你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Azure AI + 机器学习内置角色
本文列出了“AI + 机器学习”类别的 Azure 内置角色。
AgFood 平台感測器合作夥伴貢獻者
提供贡献访问权限以管理 AgFood 平台服务中的传感器相关实体
操作 | 说明 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.AgFoodPlatform/farmBeats/sensorPartnerScope/* | |
NotDataActions | |
Microsoft.AgFoodPlatform/farmBeats/sensorPartnerScope/sensors/delete | 删除限制为调用方传感器合作伙伴范围的现有 AgFoodPlatform 传感器资源。 |
{
"assignableScopes": [
"/"
],
"description": "Provides contribute access to manage sensor related entities in AgFood Platform Service",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6b77f0a0-0d89-41cc-acd1-579c22c17a67",
"name": "6b77f0a0-0d89-41cc-acd1-579c22c17a67",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AgFoodPlatform/farmBeats/sensorPartnerScope/*"
],
"notDataActions": [
"Microsoft.AgFoodPlatform/farmBeats/sensorPartnerScope/sensors/delete"
]
}
],
"roleName": "AgFood Platform Sensor Partner Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AgFood 平台服务管理员
提供 AgFood 平台服务的管理员访问权限
操作 | 说明 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.AgFoodPlatform/* | 创建、更新、读取和删除任何 AgFood 平台资源。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Provides admin access to AgFood Platform Service",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f8da80de-1ff9-4747-ad80-a19b7f6079e3",
"name": "f8da80de-1ff9-4747-ad80-a19b7f6079e3",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AgFoodPlatform/*"
],
"notDataActions": []
}
],
"roleName": "AgFood Platform Service Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AgFood平台服务贡献者
提供对 AgFood 平台服务的贡献访问权限
操作 | 说明 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.AgFoodPlatform/*/action | |
Microsoft.AgFoodPlatform/*/read | 读取任何 AgFood 平台资源。 |
Microsoft.AgFoodPlatform/*/write | 创建和更新任何 AgFood 平台资源。 |
NotDataActions | |
Microsoft.AgFoodPlatform/farmBeats/farmers/write | 创建或更新 AgFoodPlatform 农民。 |
Microsoft.AgFoodPlatform/farmBeats/deletionJobs/*/write | |
Microsoft.AgFoodPlatform/farmBeats/parties/write | 创建或更新 AgFoodPlatform 参与方。 |
Microsoft.AgFoodPlatform/farmBeats/datasets/write | 创建或更新 AgFoodPlatform 数据集。 |
Microsoft.AgFoodPlatform/farmBeats/datasetRecords/write | 创建或更新 AgFoodPlatform 数据集记录。 |
Microsoft.AgFoodPlatform/farmBeats/datasets/access/*/action |
{
"assignableScopes": [
"/"
],
"description": "Provides contribute access to AgFood Platform Service",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8508508a-4469-4e45-963b-2518ee0bb728",
"name": "8508508a-4469-4e45-963b-2518ee0bb728",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AgFoodPlatform/*/action",
"Microsoft.AgFoodPlatform/*/read",
"Microsoft.AgFoodPlatform/*/write"
],
"notDataActions": [
"Microsoft.AgFoodPlatform/farmBeats/farmers/write",
"Microsoft.AgFoodPlatform/farmBeats/deletionJobs/*/write",
"Microsoft.AgFoodPlatform/farmBeats/parties/write",
"Microsoft.AgFoodPlatform/farmBeats/datasets/write",
"Microsoft.AgFoodPlatform/farmBeats/datasetRecords/write",
"Microsoft.AgFoodPlatform/farmBeats/datasets/access/*/action"
]
}
],
"roleName": "AgFood Platform Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AgFood 平台服务读者
提供对 AgFood 平台服务的读取存取权限
操作 | 说明 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.AgFoodPlatform/*/list/action | |
Microsoft.AgFoodPlatform/*/read | 读取任何 AgFood 平台资源。 |
Microsoft.AgFoodPlatform/*/search/action | |
Microsoft.AgFoodPlatform/*/download/action | |
Microsoft.AgFoodPlatform/*/overlap/action | |
Microsoft.AgFoodPlatform/*/checkConsent/action | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Provides read access to AgFood Platform Service",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7ec7ccdc-f61e-41fe-9aaf-980df0a44eba",
"name": "7ec7ccdc-f61e-41fe-9aaf-980df0a44eba",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AgFoodPlatform/*/list/action",
"Microsoft.AgFoodPlatform/*/read",
"Microsoft.AgFoodPlatform/*/search/action",
"Microsoft.AgFoodPlatform/*/download/action",
"Microsoft.AgFoodPlatform/*/overlap/action",
"Microsoft.AgFoodPlatform/*/checkConsent/action"
],
"notDataActions": []
}
],
"roleName": "AgFood Platform Service Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure AI 开发人员
除了管理资源本身之外,还可以在 Azure AI 资源中执行所有操作。
操作 | 说明 |
---|---|
Microsoft.MachineLearningServices/workspaces/*/read | |
Microsoft.MachineLearningServices/workspaces/*/action | |
Microsoft.MachineLearningServices/workspaces/*/delete | |
Microsoft.MachineLearningServices/workspaces/*/write | |
Microsoft.MachineLearningServices/locations/*/read | |
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
不操作 | |
Microsoft.MachineLearningServices/workspaces/delete | 删除机器学习服务工作区 |
Microsoft.MachineLearningServices/workspaces/write | 创建或更新机器学习服务工作区 |
Microsoft.MachineLearningServices/workspaces/listKeys/action | 列出机器学习服务工作区的机密 |
Microsoft.MachineLearningServices/workspaces/hubs/write | 创建或更新机器学习服务中心工作区 |
Microsoft.MachineLearningServices/workspaces/hubs/delete | 删除机器学习服务中心工作区 |
Microsoft.MachineLearningServices/workspaces/featurestores/write | 创建或更新机器学习服务特征存储 |
Microsoft.MachineLearningServices/workspaces/featurestores/delete | 删除机器学习服务特征存储 |
DataActions | |
Microsoft.CognitiveServices/accounts/OpenAI/* | |
Microsoft.CognitiveServices/accounts/SpeechServices/* | |
Microsoft.CognitiveServices/accounts/ContentSafety/* | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Can perform all actions within an Azure AI resource besides managing the resource itself.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/64702f94-c441-49e6-a78b-ef80e0188fee",
"name": "64702f94-c441-49e6-a78b-ef80e0188fee",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/workspaces/*/read",
"Microsoft.MachineLearningServices/workspaces/*/action",
"Microsoft.MachineLearningServices/workspaces/*/delete",
"Microsoft.MachineLearningServices/workspaces/*/write",
"Microsoft.MachineLearningServices/locations/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*"
],
"notActions": [
"Microsoft.MachineLearningServices/workspaces/delete",
"Microsoft.MachineLearningServices/workspaces/write",
"Microsoft.MachineLearningServices/workspaces/listKeys/action",
"Microsoft.MachineLearningServices/workspaces/hubs/write",
"Microsoft.MachineLearningServices/workspaces/hubs/delete",
"Microsoft.MachineLearningServices/workspaces/featurestores/write",
"Microsoft.MachineLearningServices/workspaces/featurestores/delete"
],
"dataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*",
"Microsoft.CognitiveServices/accounts/SpeechServices/*",
"Microsoft.CognitiveServices/accounts/ContentSafety/*"
],
"notDataActions": []
}
],
"roleName": "Azure AI Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure AI 企业网络连接审批者
可以批准与 Azure AI 通用依赖项资源的专用终结点连接
操作 | 说明 |
---|---|
Microsoft.ContainerRegistry/registries/privateEndpointConnectionsApproval/action | 自动批准专用终结点连接 |
Microsoft.ContainerRegistry/registries/privateEndpointConnections/read | 获取专用终结点连接的属性,或列出指定容器注册表的所有专用终结点连接 |
Microsoft.ContainerRegistry/registries/privateEndpointConnections/write | 批准/拒绝专用终结点连接 |
Microsoft.Cache/redis/read | 在管理门户中查看 Redis 缓存的设置和配置 |
Microsoft.Cache/redis/privateEndpointConnections/read | 读取专用终结点连接 |
Microsoft.Cache/redis/privateEndpointConnections/write | 写入专用终结点连接 |
Microsoft.Cache/redis/privateLinkResources/read | 读取专用链接可以连接到的 Redis 子资源的“groupId” |
Microsoft.Cache/redis/privateEndpointConnectionsApproval/action | 审批专用终结点连接 |
Microsoft.Cache/redisEnterprise/read | 在管理门户中查看 Redis Enterprise 缓存的设置和配置 |
Microsoft.Cache/redisEnterprise/privateEndpointConnections/read | 读取专用终结点连接 |
Microsoft.Cache/redisEnterprise/privateEndpointConnections/write | 写入专用终结点连接 |
Microsoft.Cache/redisEnterprise/privateLinkResources/read | 读取专用链接可以连接到的 Redis 子资源的“groupId” |
Microsoft.Cache/redisEnterprise/privateEndpointConnectionsApproval/action | 审批专用终结点连接 |
Microsoft.CognitiveServices/accounts/read | 读取 API 帐户。 |
Microsoft.CognitiveServices/accounts/privateEndpointConnections/read | 读取专用终结点连接。 |
Microsoft.CognitiveServices/accounts/privateEndpointConnections/write | 写入专用终结点连接。 |
Microsoft.CognitiveServices/accounts/privateLinkResources/read | 读取帐户的专用链接资源。 |
Microsoft.DocumentDB/databaseAccounts/privateEndpointConnectionsApproval/action | 管理数据库帐户的专用终结点连接 |
Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read | 读取专用终结点连接,或列出数据库帐户的所有专用终结点连接 |
Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/write | 创建或更新数据库帐户的专用终结点连接 |
Microsoft.DocumentDB/databaseAccounts/privateLinkResources/read | 读取专用链接资源,或列出数据库帐户的所有专用链接资源 |
Microsoft.DocumentDB/databaseAccounts/read | 读取数据库帐户。 |
Microsoft.KeyVault/vaults/privateEndpointConnectionsApproval/action | 批准或拒绝到 Microsoft.Network 提供程序的专用终结点资源的连接 |
Microsoft.KeyVault/vaults/privateEndpointConnections/read | 查看到 Microsoft.Network 提供程序的专用终结点资源的连接状态 |
Microsoft.KeyVault/vaults/privateEndpointConnections/write | 更改到 Microsoft.Network 提供程序的专用终结点资源的连接状态 |
Microsoft.KeyVault/vaults/privateLinkResources/read | 获取密钥保管库的指定实例的可用专用链接资源 |
Microsoft.KeyVault/vaults/read | 查看密钥保管库的属性 |
Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionsApproval/action | 批准或拒绝到 Microsoft.Network 提供程序的专用终结点资源的连接 |
Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read | 查看到 Microsoft.Network 提供程序的专用终结点资源的连接状态 |
Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write | 更改到 Microsoft.Network 提供程序的专用终结点资源的连接状态 |
Microsoft.MachineLearningServices/workspaces/privateLinkResources/read | 获取机器学习服务工作区的指定实例的可用专用链接资源 |
Microsoft.MachineLearningServices/workspaces/read | 获取机器学习服务工作区 |
Microsoft.Storage/storageAccounts/privateEndpointConnections/read | 获取专用终结点连接 |
Microsoft.Storage/storageAccounts/privateEndpointConnections/write | 放置专用终结点连接 |
Microsoft.Storage/storageAccounts/privateLinkResources/read | 获取 StorageAccount groupids |
Microsoft.Storage/storageAccounts/read | 返回存储帐户的列表,或获取指定存储帐户的属性。 |
Microsoft.Sql/servers/privateEndpointConnectionsApproval/action | 确定是否允许用户批准专用终结点连接 |
Microsoft.Sql/servers/privateEndpointConnections/read | 返回专用终结点连接列表,或获取指定专用终结点连接的属性。 |
Microsoft.Sql/servers/privateEndpointConnections/write | 批准或拒绝现有的专用终结点连接 |
Microsoft.Sql/servers/privateLinkResources/read | 获取相应 SQL Server 的专用链接资源 |
Microsoft.Sql/servers/read | 返回服务器列表,或获取指定服务器的属性。 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Can approve private endpoint connections to Azure AI common dependency resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b556d68e-0be0-4f35-a333-ad7ee1ce17ea",
"name": "b556d68e-0be0-4f35-a333-ad7ee1ce17ea",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/privateEndpointConnectionsApproval/action",
"Microsoft.ContainerRegistry/registries/privateEndpointConnections/read",
"Microsoft.ContainerRegistry/registries/privateEndpointConnections/write",
"Microsoft.Cache/redis/read",
"Microsoft.Cache/redis/privateEndpointConnections/read",
"Microsoft.Cache/redis/privateEndpointConnections/write",
"Microsoft.Cache/redis/privateLinkResources/read",
"Microsoft.Cache/redis/privateEndpointConnectionsApproval/action",
"Microsoft.Cache/redisEnterprise/read",
"Microsoft.Cache/redisEnterprise/privateEndpointConnections/read",
"Microsoft.Cache/redisEnterprise/privateEndpointConnections/write",
"Microsoft.Cache/redisEnterprise/privateLinkResources/read",
"Microsoft.Cache/redisEnterprise/privateEndpointConnectionsApproval/action",
"Microsoft.CognitiveServices/accounts/read",
"Microsoft.CognitiveServices/accounts/privateEndpointConnections/read",
"Microsoft.CognitiveServices/accounts/privateEndpointConnections/write",
"Microsoft.CognitiveServices/accounts/privateLinkResources/read",
"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnectionsApproval/action",
"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read",
"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/write",
"Microsoft.DocumentDB/databaseAccounts/privateLinkResources/read",
"Microsoft.DocumentDB/databaseAccounts/read",
"Microsoft.KeyVault/vaults/privateEndpointConnectionsApproval/action",
"Microsoft.KeyVault/vaults/privateEndpointConnections/read",
"Microsoft.KeyVault/vaults/privateEndpointConnections/write",
"Microsoft.KeyVault/vaults/privateLinkResources/read",
"Microsoft.KeyVault/vaults/read",
"Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionsApproval/action",
"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read",
"Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write",
"Microsoft.MachineLearningServices/workspaces/privateLinkResources/read",
"Microsoft.MachineLearningServices/workspaces/read",
"Microsoft.Storage/storageAccounts/privateEndpointConnections/read",
"Microsoft.Storage/storageAccounts/privateEndpointConnections/write",
"Microsoft.Storage/storageAccounts/privateLinkResources/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Sql/servers/privateEndpointConnectionsApproval/action",
"Microsoft.Sql/servers/privateEndpointConnections/read",
"Microsoft.Sql/servers/privateEndpointConnections/write",
"Microsoft.Sql/servers/privateLinkResources/read",
"Microsoft.Sql/servers/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure AI Enterprise Network Connection Approver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure AI 推理部署操作员
可以执行在资源组中创建资源部署所需的所有操作。
操作 | 说明 |
---|---|
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Insights/AutoscaleSettings/write | 创建或更新自动缩放设置 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Can perform all actions required to create a resource deployment within a resource group.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3afb7f49-54cb-416e-8c09-6dc049efa503",
"name": "3afb7f49-54cb-416e-8c09-6dc049efa503",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/AutoscaleSettings/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure AI Inference Deployment Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AzureML 计算操作员
可以在机器学习服务托管计算资源(包括笔记本 VM)上访问和执行 CRUD 操作。
操作 | 说明 |
---|---|
Microsoft.MachineLearningServices/workspaces/computes/* | |
Microsoft.MachineLearningServices/workspaces/notebooks/vm/* | |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Can access and perform CRUD operations on Machine Learning Services managed compute resources (including Notebook VMs).",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e503ece1-11d0-4e8e-8e2c-7a6c3bf38815",
"name": "e503ece1-11d0-4e8e-8e2c-7a6c3bf38815",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/workspaces/computes/*",
"Microsoft.MachineLearningServices/workspaces/notebooks/vm/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AzureML Compute Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AzureML 数据科学家
可以在 Azure 机器学习工作区中执行所有操作,但创建或删除计算资源及修改工作区本身除外。
操作 | 说明 |
---|---|
Microsoft.MachineLearningServices/workspaces/*/read | |
Microsoft.MachineLearningServices/workspaces/*/action | |
Microsoft.MachineLearningServices/workspaces/*/delete | |
Microsoft.MachineLearningServices/workspaces/*/write | |
不操作 | |
Microsoft.MachineLearningServices/workspaces/delete | 删除机器学习服务工作区 |
Microsoft.MachineLearningServices/workspaces/write | 创建或更新机器学习服务工作区 |
Microsoft.MachineLearningServices/workspaces/computes/*/write | |
Microsoft.MachineLearningServices/workspaces/computes/*/delete | |
Microsoft.MachineLearningServices/workspaces/computes/listKeys/action | 列出机器学习服务工作区中的计算资源的机密 |
Microsoft.MachineLearningServices/workspaces/listKeys/action | 列出机器学习服务工作区的机密 |
Microsoft.MachineLearningServices/workspaces/hubs/write | 创建或更新机器学习服务中心工作区 |
Microsoft.MachineLearningServices/workspaces/hubs/delete | 删除机器学习服务中心工作区 |
Microsoft.MachineLearningServices/workspaces/featurestores/write | 创建或更新机器学习服务特征存储 |
Microsoft.MachineLearningServices/workspaces/featurestores/delete | 删除机器学习服务特征存储 |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f6c7c914-8db3-469d-8ca1-694a8f32e121",
"name": "f6c7c914-8db3-469d-8ca1-694a8f32e121",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/workspaces/*/read",
"Microsoft.MachineLearningServices/workspaces/*/action",
"Microsoft.MachineLearningServices/workspaces/*/delete",
"Microsoft.MachineLearningServices/workspaces/*/write"
],
"notActions": [
"Microsoft.MachineLearningServices/workspaces/delete",
"Microsoft.MachineLearningServices/workspaces/write",
"Microsoft.MachineLearningServices/workspaces/computes/*/write",
"Microsoft.MachineLearningServices/workspaces/computes/*/delete",
"Microsoft.MachineLearningServices/workspaces/computes/listKeys/action",
"Microsoft.MachineLearningServices/workspaces/listKeys/action",
"Microsoft.MachineLearningServices/workspaces/hubs/write",
"Microsoft.MachineLearningServices/workspaces/hubs/delete",
"Microsoft.MachineLearningServices/workspaces/featurestores/write",
"Microsoft.MachineLearningServices/workspaces/featurestores/delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AzureML Data Scientist",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AzureML 指标编写器(预览版)
允许您将指标写入 AzureML 工作区
操作 | 说明 |
---|---|
Microsoft.MachineLearningServices/workspaces/metrics/*/write | |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you write metrics to AzureML workspace",
"id": "/providers/Microsoft.Authorization/roleDefinitions/635dd51f-9968-44d3-b7fb-6d9a6bd613ae",
"name": "635dd51f-9968-44d3-b7fb-6d9a6bd613ae",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/workspaces/metrics/*/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AzureML Metrics Writer (preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AzureML 注册表用户
可以对机器学习服务注册表资产执行所有操作并取得注册表资源。
操作 | 说明 |
---|---|
Microsoft.MachineLearningServices/registries/read | 获取机器学习服务注册表 |
Microsoft.MachineLearningServices/registries/assets/* | |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Can perform all actions on Machine Learning Services Registry assets as well as get Registry resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1823dd4f-9b8c-4ab6-ab4e-7397a3684615",
"name": "1823dd4f-9b8c-4ab6-ab4e-7397a3684615",
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/registries/read",
"Microsoft.MachineLearningServices/registries/assets/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AzureML Registry User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务参与者
允许创建、读取、更新、删除和管理认知服务的密钥。
操作 | 说明 |
---|---|
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.CognitiveServices/* | |
Microsoft.Features/features/read | 获取订阅的功能。 |
Microsoft.Features/providers/features/read | 获取给定资源提供程序中某个订阅的功能。 |
Microsoft.Features/providers/features/register/action | 在给定的资源提供程序中注册某个订阅的功能。 |
Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
Microsoft.Insights/diagnosticSettings/* | 创建、更新或读取 Analysis Server 的诊断设置 |
Microsoft.Insights/logDefinitions/read | 读取日志定义 |
Microsoft.Insights/metricdefinitions/read | 读取指标定义 |
Microsoft.Insights/metrics/read | 添加指标 |
Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/deployments/operations/read | 获取或列出部署操作。 |
Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
Microsoft.Resources/subscriptions/read | 获取订阅的列表。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.Support/* | 创建和更新支持票证 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.CognitiveServices/*",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Features/providers/features/register/action",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cognitive Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉参与者
对项目的完全访问权限,包括可以查看、创建、编辑或删除项目。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/* | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Full access to the project, including the ability to view, create, edit, or delete projects.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
"name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Custom Vision Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉部署
发布、取消发布或导出模型。 部署可以查看项目,但不能更新项目。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/*/read | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/* | |
Microsoft.CognitiveServices/accounts/CustomVision/classify/* | |
Microsoft.CognitiveServices/accounts/CustomVision/detect/* | |
NotDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 导出项目。 |
{
"assignableScopes": [
"/"
],
"description": "Publish, unpublish or export models. Deployment can view the project but can't update.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f",
"name": "5c4089e1-6d96-4d2f-b296-c1bc7137275f",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*",
"Microsoft.CognitiveServices/accounts/CustomVision/classify/*",
"Microsoft.CognitiveServices/accounts/CustomVision/detect/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Deployment",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉标记者
查看、编辑训练图像,创建、添加、移除或删除图像标记。 标记者可以查看项目,但不能更新除训练图像和标记以外的任何内容。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/*/read | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action | 获取已发送到预测终结点的图像。 |
Microsoft.CognitiveServices/accounts/CustomVision/projects/images/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action | 此 API 获取未标记图像数组/批的建议标记和区域,以及标记的置信度。 如果未找到标记,则返回空数组。 |
NotDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 导出项目。 |
{
"assignableScopes": [
"/"
],
"description": "View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c",
"name": "88424f51-ebe7-446f-bc41-7fa16989e96c",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Labeler",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉读取者
只读项目中的操作。 读取者不能创建或更新项目。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/*/read | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action | 获取已发送到预测终结点的图像。 |
NotDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 导出项目。 |
{
"assignableScopes": [
"/"
],
"description": "Read-only actions in the project. Readers can't create or update the project.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/93586559-c37d-4a6b-ba08-b9f0940c2d73",
"name": "93586559-c37d-4a6b-ba08-b9f0940c2d73",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*/read",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务自定义视觉训练者
查看、编辑项目和训练模型,包括可以发布、取消发布、导出模型。 训练者不能创建或删除项目。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/* | |
NotDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/action | 创建项目。 |
Microsoft.CognitiveServices/accounts/CustomVision/projects/delete | 删除特定的项目。 |
Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action | 导入项目。 |
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | 导出项目。 |
{
"assignableScopes": [
"/"
],
"description": "View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can't create or delete the project.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
"name": "0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/projects/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/delete",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action",
"Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
]
}
],
"roleName": "Cognitive Services Custom Vision Trainer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务数据读者
允许读取认知服务数据。
操作 | 说明 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/*/read | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you read Cognitive Services data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
"name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务人脸识别者
让你可以在人脸 API 上执行“检测”、“验证”、“识别”、“分组”和“查找相似”等操作。 此角色不允许创建或删除操作,因此非常适合只需要对功能进行推理、遵循“最小特权”最佳做法的终结点。
操作 | 说明 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/Face/detect/action | 检测图像中的人脸,返回人脸矩形以及可选的 faceId、地标和属性。 |
Microsoft.CognitiveServices/accounts/Face/verify/action | 验证两张人脸是否属于同一个人,或者一张人脸是否属于某一个人。 |
Microsoft.CognitiveServices/accounts/Face/identify/action | 一对多的识别,用于在人员组或大型人员组中查找与特定查询人脸最接近的匹配项。 |
Microsoft.CognitiveServices/accounts/Face/group/action | 根据人脸相似性将候选人脸划分为组。 |
Microsoft.CognitiveServices/accounts/Face/findsimilars/action | 给定查询人脸的 faceId,用于在 faceId 数组、人脸列表或大型人脸列表中搜索类似的人脸。 faceId |
Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action | 在一个红外、颜色和/或深度的图像序列中对目标人脸执行活动检测,并将目标人脸的活动分类返回为“真实人脸”、“假冒人脸”或“不确定”(如果无法使用给定输入进行分类)。 |
Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action | 在相同模态(例如颜色或红外)的图像序列中对目标人脸执行活动检测,并将目标人脸的活动分类返回为“真实人脸”、“假冒人脸”或“不确定”(如果无法使用给定输入进行分类)。 |
Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action | 在一系列相同流类型(如颜色)的图像中检测目标人脸的活动,然后与 VerifyImage 进行比较以返回标识方案的置信度得分。 |
Microsoft.CognitiveServices/accounts/Face/*/sessions/action | |
Microsoft.CognitiveServices/accounts/Face/*/sessions/delete | |
Microsoft.CognitiveServices/accounts/Face/*/sessions/read | |
Microsoft.CognitiveServices/accounts/Face/*/sessions/audit/read | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/9894cab4-e18a-44aa-828b-cb588cd6f2d7",
"name": "9894cab4-e18a-44aa-828b-cb588cd6f2d7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/Face/detect/action",
"Microsoft.CognitiveServices/accounts/Face/verify/action",
"Microsoft.CognitiveServices/accounts/Face/identify/action",
"Microsoft.CognitiveServices/accounts/Face/group/action",
"Microsoft.CognitiveServices/accounts/Face/findsimilars/action",
"Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action",
"Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action",
"Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/action",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/delete",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/read",
"Microsoft.CognitiveServices/accounts/Face/*/sessions/audit/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Face Recognizer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务沉浸式阅读器用户
提供建立沉浸式阅读器会话和呼叫 API 的存取权限
操作 | 说明 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/ImmersiveReader/getcontentmodelforreader/action | 创建沉浸式阅读器会话 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Provides access to create Immersive Reader sessions and call APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b2de6794-95db-4659-8781-7e080d3f2b9d",
"name": "b2de6794-95db-4659-8781-7e080d3f2b9d",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/ImmersiveReader/getcontentmodelforreader/action"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Immersive Reader User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务语言所有者
可以存取语言入口网站下的所有读取、测试、写入、部署和删除功能
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.CognitiveServices/accounts/listkeys/action | 列出密钥 |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/LanguageAuthoring/* | |
Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/* | |
Microsoft.CognitiveServices/accounts/Language/* | |
Microsoft.CognitiveServices/accounts/TextAnalytics/* | |
NotDataActions | |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/* |
{
"assignableScopes": [
"/"
],
"description": "Has access to all Read, Test, Write, Deploy and Delete functions under Language portal",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f07febfe-79bc-46b1-8b37-790e26e6e498",
"name": "f07febfe-79bc-46b1-8b37-790e26e6e498",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/listkeys/action",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/LanguageAuthoring/*",
"Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*",
"Microsoft.CognitiveServices/accounts/Language/*",
"Microsoft.CognitiveServices/accounts/TextAnalytics/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*"
]
}
],
"roleName": "Cognitive Services Language Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务语言读取者
可以存取语言入口网站下的读取和测试功能
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/LanguageAuthoring/*/read | |
Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*/read | |
Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/export/action | 触发作业以采用 JSON 格式导出项目数据。 |
Microsoft.CognitiveServices/accounts/Language/*/read | |
Microsoft.CognitiveServices/accounts/Language/*/projects/export/action | |
Microsoft.CognitiveServices/accounts/Language/query-text/action | 答案文本。 |
Microsoft.CognitiveServices/accounts/Language/query-dataverse/action | 查询 Dataverse。 |
Microsoft.CognitiveServices/accounts/Language/analyze-text/jobs/action | 提交用于分析的文本文档的集合。 指定一个或多个要执行的唯一任务。 |
Microsoft.CognitiveServices/accounts/Language/analyze-text/action | 提交用于分析的文本文档的集合。 指定要立即执行的单个唯一任务。 |
Microsoft.CognitiveServices/accounts/Language/analyze-text/jobscancel/action | 取消长时间运行的文本分析作业。 |
Microsoft.CognitiveServices/accounts/Language/analyze-conversations/action | 分析输入对话。 |
Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobscancel/action | 取消对话中长时间运行的分析作业。 |
Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobs/action | 提交长时间对话进行分析。 指定要作为长时间运行的操作执行的一个或多个唯一任务。 |
Microsoft.CognitiveServices/accounts/Language/query-knowledgebases/action | 答案知识库。 |
Microsoft.CognitiveServices/accounts/Language/generate/action | 语言生成。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/* | |
NotDataActions | |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/* |
{
"assignableScopes": [
"/"
],
"description": "Has access to Read and Test functions under Language portal",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7628b7b8-a8b2-4cdc-b46f-e9b35248918e",
"name": "7628b7b8-a8b2-4cdc-b46f-e9b35248918e",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/LanguageAuthoring/*/read",
"Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*/read",
"Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/export/action",
"Microsoft.CognitiveServices/accounts/Language/*/read",
"Microsoft.CognitiveServices/accounts/Language/*/projects/export/action",
"Microsoft.CognitiveServices/accounts/Language/query-text/action",
"Microsoft.CognitiveServices/accounts/Language/query-dataverse/action",
"Microsoft.CognitiveServices/accounts/Language/analyze-text/jobs/action",
"Microsoft.CognitiveServices/accounts/Language/analyze-text/action",
"Microsoft.CognitiveServices/accounts/Language/analyze-text/jobscancel/action",
"Microsoft.CognitiveServices/accounts/Language/analyze-conversations/action",
"Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobscancel/action",
"Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobs/action",
"Microsoft.CognitiveServices/accounts/Language/query-knowledgebases/action",
"Microsoft.CognitiveServices/accounts/Language/generate/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*"
]
}
],
"roleName": "Cognitive Services Language Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务语言写入者
可以存取语言入口网站下的所有读取、测试和写入功能
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/LanguageAuthoring/* | |
Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/* | |
Microsoft.CognitiveServices/accounts/Language/* | |
Microsoft.CognitiveServices/accounts/TextAnalytics/* | |
NotDataActions | |
Microsoft.CognitiveServices/accounts/LanguageAuthoring/projects/publish/action | 触发发布作业。 |
Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/deployments/write | 触发作业以创建新部署或替换现有部署。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/* | |
Microsoft.CognitiveServices/accounts/Language/*/projects/delete | |
Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/write | |
Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/delete | |
Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/swap/action |
{
"assignableScopes": [
"/"
],
"description": " Has access to all Read, Test, and Write functions under Language Portal",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f2310ca1-dc64-4889-bb49-c8e0fa3d47a8",
"name": "f2310ca1-dc64-4889-bb49-c8e0fa3d47a8",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/LanguageAuthoring/*",
"Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*",
"Microsoft.CognitiveServices/accounts/Language/*",
"Microsoft.CognitiveServices/accounts/TextAnalytics/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/LanguageAuthoring/projects/publish/action",
"Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/deployments/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*",
"Microsoft.CognitiveServices/accounts/Language/*/projects/delete",
"Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/write",
"Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/delete",
"Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/swap/action"
]
}
],
"roleName": "Cognitive Services Language Writer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 LUIS 所有者
有权存取 LUIS 下的所有读取、测试、写入、部署和删除功能
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.CognitiveServices/accounts/listkeys/action | 列出密钥 |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/LUIS/* | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": " Has access to all Read, Test, Write, Deploy and Delete functions under LUIS",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f72c8140-2111-481c-87ff-72b910f6e3f8",
"name": "f72c8140-2111-481c-87ff-72b910f6e3f8",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/listkeys/action",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/LUIS/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services LUIS Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 LUIS 读者
可以存取 LUIS 下的读取和测试功能。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/LUIS/*/read | |
Microsoft.CognitiveServices/accounts/LUIS/apps/testdatasets/write | 更新给定应用程序的现有批处理测试数据集的上次测试结果。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Has access to Read and Test functions under LUIS.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/18e81cdc-4e98-4e29-a639-e7d10c5a6226",
"name": "18e81cdc-4e98-4e29-a639-e7d10c5a6226",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/LUIS/*/read",
"Microsoft.CognitiveServices/accounts/LUIS/apps/testdatasets/write"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services LUIS Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 LUIS 写入者
可以存取 LUIS 下的所有读取、测试和写入功能
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/LUIS/* | |
NotDataActions | |
Microsoft.CognitiveServices/accounts/LUIS/apps/delete | 删除应用程序。 |
Microsoft.CognitiveServices/accounts/LUIS/apps/move/action | 将应用移到其他 LUIS 创作 Azure 资源。 |
Microsoft.CognitiveServices/accounts/LUIS/apps/publish/action | 发布应用程序的特定版本。 |
Microsoft.CognitiveServices/accounts/LUIS/apps/settings/write | 更新应用程序设置 |
Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/action | 为应用程序分配一个 Azure 帐户。 |
Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/delete | 使用用户的 Azure 资源管理器令牌获取该用户的 LUIS Azure 帐户。 |
{
"assignableScopes": [
"/"
],
"description": "Has access to all Read, Test, and Write functions under LUIS",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6322a993-d5c9-4bed-b113-e49bbea25b27",
"name": "6322a993-d5c9-4bed-b113-e49bbea25b27",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/LUIS/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/LUIS/apps/delete",
"Microsoft.CognitiveServices/accounts/LUIS/apps/move/action",
"Microsoft.CognitiveServices/accounts/LUIS/apps/publish/action",
"Microsoft.CognitiveServices/accounts/LUIS/apps/settings/write",
"Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/action",
"Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/delete"
]
}
],
"roleName": "Cognitive Services LUIS Writer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务指标顾问管理员
拥有对项目的完全访问权限,包括系统级配置。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/MetricsAdvisor/* | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Full access to the project, including the system level configuration.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cb43c632-a144-4ec5-977c-e80c4affc34a",
"name": "cb43c632-a144-4ec5-977c-e80c4affc34a",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/MetricsAdvisor/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Metrics Advisor Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务指标顾问用户
访问该项目。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/MetricsAdvisor/* | |
NotDataActions | |
Microsoft.CognitiveServices/accounts/MetricsAdvisor/stats/* |
{
"assignableScopes": [
"/"
],
"description": "Access to the project.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3b20f47b-3825-43cb-8114-4bd2201156a8",
"name": "3b20f47b-3825-43cb-8114-4bd2201156a8",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/MetricsAdvisor/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/MetricsAdvisor/stats/*"
]
}
],
"roleName": "Cognitive Services Metrics Advisor User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 OpenAI 参与者
完全访问权限,包括微调、部署和生成文本的功能
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.CognitiveServices/accounts/deployments/write | 写入部署。 |
Microsoft.CognitiveServices/accounts/deployments/delete | 删除部署。 |
Microsoft.CognitiveServices/accounts/raiPolicies/read | 获取帐户下的所有适用策略,包括默认策略。 |
Microsoft.CognitiveServices/accounts/raiPolicies/write | 创建或更新自定义负责任 AI 策略。 |
Microsoft.CognitiveServices/accounts/raiPolicies/delete | 删除现有部署未引用的自定义负责任 AI 策略。 |
Microsoft.CognitiveServices/accounts/commitmentplans/read | 读取承诺计划。 |
Microsoft.CognitiveServices/accounts/commitmentplans/write | 写入承诺计划。 |
Microsoft.CognitiveServices/accounts/commitmentplans/delete | 删除承诺计划。 |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/OpenAI/* | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Full access including the ability to fine-tune, deploy and generate text",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a001fd3d-188f-4b5d-821b-7da978bf7442",
"name": "a001fd3d-188f-4b5d-821b-7da978bf7442",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/deployments/write",
"Microsoft.CognitiveServices/accounts/deployments/delete",
"Microsoft.CognitiveServices/accounts/raiPolicies/read",
"Microsoft.CognitiveServices/accounts/raiPolicies/write",
"Microsoft.CognitiveServices/accounts/raiPolicies/delete",
"Microsoft.CognitiveServices/accounts/commitmentplans/read",
"Microsoft.CognitiveServices/accounts/commitmentplans/write",
"Microsoft.CognitiveServices/accounts/commitmentplans/delete",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services OpenAI Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 OpenAI 用户
查看文件、模型、部署的读取访问权限。 创建完成操作和嵌入调用的功能。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/OpenAI/*/read | |
Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action | 从所选模型创建完成 |
Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action | 使用当前引擎搜索最相关的文档。 |
Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action | (仅适用于浏览器。)通过 GET 请求从模型流式传输生成的文本。 之所以提供此方法,是因为浏览器原生 EventSource 方法只能发送 GET 请求。 它支持比 POST 变体更有限的一组配置选项。 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/audio/action | 返回给定音频文件的脚本或翻译。 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action | 使用当前引擎搜索最相关的文档。 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action | 从所选模型创建完成操作。 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action | 为聊天消息创建完成操作 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/realtime/action | 创建与部署的实时连接。 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action | 使用扩展为聊天消息创建完成操作 |
Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action | 返回给定提示的嵌入。 |
Microsoft.CognitiveServices/accounts/OpenAI/images/generations/action | 创建映像代系。 |
Microsoft.CognitiveServices/accounts/OpenAI/assistants/* | |
NotDataActions | |
Microsoft.CognitiveServices/accounts/OpenAI/stored-completions/read | 使用筛选器查询完成数据,或使用完成 ID 获取单个完成数据,或获取给定帐户的流量元数据 |
{
"assignableScopes": [
"/"
],
"description": "Ability to view files, models, deployments. Readers can't make any changes They can inference and create images",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5e0bd9bd-7b93-4f28-af87-19fc36ad61bd",
"name": "5e0bd9bd-7b93-4f28-af87-19fc36ad61bd",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*/read",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/audio/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/realtime/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action",
"Microsoft.CognitiveServices/accounts/OpenAI/images/generations/action",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/stored-completions/read"
]
}
],
"roleName": "Cognitive Services OpenAI User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 QnA Maker 编辑者
允许你创建、编辑、导入和导出知识库。 但不能发布或删除知识库。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read | 下载知识库。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write | 用于创建新知识库的异步操作。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write | 用于修改知识库或替换知识库内容的异步操作。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action | 用于将建议添加到知识库的 Train 调用。 |
Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read | 从运行时下载更改。 |
Microsoft.CognitiveServices/accounts/QnAMaker/alterations/write | 替换更改数据。 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read | 获取终结点的终结点密钥 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action | 重新生成终结点密钥。 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read | 获取终结点的终结点设置 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write | 更新终结点的终结点设置。 |
Microsoft.CognitiveServices/accounts/QnAMaker/operations/read | 获取特定的长时间运行的操作的详细信息。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read | 下载知识库。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write | 用于创建新知识库的异步操作。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write | 用于修改知识库或替换知识库内容的异步操作。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action | 用于将建议添加到知识库的 Train 调用。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read | 从运行时下载更改。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/write | 替换更改数据。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read | 获取终结点的终结点密钥 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action | 重新生成终结点密钥。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read | 获取终结点的终结点设置 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write | 更新终结点的终结点设置。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read | 获取特定的长时间运行的操作的详细信息。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read | 下载知识库。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write | 用于创建新知识库的异步操作。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write | 用于修改知识库或替换知识库内容的异步操作。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action | 用于将建议添加到知识库的 Train 调用。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read | 从运行时下载更改。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/write | 替换更改数据。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read | 获取终结点的终结点密钥 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action | 重新生成终结点密钥。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read | 获取终结点的终结点设置 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write | 更新终结点的终结点设置。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read | 获取特定的长时间运行的操作的详细信息。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Let's you create, edit, import and export a KB. You cannot publish or delete a KB.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f4cc2bf9-21be-47a1-bdf1-5c5804381025",
"name": "f4cc2bf9-21be-47a1-bdf1-5c5804381025",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/QnAMaker/operations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services QnA Maker Editor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务 QnA Maker 读取者
只能读取和测试知识库。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read | 下载知识库。 |
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read | 从运行时下载更改。 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read | 获取终结点的终结点密钥 |
Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read | 获取终结点的终结点设置 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read | 下载知识库。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read | 从运行时下载更改。 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read | 获取终结点的终结点密钥 |
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read | 获取终结点的终结点设置 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read | 获取知识库列表或特定知识库的详细信息。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read | 下载知识库。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action | 用于查询知识库的 GenerateAnswer 调用。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read | 从运行时下载更改。 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read | 获取终结点的终结点密钥 |
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read | 获取终结点的终结点设置 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Let's you read and test a KB only.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/466ccd10-b268-4a11-b098-b4849f024126",
"name": "466ccd10-b268-4a11-b098-b4849f024126",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
"Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services QnA Maker Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务语音参与者
完全存取语音项目,包括读取、写入和删除所有实体,用于即时语音认可和批量转录任务、即时语音合成和长音讯任务、自订语音和自订语音。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/SpeechServices/* | |
Microsoft.CognitiveServices/accounts/CustomVoice/* | |
Microsoft.CognitiveServices/accounts/AudioContentCreation/* | |
Microsoft.CognitiveServices/accounts/VideoTranslation/* | |
Microsoft.CognitiveServices/accounts/CustomAvatar/* | |
Microsoft.CognitiveServices/accounts/BatchAvatar/* | |
Microsoft.CognitiveServices/accounts/BatchTextToSpeech/* | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0e75ca1e-0464-4b4d-8b93-68208a576181",
"name": "0e75ca1e-0464-4b4d-8b93-68208a576181",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/SpeechServices/*",
"Microsoft.CognitiveServices/accounts/CustomVoice/*",
"Microsoft.CognitiveServices/accounts/AudioContentCreation/*",
"Microsoft.CognitiveServices/accounts/VideoTranslation/*",
"Microsoft.CognitiveServices/accounts/CustomAvatar/*",
"Microsoft.CognitiveServices/accounts/BatchAvatar/*",
"Microsoft.CognitiveServices/accounts/BatchTextToSpeech/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Speech Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务语音用户
存取即时语音认可和批次转录API、即时语音合成和长音讯API,以及读取自订模型的资料/测试/模型/端点,但无法建立、删除或修改自订模型的资料/测试/模型/端点。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.Authorization/roleAssignments/read | 获取有关角色分配的信息。 |
Microsoft.Authorization/roleDefinitions/read | 获取有关角色定义的信息。 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/accounts/SpeechServices/*/read | |
Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/read | |
Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/write | |
Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/delete | |
Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/action | |
Microsoft.CognitiveServices/accounts/SpeechServices/*/frontend/action | |
Microsoft.CognitiveServices/accounts/SpeechServices/text-dependent/*/action | |
Microsoft.CognitiveServices/accounts/SpeechServices/text-independent/*/action | |
Microsoft.CognitiveServices/accounts/CustomVoice/*/read | |
Microsoft.CognitiveServices/accounts/CustomVoice/evaluations/* | |
Microsoft.CognitiveServicesaccounts/CustomVoice/longaudiosynthesis/* | |
Microsoft.CognitiveServices/accounts/AudioContentCreation/* | |
Microsoft.CognitiveServices/accounts/VideoTranslation/* | |
Microsoft.CognitiveServices/accounts/CustomAvatar/*/read | |
Microsoft.CognitiveServices/accounts/BatchAvatar/* | |
Microsoft.CognitiveServices/accounts/BatchTextToSpeech/* | |
NotDataActions | |
Microsoft.CognitiveServices/accounts/CustomVoice/datasets/files/read | 获取由指定的 ID 标识的数据集的列表。 |
Microsoft.CognitiveServices/accounts/CustomVoice/datasets/utterances/read | 获取指定训练集的言语。 |
{
"assignableScopes": [
"/"
],
"description": "Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f2dc8367-1007-4938-bd23-fe263f013447",
"name": "f2dc8367-1007-4938-bd23-fe263f013447",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/SpeechServices/*/read",
"Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/read",
"Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/write",
"Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/delete",
"Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/action",
"Microsoft.CognitiveServices/accounts/SpeechServices/*/frontend/action",
"Microsoft.CognitiveServices/accounts/SpeechServices/text-dependent/*/action",
"Microsoft.CognitiveServices/accounts/SpeechServices/text-independent/*/action",
"Microsoft.CognitiveServices/accounts/CustomVoice/*/read",
"Microsoft.CognitiveServices/accounts/CustomVoice/evaluations/*",
"Microsoft.CognitiveServices/accounts/CustomVoice/longaudiosynthesis/*",
"Microsoft.CognitiveServices/accounts/AudioContentCreation/*",
"Microsoft.CognitiveServices/accounts/VideoTranslation/*",
"Microsoft.CognitiveServices/accounts/CustomAvatar/*/read",
"Microsoft.CognitiveServices/accounts/BatchAvatar/*",
"Microsoft.CognitiveServices/accounts/BatchTextToSpeech/*"
],
"notDataActions": [
"Microsoft.CognitiveServices/accounts/CustomVoice/datasets/files/read",
"Microsoft.CognitiveServices/accounts/CustomVoice/datasets/utterances/read"
]
}
],
"roleName": "Cognitive Services Speech User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务使用情况读取者
查看认知服务使用情况的最小权限。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/locations/usages/read | 读取所有使用情况数据 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Minimal permission to view Cognitive Services usages.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/bba48692-92b0-4667-a9ad-c31c7b334ac2",
"name": "bba48692-92b0-4667-a9ad-c31c7b334ac2",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/locations/usages/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cognitive Services Usages Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
认知服务用户
允许读取和列出认知服务的密钥。
操作 | 说明 |
---|---|
Microsoft.CognitiveServices/*/read | |
Microsoft.CognitiveServices/accounts/listkeys/action | 列出密钥 |
Microsoft.Insights/alertRules/read | 读取经典指标警报 |
Microsoft.Insights/diagnosticSettings/read | 读取资源诊断设置 |
Microsoft.Insights/logDefinitions/read | 读取日志定义 |
Microsoft.Insights/metricdefinitions/read | 读取指标定义 |
Microsoft.Insights/metrics/read | 添加指标 |
Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
Microsoft.Resources/deployments/operations/read | 获取或列出部署操作。 |
Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
Microsoft.Resources/subscriptions/read | 获取订阅的列表。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.Support/* | 创建和更新支持票证 |
不操作 | |
无 | |
DataActions | |
Microsoft.CognitiveServices/* | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and list keys of Cognitive Services.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
"name": "a97b65f3-24c7-4388-baec-2e87135dc908",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/listkeys/action",
"Microsoft.Insights/alertRules/read",
"Microsoft.Insights/diagnosticSettings/read",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Health Bot 管理员
具有管理员存取权限的使用者可以登入、检视和编辑所有机器人资源、场景和配置设置,包括机器人实例金钥&金钥。
操作 | 说明 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.HealthBot/healthBots/Admin/Action | 登录到管理门户,查看和编辑所有机器人资源、方案、配置设置、实例密钥和机密。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Users with admin access can sign in, view and edit all of the bot resources, scenarios and configuration setting including the bot instance keys & secrets.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f1082fec-a70f-419f-9230-885d2550fb38",
"name": "f1082fec-a70f-419f-9230-885d2550fb38",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthBot/healthBots/Admin/Action"
],
"notDataActions": []
}
],
"roleName": "Health Bot Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Health Bot 编辑器
具有编辑存取权限的使用者可以登入、查看和编辑所有机器人资源、场景和配置设置,机器人实例密钥&密钥和最终用户输入(包括反馈、无法识别的话语和对话日志)除外。 对机器人技能和频道的唯读存取权限。
操作 | 说明 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.HealthBot/healthBots/Editor/Action | 登录到管理门户,查看和编辑除机器人实例密钥和机密和最终用户输入之外的所有机器人资源、方案和配置设置。 对机器人技能和通道的只读访问权限。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Users with editor access can sign in, view and edit all the bot resources, scenarios and configuration setting except for the bot instance keys & secrets and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). A read-only access to the bot skills and channels.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/af854a69-80ce-4ff7-8447-f1118a2e0ca8",
"name": "af854a69-80ce-4ff7-8447-f1118a2e0ca8",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthBot/healthBots/Editor/Action"
],
"notDataActions": []
}
],
"roleName": "Health Bot Editor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Health Bot 阅读器
具有读者存取权限的使用者可以登录,对机器人资源、场景和配置设定具有唯读存取权限,机器人实例金钥&金钥(包括身份验证、数据连接和通道金钥)和最终用户输入(包括回馈、无法辨识的话语和对话日志)。
操作 | 说明 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.HealthBot/healthBots/Reader/Action | 使用对资源、方案和配置设置的只读访问权限登录到管理门户,但机器人实例密钥和机密和最终用户输入除外。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Users with reader access can sign in, have read-only access to the bot resources, scenarios and configuration setting except for the bot instance keys & secrets (including Authentication, Data Connection and Channels keys) and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs).",
"id": "/providers/Microsoft.Authorization/roleDefinitions/eb5a76d5-50e7-4c33-a449-070e7c9c4cf2",
"name": "eb5a76d5-50e7-4c33-a449-070e7c9c4cf2",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthBot/healthBots/Reader/Action"
],
"notDataActions": []
}
],
"roleName": "Health Bot Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
搜索索引数据参与者
授予对 Azure 认知搜索索引数据的完全访问权限。
操作 | 说明 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.Search/searchServices/indexes/documents/* | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to Azure Cognitive Search index data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7",
"name": "8ebe5a00-799e-43f5-93ac-243d3dce84a7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Search/searchServices/indexes/documents/*"
],
"notDataActions": []
}
],
"roleName": "Search Index Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
搜索索引数据读取者
授予对 Azure 认知搜索索引数据的读取访问权限。
操作 | 说明 |
---|---|
无 | |
不操作 | |
无 | |
DataActions | |
Microsoft.Search/searchServices/indexes/documents/read | 从索引中读取文档或建议的查询词。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Grants read access to Azure Cognitive Search index data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f",
"name": "1407120a-92aa-4202-b7e9-c0e197c71c8f",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Search/searchServices/indexes/documents/read"
],
"notDataActions": []
}
],
"roleName": "Search Index Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
搜索服务参与者
允许管理搜索服务,但不允许访问这些服务。
操作 | 说明 |
---|---|
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.Search/searchServices/* | 创建和管理搜索服务 |
Microsoft.Support/* | 创建和更新支持票证 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Search services, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Search/searchServices/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Search Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}