a0-92ae-8b3cf002ec4d",
"permissions": [
{
"actions": [
"microsoft.insights/workbooks/read",
"microsoft.insights/workbooks/revisions/read",
"microsoft.insights/workbooktemplates/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Workbook Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}