你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

Azure AI + 机器学习内置角色

本文列出了“AI + 机器学习”类别的 Azure 内置角色。

AgFood 平台感測器合作夥伴貢獻者

提供贡献访问权限以管理 AgFood 平台服务中的传感器相关实体

了解详细信息

操作 说明
不操作
DataActions
Microsoft.AgFoodPlatform/farmBeats/sensorPartnerScope/*
NotDataActions
Microsoft.AgFoodPlatform/farmBeats/sensorPartnerScope/sensors/delete 删除限制为调用方传感器合作伙伴范围的现有 AgFoodPlatform 传感器资源。
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides contribute access to manage sensor related entities in AgFood Platform Service",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/6b77f0a0-0d89-41cc-acd1-579c22c17a67",
  "name": "6b77f0a0-0d89-41cc-acd1-579c22c17a67",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AgFoodPlatform/farmBeats/sensorPartnerScope/*"
      ],
      "notDataActions": [
        "Microsoft.AgFoodPlatform/farmBeats/sensorPartnerScope/sensors/delete"
      ]
    }
  ],
  "roleName": "AgFood Platform Sensor Partner Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AgFood 平台服务管理员

提供 AgFood 平台服务的管理员访问权限

了解详细信息

操作 说明
不操作
DataActions
Microsoft.AgFoodPlatform/* 创建、更新、读取和删除任何 AgFood 平台资源。
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides admin access to AgFood Platform Service",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f8da80de-1ff9-4747-ad80-a19b7f6079e3",
  "name": "f8da80de-1ff9-4747-ad80-a19b7f6079e3",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AgFoodPlatform/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "AgFood Platform Service Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AgFood平台服务贡献者

提供对 AgFood 平台服务的贡献访问权限

了解详细信息

操作 说明
不操作
DataActions
Microsoft.AgFoodPlatform/*/action
Microsoft.AgFoodPlatform/*/read 读取任何 AgFood 平台资源。
Microsoft.AgFoodPlatform/*/write 创建和更新任何 AgFood 平台资源。
NotDataActions
Microsoft.AgFoodPlatform/farmBeats/farmers/write 创建或更新 AgFoodPlatform 农民。
Microsoft.AgFoodPlatform/farmBeats/deletionJobs/*/write
Microsoft.AgFoodPlatform/farmBeats/parties/write 创建或更新 AgFoodPlatform 参与方。
Microsoft.AgFoodPlatform/farmBeats/datasets/write 创建或更新 AgFoodPlatform 数据集。
Microsoft.AgFoodPlatform/farmBeats/datasetRecords/write 创建或更新 AgFoodPlatform 数据集记录。
Microsoft.AgFoodPlatform/farmBeats/datasets/access/*/action
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides contribute access to AgFood Platform Service",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/8508508a-4469-4e45-963b-2518ee0bb728",
  "name": "8508508a-4469-4e45-963b-2518ee0bb728",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AgFoodPlatform/*/action",
        "Microsoft.AgFoodPlatform/*/read",
        "Microsoft.AgFoodPlatform/*/write"
      ],
      "notDataActions": [
        "Microsoft.AgFoodPlatform/farmBeats/farmers/write",
        "Microsoft.AgFoodPlatform/farmBeats/deletionJobs/*/write",
        "Microsoft.AgFoodPlatform/farmBeats/parties/write",
        "Microsoft.AgFoodPlatform/farmBeats/datasets/write",
        "Microsoft.AgFoodPlatform/farmBeats/datasetRecords/write",
        "Microsoft.AgFoodPlatform/farmBeats/datasets/access/*/action"
      ]
    }
  ],
  "roleName": "AgFood Platform Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AgFood 平台服务读者

提供对 AgFood 平台服务的读取存取权限

了解详细信息

操作 说明
不操作
DataActions
Microsoft.AgFoodPlatform/*/list/action
Microsoft.AgFoodPlatform/*/read 读取任何 AgFood 平台资源。
Microsoft.AgFoodPlatform/*/search/action
Microsoft.AgFoodPlatform/*/download/action
Microsoft.AgFoodPlatform/*/overlap/action
Microsoft.AgFoodPlatform/*/checkConsent/action
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides read access to AgFood Platform Service",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/7ec7ccdc-f61e-41fe-9aaf-980df0a44eba",
  "name": "7ec7ccdc-f61e-41fe-9aaf-980df0a44eba",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AgFoodPlatform/*/list/action",
        "Microsoft.AgFoodPlatform/*/read",
        "Microsoft.AgFoodPlatform/*/search/action",
        "Microsoft.AgFoodPlatform/*/download/action",
        "Microsoft.AgFoodPlatform/*/overlap/action",
        "Microsoft.AgFoodPlatform/*/checkConsent/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "AgFood Platform Service Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure AI 开发人员

除了管理资源本身之外,还可以在 Azure AI 资源中执行所有操作。

了解详细信息

操作 说明
Microsoft.MachineLearningServices/workspaces/*/read
Microsoft.MachineLearningServices/workspaces/*/action
Microsoft.MachineLearningServices/workspaces/*/delete
Microsoft.MachineLearningServices/workspaces/*/write
Microsoft.MachineLearningServices/locations/*/read
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Resources/deployments/* 创建和管理部署
不操作
Microsoft.MachineLearningServices/workspaces/delete 删除机器学习服务工作区
Microsoft.MachineLearningServices/workspaces/write 创建或更新机器学习服务工作区
Microsoft.MachineLearningServices/workspaces/listKeys/action 列出机器学习服务工作区的机密
Microsoft.MachineLearningServices/workspaces/hubs/write 创建或更新机器学习服务中心工作区
Microsoft.MachineLearningServices/workspaces/hubs/delete 删除机器学习服务中心工作区
Microsoft.MachineLearningServices/workspaces/featurestores/write 创建或更新机器学习服务特征存储
Microsoft.MachineLearningServices/workspaces/featurestores/delete 删除机器学习服务特征存储
DataActions
Microsoft.CognitiveServices/accounts/OpenAI/*
Microsoft.CognitiveServices/accounts/SpeechServices/*
Microsoft.CognitiveServices/accounts/ContentSafety/*
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform all actions within an Azure AI resource besides managing the resource itself.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/64702f94-c441-49e6-a78b-ef80e0188fee",
  "name": "64702f94-c441-49e6-a78b-ef80e0188fee",
  "permissions": [
    {
      "actions": [
        "Microsoft.MachineLearningServices/workspaces/*/read",
        "Microsoft.MachineLearningServices/workspaces/*/action",
        "Microsoft.MachineLearningServices/workspaces/*/delete",
        "Microsoft.MachineLearningServices/workspaces/*/write",
        "Microsoft.MachineLearningServices/locations/*/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*"
      ],
      "notActions": [
        "Microsoft.MachineLearningServices/workspaces/delete",
        "Microsoft.MachineLearningServices/workspaces/write",
        "Microsoft.MachineLearningServices/workspaces/listKeys/action",
        "Microsoft.MachineLearningServices/workspaces/hubs/write",
        "Microsoft.MachineLearningServices/workspaces/hubs/delete",
        "Microsoft.MachineLearningServices/workspaces/featurestores/write",
        "Microsoft.MachineLearningServices/workspaces/featurestores/delete"
      ],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/OpenAI/*",
        "Microsoft.CognitiveServices/accounts/SpeechServices/*",
        "Microsoft.CognitiveServices/accounts/ContentSafety/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure AI Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure AI 企业网络连接审批者

可以批准与 Azure AI 通用依赖项资源的专用终结点连接

了解详细信息

操作 说明
Microsoft.ContainerRegistry/registries/privateEndpointConnectionsApproval/action 自动批准专用终结点连接
Microsoft.ContainerRegistry/registries/privateEndpointConnections/read 获取专用终结点连接的属性,或列出指定容器注册表的所有专用终结点连接
Microsoft.ContainerRegistry/registries/privateEndpointConnections/write 批准/拒绝专用终结点连接
Microsoft.Cache/redis/read 在管理门户中查看 Redis 缓存的设置和配置
Microsoft.Cache/redis/privateEndpointConnections/read 读取专用终结点连接
Microsoft.Cache/redis/privateEndpointConnections/write 写入专用终结点连接
Microsoft.Cache/redis/privateLinkResources/read 读取专用链接可以连接到的 Redis 子资源的“groupId”
Microsoft.Cache/redis/privateEndpointConnectionsApproval/action 审批专用终结点连接
Microsoft.Cache/redisEnterprise/read 在管理门户中查看 Redis Enterprise 缓存的设置和配置
Microsoft.Cache/redisEnterprise/privateEndpointConnections/read 读取专用终结点连接
Microsoft.Cache/redisEnterprise/privateEndpointConnections/write 写入专用终结点连接
Microsoft.Cache/redisEnterprise/privateLinkResources/read 读取专用链接可以连接到的 Redis 子资源的“groupId”
Microsoft.Cache/redisEnterprise/privateEndpointConnectionsApproval/action 审批专用终结点连接
Microsoft.CognitiveServices/accounts/read 读取 API 帐户。
Microsoft.CognitiveServices/accounts/privateEndpointConnections/read 读取专用终结点连接。
Microsoft.CognitiveServices/accounts/privateEndpointConnections/write 写入专用终结点连接。
Microsoft.CognitiveServices/accounts/privateLinkResources/read 读取帐户的专用链接资源。
Microsoft.DocumentDB/databaseAccounts/privateEndpointConnectionsApproval/action 管理数据库帐户的专用终结点连接
Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read 读取专用终结点连接,或列出数据库帐户的所有专用终结点连接
Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/write 创建或更新数据库帐户的专用终结点连接
Microsoft.DocumentDB/databaseAccounts/privateLinkResources/read 读取专用链接资源,或列出数据库帐户的所有专用链接资源
Microsoft.DocumentDB/databaseAccounts/read 读取数据库帐户。
Microsoft.KeyVault/vaults/privateEndpointConnectionsApproval/action 批准或拒绝到 Microsoft.Network 提供程序的专用终结点资源的连接
Microsoft.KeyVault/vaults/privateEndpointConnections/read 查看到 Microsoft.Network 提供程序的专用终结点资源的连接状态
Microsoft.KeyVault/vaults/privateEndpointConnections/write 更改到 Microsoft.Network 提供程序的专用终结点资源的连接状态
Microsoft.KeyVault/vaults/privateLinkResources/read 获取密钥保管库的指定实例的可用专用链接资源
Microsoft.KeyVault/vaults/read 查看密钥保管库的属性
Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionsApproval/action 批准或拒绝到 Microsoft.Network 提供程序的专用终结点资源的连接
Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read 查看到 Microsoft.Network 提供程序的专用终结点资源的连接状态
Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write 更改到 Microsoft.Network 提供程序的专用终结点资源的连接状态
Microsoft.MachineLearningServices/workspaces/privateLinkResources/read 获取机器学习服务工作区的指定实例的可用专用链接资源
Microsoft.MachineLearningServices/workspaces/read 获取机器学习服务工作区
Microsoft.Storage/storageAccounts/privateEndpointConnections/read 获取专用终结点连接
Microsoft.Storage/storageAccounts/privateEndpointConnections/write 放置专用终结点连接
Microsoft.Storage/storageAccounts/privateLinkResources/read 获取 StorageAccount groupids
Microsoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。
Microsoft.Sql/servers/privateEndpointConnectionsApproval/action 确定是否允许用户批准专用终结点连接
Microsoft.Sql/servers/privateEndpointConnections/read 返回专用终结点连接列表,或获取指定专用终结点连接的属性。
Microsoft.Sql/servers/privateEndpointConnections/write 批准或拒绝现有的专用终结点连接
Microsoft.Sql/servers/privateLinkResources/read 获取相应 SQL Server 的专用链接资源
Microsoft.Sql/servers/read 返回服务器列表,或获取指定服务器的属性。
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can approve private endpoint connections to Azure AI common dependency resources",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/b556d68e-0be0-4f35-a333-ad7ee1ce17ea",
  "name": "b556d68e-0be0-4f35-a333-ad7ee1ce17ea",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/privateEndpointConnectionsApproval/action",
        "Microsoft.ContainerRegistry/registries/privateEndpointConnections/read",
        "Microsoft.ContainerRegistry/registries/privateEndpointConnections/write",
        "Microsoft.Cache/redis/read",
        "Microsoft.Cache/redis/privateEndpointConnections/read",
        "Microsoft.Cache/redis/privateEndpointConnections/write",
        "Microsoft.Cache/redis/privateLinkResources/read",
        "Microsoft.Cache/redis/privateEndpointConnectionsApproval/action",
        "Microsoft.Cache/redisEnterprise/read",
        "Microsoft.Cache/redisEnterprise/privateEndpointConnections/read",
        "Microsoft.Cache/redisEnterprise/privateEndpointConnections/write",
        "Microsoft.Cache/redisEnterprise/privateLinkResources/read",
        "Microsoft.Cache/redisEnterprise/privateEndpointConnectionsApproval/action",
        "Microsoft.CognitiveServices/accounts/read",
        "Microsoft.CognitiveServices/accounts/privateEndpointConnections/read",
        "Microsoft.CognitiveServices/accounts/privateEndpointConnections/write",
        "Microsoft.CognitiveServices/accounts/privateLinkResources/read",
        "Microsoft.DocumentDB/databaseAccounts/privateEndpointConnectionsApproval/action",
        "Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read",
        "Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/write",
        "Microsoft.DocumentDB/databaseAccounts/privateLinkResources/read",
        "Microsoft.DocumentDB/databaseAccounts/read",
        "Microsoft.KeyVault/vaults/privateEndpointConnectionsApproval/action",
        "Microsoft.KeyVault/vaults/privateEndpointConnections/read",
        "Microsoft.KeyVault/vaults/privateEndpointConnections/write",
        "Microsoft.KeyVault/vaults/privateLinkResources/read",
        "Microsoft.KeyVault/vaults/read",
        "Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionsApproval/action",
        "Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read",
        "Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write",
        "Microsoft.MachineLearningServices/workspaces/privateLinkResources/read",
        "Microsoft.MachineLearningServices/workspaces/read",
        "Microsoft.Storage/storageAccounts/privateEndpointConnections/read",
        "Microsoft.Storage/storageAccounts/privateEndpointConnections/write",
        "Microsoft.Storage/storageAccounts/privateLinkResources/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Sql/servers/privateEndpointConnectionsApproval/action",
        "Microsoft.Sql/servers/privateEndpointConnections/read",
        "Microsoft.Sql/servers/privateEndpointConnections/write",
        "Microsoft.Sql/servers/privateLinkResources/read",
        "Microsoft.Sql/servers/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure AI Enterprise Network Connection Approver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure AI 推理部署操作员

可以执行在资源组中创建资源部署所需的所有操作。

了解详细信息

操作 说明
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Insights/AutoscaleSettings/write 创建或更新自动缩放设置
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform all actions required to create a resource deployment within a resource group.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/3afb7f49-54cb-416e-8c09-6dc049efa503",
  "name": "3afb7f49-54cb-416e-8c09-6dc049efa503",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Insights/AutoscaleSettings/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure AI Inference Deployment Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AzureML 计算操作员

可以在机器学习服务托管计算资源(包括笔记本 VM)上访问和执行 CRUD 操作。

了解详细信息

操作 说明
Microsoft.MachineLearningServices/workspaces/computes/*
Microsoft.MachineLearningServices/workspaces/notebooks/vm/*
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can access and perform CRUD operations on Machine Learning Services managed compute resources (including Notebook VMs).",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/e503ece1-11d0-4e8e-8e2c-7a6c3bf38815",
  "name": "e503ece1-11d0-4e8e-8e2c-7a6c3bf38815",
  "permissions": [
    {
      "actions": [
        "Microsoft.MachineLearningServices/workspaces/computes/*",
        "Microsoft.MachineLearningServices/workspaces/notebooks/vm/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AzureML Compute Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AzureML 数据科学家

可以在 Azure 机器学习工作区中执行所有操作,但创建或删除计算资源及修改工作区本身除外。

了解详细信息

操作 说明
Microsoft.MachineLearningServices/workspaces/*/read
Microsoft.MachineLearningServices/workspaces/*/action
Microsoft.MachineLearningServices/workspaces/*/delete
Microsoft.MachineLearningServices/workspaces/*/write
不操作
Microsoft.MachineLearningServices/workspaces/delete 删除机器学习服务工作区
Microsoft.MachineLearningServices/workspaces/write 创建或更新机器学习服务工作区
Microsoft.MachineLearningServices/workspaces/computes/*/write
Microsoft.MachineLearningServices/workspaces/computes/*/delete
Microsoft.MachineLearningServices/workspaces/computes/listKeys/action 列出机器学习服务工作区中的计算资源的机密
Microsoft.MachineLearningServices/workspaces/listKeys/action 列出机器学习服务工作区的机密
Microsoft.MachineLearningServices/workspaces/hubs/write 创建或更新机器学习服务中心工作区
Microsoft.MachineLearningServices/workspaces/hubs/delete 删除机器学习服务中心工作区
Microsoft.MachineLearningServices/workspaces/featurestores/write 创建或更新机器学习服务特征存储
Microsoft.MachineLearningServices/workspaces/featurestores/delete 删除机器学习服务特征存储
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f6c7c914-8db3-469d-8ca1-694a8f32e121",
  "name": "f6c7c914-8db3-469d-8ca1-694a8f32e121",
  "permissions": [
    {
      "actions": [
        "Microsoft.MachineLearningServices/workspaces/*/read",
        "Microsoft.MachineLearningServices/workspaces/*/action",
        "Microsoft.MachineLearningServices/workspaces/*/delete",
        "Microsoft.MachineLearningServices/workspaces/*/write"
      ],
      "notActions": [
        "Microsoft.MachineLearningServices/workspaces/delete",
        "Microsoft.MachineLearningServices/workspaces/write",
        "Microsoft.MachineLearningServices/workspaces/computes/*/write",
        "Microsoft.MachineLearningServices/workspaces/computes/*/delete",
        "Microsoft.MachineLearningServices/workspaces/computes/listKeys/action",
        "Microsoft.MachineLearningServices/workspaces/listKeys/action",
        "Microsoft.MachineLearningServices/workspaces/hubs/write",
        "Microsoft.MachineLearningServices/workspaces/hubs/delete",
        "Microsoft.MachineLearningServices/workspaces/featurestores/write",
        "Microsoft.MachineLearningServices/workspaces/featurestores/delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AzureML Data Scientist",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AzureML 指标编写器(预览版)

允许您将指标写入 AzureML 工作区

了解详细信息

操作 说明
Microsoft.MachineLearningServices/workspaces/metrics/*/write
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you write metrics to AzureML workspace",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/635dd51f-9968-44d3-b7fb-6d9a6bd613ae",
  "name": "635dd51f-9968-44d3-b7fb-6d9a6bd613ae",
  "permissions": [
    {
      "actions": [
        "Microsoft.MachineLearningServices/workspaces/metrics/*/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AzureML Metrics Writer (preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AzureML 注册表用户

可以对机器学习服务注册表资产执行所有操作并取得注册表资源。

了解详细信息

操作 说明
Microsoft.MachineLearningServices/registries/read 获取机器学习服务注册表
Microsoft.MachineLearningServices/registries/assets/*
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform all actions on Machine Learning Services Registry assets as well as get Registry resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/1823dd4f-9b8c-4ab6-ab4e-7397a3684615",
  "name": "1823dd4f-9b8c-4ab6-ab4e-7397a3684615",
  "permissions": [
    {
      "actions": [
        "Microsoft.MachineLearningServices/registries/read",
        "Microsoft.MachineLearningServices/registries/assets/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AzureML Registry User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务参与者

允许创建、读取、更新、删除和管理认知服务的密钥。

了解详细信息

操作 说明
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.CognitiveServices/*
Microsoft.Features/features/read 获取订阅的功能。
Microsoft.Features/providers/features/read 获取给定资源提供程序中某个订阅的功能。
Microsoft.Features/providers/features/register/action 在给定的资源提供程序中注册某个订阅的功能。
Microsoft.Insights/alertRules/* 创建和管理经典指标警报
Microsoft.Insights/diagnosticSettings/* 创建、更新或读取 Analysis Server 的诊断设置
Microsoft.Insights/logDefinitions/read 读取日志定义
Microsoft.Insights/metricdefinitions/read 读取指标定义
Microsoft.Insights/metrics/read 添加指标
Microsoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Resources/deployments/operations/read 获取或列出部署操作。
Microsoft.Resources/subscriptions/operationresults/read 获取订阅操作结果。
Microsoft.Resources/subscriptions/read 获取订阅的列表。
Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
Microsoft.Support/* 创建和更新支持票证
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*",
        "Microsoft.Features/features/read",
        "Microsoft.Features/providers/features/read",
        "Microsoft.Features/providers/features/register/action",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务自定义视觉参与者

对项目的完全访问权限,包括可以查看、创建、编辑或删除项目。

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
不操作
DataActions
Microsoft.CognitiveServices/accounts/CustomVision/*
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to the project, including the ability to view, create, edit, or delete projects.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Custom Vision Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务自定义视觉部署

发布、取消发布或导出模型。 部署可以查看项目,但不能更新项目。

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
不操作
DataActions
Microsoft.CognitiveServices/accounts/CustomVision/*/read
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*
Microsoft.CognitiveServices/accounts/CustomVision/classify/*
Microsoft.CognitiveServices/accounts/CustomVision/detect/*
NotDataActions
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read 导出项目。
{
  "assignableScopes": [
    "/"
  ],
  "description": "Publish, unpublish or export models. Deployment can view the project but can't update.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f",
  "name": "5c4089e1-6d96-4d2f-b296-c1bc7137275f",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/classify/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/detect/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Deployment",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务自定义视觉标记者

查看、编辑训练图像,创建、添加、移除或删除图像标记。 标记者可以查看项目,但不能更新除训练图像和标记以外的任何内容。

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
不操作
DataActions
Microsoft.CognitiveServices/accounts/CustomVision/*/read
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action 获取已发送到预测终结点的图像。
Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action 此 API 获取未标记图像数组/批的建议标记和区域,以及标记的置信度。 如果未找到标记,则返回空数组。
NotDataActions
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read 导出项目。
{
  "assignableScopes": [
    "/"
  ],
  "description": "View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c",
  "name": "88424f51-ebe7-446f-bc41-7fa16989e96c",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Labeler",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务自定义视觉读取者

只读项目中的操作。 读取者不能创建或更新项目。

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
不操作
DataActions
Microsoft.CognitiveServices/accounts/CustomVision/*/read
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action 获取已发送到预测终结点的图像。
NotDataActions
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read 导出项目。
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only actions in the project. Readers can't create or update the project.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/93586559-c37d-4a6b-ba08-b9f0940c2d73",
  "name": "93586559-c37d-4a6b-ba08-b9f0940c2d73",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务自定义视觉训练者

查看、编辑项目和训练模型,包括可以发布、取消发布、导出模型。 训练者不能创建或删除项目。

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
不操作
DataActions
Microsoft.CognitiveServices/accounts/CustomVision/*
NotDataActions
Microsoft.CognitiveServices/accounts/CustomVision/projects/action 创建项目。
Microsoft.CognitiveServices/accounts/CustomVision/projects/delete 删除特定的项目。
Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action 导入项目。
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read 导出项目。
{
  "assignableScopes": [
    "/"
  ],
  "description": "View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can't create or delete the project.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
  "name": "0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/action",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/delete",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Trainer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务数据读者

允许读取认知服务数据。

了解详细信息

操作 说明
不操作
DataActions
Microsoft.CognitiveServices/*/read
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read Cognitive Services data.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
  "name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务人脸识别者

让你可以在人脸 API 上执行“检测”、“验证”、“识别”、“分组”和“查找相似”等操作。 此角色不允许创建或删除操作,因此非常适合只需要对功能进行推理、遵循“最小特权”最佳做法的终结点。

操作 说明
不操作
DataActions
Microsoft.CognitiveServices/accounts/Face/detect/action 检测图像中的人脸,返回人脸矩形以及可选的 faceId、地标和属性。
Microsoft.CognitiveServices/accounts/Face/verify/action 验证两张人脸是否属于同一个人,或者一张人脸是否属于某一个人。
Microsoft.CognitiveServices/accounts/Face/identify/action 一对多的识别,用于在人员组或大型人员组中查找与特定查询人脸最接近的匹配项。
Microsoft.CognitiveServices/accounts/Face/group/action 根据人脸相似性将候选人脸划分为组。
Microsoft.CognitiveServices/accounts/Face/findsimilars/action 给定查询人脸的 faceId,用于在 faceId 数组、人脸列表或大型人脸列表中搜索类似的人脸。 faceId
Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action

在一个红外、颜色和/或深度的图像序列中对目标人脸执行活动检测,并将目标人脸的活动分类返回为“真实人脸”、“假冒人脸”或“不确定”(如果无法使用给定输入进行分类)。

Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action

在相同模态(例如颜色或红外)的图像序列中对目标人脸执行活动检测,并将目标人脸的活动分类返回为“真实人脸”、“假冒人脸”或“不确定”(如果无法使用给定输入进行分类)。

Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action 在一系列相同流类型(如颜色)的图像中检测目标人脸的活动,然后与 VerifyImage 进行比较以返回标识方案的置信度得分。
Microsoft.CognitiveServices/accounts/Face/*/sessions/action
Microsoft.CognitiveServices/accounts/Face/*/sessions/delete
Microsoft.CognitiveServices/accounts/Face/*/sessions/read
Microsoft.CognitiveServices/accounts/Face/*/sessions/audit/read
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/9894cab4-e18a-44aa-828b-cb588cd6f2d7",
  "name": "9894cab4-e18a-44aa-828b-cb588cd6f2d7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/Face/detect/action",
        "Microsoft.CognitiveServices/accounts/Face/verify/action",
        "Microsoft.CognitiveServices/accounts/Face/identify/action",
        "Microsoft.CognitiveServices/accounts/Face/group/action",
        "Microsoft.CognitiveServices/accounts/Face/findsimilars/action",
        "Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action",
        "Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action",
        "Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action",
        "Microsoft.CognitiveServices/accounts/Face/*/sessions/action",
        "Microsoft.CognitiveServices/accounts/Face/*/sessions/delete",
        "Microsoft.CognitiveServices/accounts/Face/*/sessions/read",
        "Microsoft.CognitiveServices/accounts/Face/*/sessions/audit/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Face Recognizer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务沉浸式阅读器用户

提供建立沉浸式阅读器会话和呼叫 API 的存取权限

了解详细信息

操作 说明
不操作
DataActions
Microsoft.CognitiveServices/accounts/ImmersiveReader/getcontentmodelforreader/action 创建沉浸式阅读器会话
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides access to create Immersive Reader sessions and call APIs",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/b2de6794-95db-4659-8781-7e080d3f2b9d",
  "name": "b2de6794-95db-4659-8781-7e080d3f2b9d",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/ImmersiveReader/getcontentmodelforreader/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Immersive Reader User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务语言所有者

可以存取语言入口网站下的所有读取、测试、写入、部署和删除功能

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
Microsoft.CognitiveServices/accounts/listkeys/action 列出密钥
Microsoft.Authorization/roleAssignments/read 获取有关角色分配的信息。
Microsoft.Authorization/roleDefinitions/read 获取有关角色定义的信息。
不操作
DataActions
Microsoft.CognitiveServices/accounts/LanguageAuthoring/*
Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*
Microsoft.CognitiveServices/accounts/Language/*
Microsoft.CognitiveServices/accounts/TextAnalytics/*
NotDataActions
Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*
{
  "assignableScopes": [
    "/"
  ],
  "description": "Has access to all Read, Test, Write, Deploy and Delete functions under Language portal",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f07febfe-79bc-46b1-8b37-790e26e6e498",
  "name": "f07febfe-79bc-46b1-8b37-790e26e6e498",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.CognitiveServices/accounts/listkeys/action",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/LanguageAuthoring/*",
        "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*",
        "Microsoft.CognitiveServices/accounts/Language/*",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*"
      ]
    }
  ],
  "roleName": "Cognitive Services Language Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务语言读取者

可以存取语言入口网站下的读取和测试功能

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
Microsoft.Authorization/roleAssignments/read 获取有关角色分配的信息。
Microsoft.Authorization/roleDefinitions/read 获取有关角色定义的信息。
不操作
DataActions
Microsoft.CognitiveServices/accounts/LanguageAuthoring/*/read
Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*/read
Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/export/action 触发作业以采用 JSON 格式导出项目数据。
Microsoft.CognitiveServices/accounts/Language/*/read
Microsoft.CognitiveServices/accounts/Language/*/projects/export/action
Microsoft.CognitiveServices/accounts/Language/query-text/action 答案文本。
Microsoft.CognitiveServices/accounts/Language/query-dataverse/action 查询 Dataverse。
Microsoft.CognitiveServices/accounts/Language/analyze-text/jobs/action 提交用于分析的文本文档的集合。 指定一个或多个要执行的唯一任务。
Microsoft.CognitiveServices/accounts/Language/analyze-text/action 提交用于分析的文本文档的集合。 指定要立即执行的单个唯一任务。
Microsoft.CognitiveServices/accounts/Language/analyze-text/jobscancel/action 取消长时间运行的文本分析作业。
Microsoft.CognitiveServices/accounts/Language/analyze-conversations/action 分析输入对话。
Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobscancel/action 取消对话中长时间运行的分析作业。
Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobs/action 提交长时间对话进行分析。 指定要作为长时间运行的操作执行的一个或多个唯一任务。
Microsoft.CognitiveServices/accounts/Language/query-knowledgebases/action 答案知识库。
Microsoft.CognitiveServices/accounts/Language/generate/action 语言生成。
Microsoft.CognitiveServices/accounts/TextAnalytics/*
NotDataActions
Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*
{
  "assignableScopes": [
    "/"
  ],
  "description": "Has access to Read and Test functions under Language portal",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/7628b7b8-a8b2-4cdc-b46f-e9b35248918e",
  "name": "7628b7b8-a8b2-4cdc-b46f-e9b35248918e",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/LanguageAuthoring/*/read",
        "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*/read",
        "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/export/action",
        "Microsoft.CognitiveServices/accounts/Language/*/read",
        "Microsoft.CognitiveServices/accounts/Language/*/projects/export/action",
        "Microsoft.CognitiveServices/accounts/Language/query-text/action",
        "Microsoft.CognitiveServices/accounts/Language/query-dataverse/action",
        "Microsoft.CognitiveServices/accounts/Language/analyze-text/jobs/action",
        "Microsoft.CognitiveServices/accounts/Language/analyze-text/action",
        "Microsoft.CognitiveServices/accounts/Language/analyze-text/jobscancel/action",
        "Microsoft.CognitiveServices/accounts/Language/analyze-conversations/action",
        "Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobscancel/action",
        "Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobs/action",
        "Microsoft.CognitiveServices/accounts/Language/query-knowledgebases/action",
        "Microsoft.CognitiveServices/accounts/Language/generate/action",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*"
      ]
    }
  ],
  "roleName": "Cognitive Services Language Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务语言写入者

可以存取语言入口网站下的所有读取、测试和写入功能

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
Microsoft.Authorization/roleAssignments/read 获取有关角色分配的信息。
Microsoft.Authorization/roleDefinitions/read 获取有关角色定义的信息。
不操作
DataActions
Microsoft.CognitiveServices/accounts/LanguageAuthoring/*
Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*
Microsoft.CognitiveServices/accounts/Language/*
Microsoft.CognitiveServices/accounts/TextAnalytics/*
NotDataActions
Microsoft.CognitiveServices/accounts/LanguageAuthoring/projects/publish/action 触发发布作业。
Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/deployments/write 触发作业以创建新部署或替换现有部署。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*
Microsoft.CognitiveServices/accounts/Language/*/projects/delete
Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/write
Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/delete
Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/swap/action
{
  "assignableScopes": [
    "/"
  ],
  "description": " Has access to all Read, Test, and Write functions under Language Portal",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f2310ca1-dc64-4889-bb49-c8e0fa3d47a8",
  "name": "f2310ca1-dc64-4889-bb49-c8e0fa3d47a8",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/LanguageAuthoring/*",
        "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*",
        "Microsoft.CognitiveServices/accounts/Language/*",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/LanguageAuthoring/projects/publish/action",
        "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/deployments/write",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*",
        "Microsoft.CognitiveServices/accounts/Language/*/projects/delete",
        "Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/write",
        "Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/delete",
        "Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/swap/action"
      ]
    }
  ],
  "roleName": "Cognitive Services Language Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务 LUIS 所有者

有权存取 LUIS 下的所有读取、测试、写入、部署和删除功能

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
Microsoft.CognitiveServices/accounts/listkeys/action 列出密钥
Microsoft.Authorization/roleAssignments/read 获取有关角色分配的信息。
Microsoft.Authorization/roleDefinitions/read 获取有关角色定义的信息。
不操作
DataActions
Microsoft.CognitiveServices/accounts/LUIS/*
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": " Has access to all Read, Test, Write, Deploy and Delete functions under LUIS",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f72c8140-2111-481c-87ff-72b910f6e3f8",
  "name": "f72c8140-2111-481c-87ff-72b910f6e3f8",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.CognitiveServices/accounts/listkeys/action",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/LUIS/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services LUIS Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务 LUIS 读者

可以存取 LUIS 下的读取和测试功能。

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
Microsoft.Authorization/roleAssignments/read 获取有关角色分配的信息。
Microsoft.Authorization/roleDefinitions/read 获取有关角色定义的信息。
不操作
DataActions
Microsoft.CognitiveServices/accounts/LUIS/*/read
Microsoft.CognitiveServices/accounts/LUIS/apps/testdatasets/write 更新给定应用程序的现有批处理测试数据集的上次测试结果。
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Has access to Read and Test functions under LUIS.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/18e81cdc-4e98-4e29-a639-e7d10c5a6226",
  "name": "18e81cdc-4e98-4e29-a639-e7d10c5a6226",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/LUIS/*/read",
        "Microsoft.CognitiveServices/accounts/LUIS/apps/testdatasets/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services LUIS Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务 LUIS 写入者

可以存取 LUIS 下的所有读取、测试和写入功能

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
Microsoft.Authorization/roleAssignments/read 获取有关角色分配的信息。
Microsoft.Authorization/roleDefinitions/read 获取有关角色定义的信息。
不操作
DataActions
Microsoft.CognitiveServices/accounts/LUIS/*
NotDataActions
Microsoft.CognitiveServices/accounts/LUIS/apps/delete 删除应用程序。
Microsoft.CognitiveServices/accounts/LUIS/apps/move/action 将应用移到其他 LUIS 创作 Azure 资源。
Microsoft.CognitiveServices/accounts/LUIS/apps/publish/action 发布应用程序的特定版本。
Microsoft.CognitiveServices/accounts/LUIS/apps/settings/write 更新应用程序设置
Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/action 为应用程序分配一个 Azure 帐户。
Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/delete 使用用户的 Azure 资源管理器令牌获取该用户的 LUIS Azure 帐户。
{
  "assignableScopes": [
    "/"
  ],
  "description": "Has access to all Read, Test, and Write functions under LUIS",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/6322a993-d5c9-4bed-b113-e49bbea25b27",
  "name": "6322a993-d5c9-4bed-b113-e49bbea25b27",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/LUIS/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/LUIS/apps/delete",
        "Microsoft.CognitiveServices/accounts/LUIS/apps/move/action",
        "Microsoft.CognitiveServices/accounts/LUIS/apps/publish/action",
        "Microsoft.CognitiveServices/accounts/LUIS/apps/settings/write",
        "Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/action",
        "Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/delete"
      ]
    }
  ],
  "roleName": "Cognitive Services LUIS Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务指标顾问管理员

拥有对项目的完全访问权限,包括系统级配置。

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
不操作
DataActions
Microsoft.CognitiveServices/accounts/MetricsAdvisor/*
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to the project, including the system level configuration.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/cb43c632-a144-4ec5-977c-e80c4affc34a",
  "name": "cb43c632-a144-4ec5-977c-e80c4affc34a",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/MetricsAdvisor/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Metrics Advisor Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务指标顾问用户

访问该项目。

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
不操作
DataActions
Microsoft.CognitiveServices/accounts/MetricsAdvisor/*
NotDataActions
Microsoft.CognitiveServices/accounts/MetricsAdvisor/stats/*
{
  "assignableScopes": [
    "/"
  ],
  "description": "Access to the project.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/3b20f47b-3825-43cb-8114-4bd2201156a8",
  "name": "3b20f47b-3825-43cb-8114-4bd2201156a8",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/MetricsAdvisor/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/MetricsAdvisor/stats/*"
      ]
    }
  ],
  "roleName": "Cognitive Services Metrics Advisor User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务 OpenAI 参与者

完全访问权限,包括微调、部署和生成文本的功能

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
Microsoft.CognitiveServices/accounts/deployments/write 写入部署。
Microsoft.CognitiveServices/accounts/deployments/delete 删除部署。
Microsoft.CognitiveServices/accounts/raiPolicies/read 获取帐户下的所有适用策略,包括默认策略。
Microsoft.CognitiveServices/accounts/raiPolicies/write 创建或更新自定义负责任 AI 策略。
Microsoft.CognitiveServices/accounts/raiPolicies/delete 删除现有部署未引用的自定义负责任 AI 策略。
Microsoft.CognitiveServices/accounts/commitmentplans/read 读取承诺计划。
Microsoft.CognitiveServices/accounts/commitmentplans/write 写入承诺计划。
Microsoft.CognitiveServices/accounts/commitmentplans/delete 删除承诺计划。
Microsoft.Authorization/roleAssignments/read 获取有关角色分配的信息。
Microsoft.Authorization/roleDefinitions/read 获取有关角色定义的信息。
不操作
DataActions
Microsoft.CognitiveServices/accounts/OpenAI/*
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access including the ability to fine-tune, deploy and generate text",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/a001fd3d-188f-4b5d-821b-7da978bf7442",
  "name": "a001fd3d-188f-4b5d-821b-7da978bf7442",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.CognitiveServices/accounts/deployments/write",
        "Microsoft.CognitiveServices/accounts/deployments/delete",
        "Microsoft.CognitiveServices/accounts/raiPolicies/read",
        "Microsoft.CognitiveServices/accounts/raiPolicies/write",
        "Microsoft.CognitiveServices/accounts/raiPolicies/delete",
        "Microsoft.CognitiveServices/accounts/commitmentplans/read",
        "Microsoft.CognitiveServices/accounts/commitmentplans/write",
        "Microsoft.CognitiveServices/accounts/commitmentplans/delete",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/OpenAI/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services OpenAI Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务 OpenAI 用户

查看文件、模型、部署的读取访问权限。 创建完成操作和嵌入调用的功能。

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
Microsoft.Authorization/roleAssignments/read 获取有关角色分配的信息。
Microsoft.Authorization/roleDefinitions/read 获取有关角色定义的信息。
不操作
DataActions
Microsoft.CognitiveServices/accounts/OpenAI/*/read
Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action 从所选模型创建完成
Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action 使用当前引擎搜索最相关的文档。
Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action (仅适用于浏览器。)通过 GET 请求从模型流式传输生成的文本。 之所以提供此方法,是因为浏览器原生 EventSource 方法只能发送 GET 请求。 它支持比 POST 变体更有限的一组配置选项。
Microsoft.CognitiveServices/accounts/OpenAI/deployments/audio/action 返回给定音频文件的脚本或翻译。
Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action 使用当前引擎搜索最相关的文档。
Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action 从所选模型创建完成操作。
Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action 为聊天消息创建完成操作
Microsoft.CognitiveServices/accounts/OpenAI/deployments/realtime/action 创建与部署的实时连接。
Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action 使用扩展为聊天消息创建完成操作
Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action 返回给定提示的嵌入。
Microsoft.CognitiveServices/accounts/OpenAI/images/generations/action 创建映像代系。
Microsoft.CognitiveServices/accounts/OpenAI/assistants/*
NotDataActions
Microsoft.CognitiveServices/accounts/OpenAI/stored-completions/read 使用筛选器查询完成数据,或使用完成 ID 获取单个完成数据,或获取给定帐户的流量元数据
{
  "assignableScopes": [
    "/"
  ],
  "description": "Ability to view files, models, deployments. Readers can't make any changes They can inference and create images",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/5e0bd9bd-7b93-4f28-af87-19fc36ad61bd",
  "name": "5e0bd9bd-7b93-4f28-af87-19fc36ad61bd",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/OpenAI/*/read",
        "Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/deployments/audio/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/deployments/realtime/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/images/generations/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/assistants/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/OpenAI/stored-completions/read"
      ]
    }
  ],
  "roleName": "Cognitive Services OpenAI User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务 QnA Maker 编辑者

允许你创建、编辑、导入和导出知识库。 但不能发布或删除知识库。

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
Microsoft.Authorization/roleAssignments/read 获取有关角色分配的信息。
Microsoft.Authorization/roleDefinitions/read 获取有关角色定义的信息。
不操作
DataActions
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read 获取知识库列表或特定知识库的详细信息。
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read 下载知识库。
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write 用于创建新知识库的异步操作。
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write 用于修改知识库或替换知识库内容的异步操作。
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action 用于查询知识库的 GenerateAnswer 调用。
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action 用于将建议添加到知识库的 Train 调用。
Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read 从运行时下载更改。
Microsoft.CognitiveServices/accounts/QnAMaker/alterations/write 替换更改数据。
Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read 获取终结点的终结点密钥
Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action 重新生成终结点密钥。
Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read 获取终结点的终结点设置
Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write 更新终结点的终结点设置。
Microsoft.CognitiveServices/accounts/QnAMaker/operations/read 获取特定的长时间运行的操作的详细信息。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read 获取知识库列表或特定知识库的详细信息。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read 下载知识库。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write 用于创建新知识库的异步操作。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write 用于修改知识库或替换知识库内容的异步操作。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action 用于查询知识库的 GenerateAnswer 调用。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action 用于将建议添加到知识库的 Train 调用。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read 从运行时下载更改。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/write 替换更改数据。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read 获取终结点的终结点密钥
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action 重新生成终结点密钥。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read 获取终结点的终结点设置
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write 更新终结点的终结点设置。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read 获取特定的长时间运行的操作的详细信息。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read 获取知识库列表或特定知识库的详细信息。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read 下载知识库。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write 用于创建新知识库的异步操作。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write 用于修改知识库或替换知识库内容的异步操作。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action 用于查询知识库的 GenerateAnswer 调用。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action 用于将建议添加到知识库的 Train 调用。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read 从运行时下载更改。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/write 替换更改数据。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read 获取终结点的终结点密钥
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action 重新生成终结点密钥。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read 获取终结点的终结点设置
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write 更新终结点的终结点设置。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read 获取特定的长时间运行的操作的详细信息。
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Let's you create, edit, import and export a KB. You cannot publish or delete a KB.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f4cc2bf9-21be-47a1-bdf1-5c5804381025",
  "name": "f4cc2bf9-21be-47a1-bdf1-5c5804381025",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/alterations/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker/operations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/write",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services QnA Maker Editor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务 QnA Maker 读取者

只能读取和测试知识库。

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
Microsoft.Authorization/roleAssignments/read 获取有关角色分配的信息。
Microsoft.Authorization/roleDefinitions/read 获取有关角色定义的信息。
不操作
DataActions
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read 获取知识库列表或特定知识库的详细信息。
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read 下载知识库。
Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action 用于查询知识库的 GenerateAnswer 调用。
Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read 从运行时下载更改。
Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read 获取终结点的终结点密钥
Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read 获取终结点的终结点设置
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read 获取知识库列表或特定知识库的详细信息。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read 下载知识库。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action 用于查询知识库的 GenerateAnswer 调用。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read 从运行时下载更改。
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read 获取终结点的终结点密钥
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read 获取终结点的终结点设置
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read 获取知识库列表或特定知识库的详细信息。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read 下载知识库。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action 用于查询知识库的 GenerateAnswer 调用。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read 从运行时下载更改。
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read 获取终结点的终结点密钥
Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read 获取终结点的终结点设置
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Let's you read and test a KB only.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/466ccd10-b268-4a11-b098-b4849f024126",
  "name": "466ccd10-b268-4a11-b098-b4849f024126",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services QnA Maker Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务语音参与者

完全存取语音项目,包括读取、写入和删除所有实体,用于即时语音认可和批量转录任务、即时语音合成和长音讯任务、自订语音和自订语音。

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
Microsoft.Authorization/roleAssignments/read 获取有关角色分配的信息。
Microsoft.Authorization/roleDefinitions/read 获取有关角色定义的信息。
不操作
DataActions
Microsoft.CognitiveServices/accounts/SpeechServices/*
Microsoft.CognitiveServices/accounts/CustomVoice/*
Microsoft.CognitiveServices/accounts/AudioContentCreation/*
Microsoft.CognitiveServices/accounts/VideoTranslation/*
Microsoft.CognitiveServices/accounts/CustomAvatar/*
Microsoft.CognitiveServices/accounts/BatchAvatar/*
Microsoft.CognitiveServices/accounts/BatchTextToSpeech/*
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/0e75ca1e-0464-4b4d-8b93-68208a576181",
  "name": "0e75ca1e-0464-4b4d-8b93-68208a576181",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/SpeechServices/*",
        "Microsoft.CognitiveServices/accounts/CustomVoice/*",
        "Microsoft.CognitiveServices/accounts/AudioContentCreation/*",
        "Microsoft.CognitiveServices/accounts/VideoTranslation/*",
        "Microsoft.CognitiveServices/accounts/CustomAvatar/*",
        "Microsoft.CognitiveServices/accounts/BatchAvatar/*",
        "Microsoft.CognitiveServices/accounts/BatchTextToSpeech/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Speech Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务语音用户

存取即时语音认可和批次转录API、即时语音合成和长音讯API,以及读取自订模型的资料/测试/模型/端点,但无法建立、删除或修改自订模型的资料/测试/模型/端点。

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
Microsoft.Authorization/roleAssignments/read 获取有关角色分配的信息。
Microsoft.Authorization/roleDefinitions/read 获取有关角色定义的信息。
不操作
DataActions
Microsoft.CognitiveServices/accounts/SpeechServices/*/read
Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/read
Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/write
Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/delete
Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/action
Microsoft.CognitiveServices/accounts/SpeechServices/*/frontend/action
Microsoft.CognitiveServices/accounts/SpeechServices/text-dependent/*/action
Microsoft.CognitiveServices/accounts/SpeechServices/text-independent/*/action
Microsoft.CognitiveServices/accounts/CustomVoice/*/read
Microsoft.CognitiveServices/accounts/CustomVoice/evaluations/*
Microsoft.CognitiveServicesaccounts/CustomVoice/longaudiosynthesis/*
Microsoft.CognitiveServices/accounts/AudioContentCreation/*
Microsoft.CognitiveServices/accounts/VideoTranslation/*
Microsoft.CognitiveServices/accounts/CustomAvatar/*/read
Microsoft.CognitiveServices/accounts/BatchAvatar/*
Microsoft.CognitiveServices/accounts/BatchTextToSpeech/*
NotDataActions
Microsoft.CognitiveServices/accounts/CustomVoice/datasets/files/read 获取由指定的 ID 标识的数据集的列表。
Microsoft.CognitiveServices/accounts/CustomVoice/datasets/utterances/read 获取指定训练集的言语。
{
  "assignableScopes": [
    "/"
  ],
  "description": "Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f2dc8367-1007-4938-bd23-fe263f013447",
  "name": "f2dc8367-1007-4938-bd23-fe263f013447",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/SpeechServices/*/read",
        "Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/read",
        "Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/write",
        "Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/delete",
        "Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/action",
        "Microsoft.CognitiveServices/accounts/SpeechServices/*/frontend/action",
        "Microsoft.CognitiveServices/accounts/SpeechServices/text-dependent/*/action",
        "Microsoft.CognitiveServices/accounts/SpeechServices/text-independent/*/action",
        "Microsoft.CognitiveServices/accounts/CustomVoice/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVoice/evaluations/*",
        "Microsoft.CognitiveServices/accounts/CustomVoice/longaudiosynthesis/*",
        "Microsoft.CognitiveServices/accounts/AudioContentCreation/*",
        "Microsoft.CognitiveServices/accounts/VideoTranslation/*",
        "Microsoft.CognitiveServices/accounts/CustomAvatar/*/read",
        "Microsoft.CognitiveServices/accounts/BatchAvatar/*",
        "Microsoft.CognitiveServices/accounts/BatchTextToSpeech/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVoice/datasets/files/read",
        "Microsoft.CognitiveServices/accounts/CustomVoice/datasets/utterances/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Speech User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务使用情况读取者

查看认知服务使用情况的最小权限。

了解详细信息

操作 说明
Microsoft.CognitiveServices/locations/usages/read 读取所有使用情况数据
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Minimal permission to view Cognitive Services usages.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/bba48692-92b0-4667-a9ad-c31c7b334ac2",
  "name": "bba48692-92b0-4667-a9ad-c31c7b334ac2",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/locations/usages/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Usages Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

认知服务用户

允许读取和列出认知服务的密钥。

了解详细信息

操作 说明
Microsoft.CognitiveServices/*/read
Microsoft.CognitiveServices/accounts/listkeys/action 列出密钥
Microsoft.Insights/alertRules/read 读取经典指标警报
Microsoft.Insights/diagnosticSettings/read 读取资源诊断设置
Microsoft.Insights/logDefinitions/read 读取日志定义
Microsoft.Insights/metricdefinitions/read 读取指标定义
Microsoft.Insights/metrics/read 添加指标
Microsoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态
Microsoft.Resources/deployments/operations/read 获取或列出部署操作。
Microsoft.Resources/subscriptions/operationresults/read 获取订阅操作结果。
Microsoft.Resources/subscriptions/read 获取订阅的列表。
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
Microsoft.Support/* 创建和更新支持票证
不操作
DataActions
Microsoft.CognitiveServices/*
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and list keys of Cognitive Services.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
  "name": "a97b65f3-24c7-4388-baec-2e87135dc908",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.CognitiveServices/accounts/listkeys/action",
        "Microsoft.Insights/alertRules/read",
        "Microsoft.Insights/diagnosticSettings/read",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Health Bot 管理员

具有管理员存取权限的使用者可以登入、检视和编辑所有机器人资源、场景和配置设置,包括机器人实例金钥&金钥。

了解详细信息

操作 说明
不操作
DataActions
Microsoft.HealthBot/healthBots/Admin/Action 登录到管理门户,查看和编辑所有机器人资源、方案、配置设置、实例密钥和机密。
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Users with admin access can sign in, view and edit all of the bot resources, scenarios and configuration setting including the bot instance keys & secrets.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f1082fec-a70f-419f-9230-885d2550fb38",
  "name": "f1082fec-a70f-419f-9230-885d2550fb38",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthBot/healthBots/Admin/Action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Health Bot Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Health Bot 编辑器

具有编辑存取权限的使用者可以登入、查看和编辑所有机器人资源、场景和配置设置,机器人实例密钥&密钥和最终用户输入(包括反馈、无法识别的话语和对话日志)除外。 对机器人技能和频道的唯读存取权限。

了解详细信息

操作 说明
不操作
DataActions
Microsoft.HealthBot/healthBots/Editor/Action 登录到管理门户,查看和编辑除机器人实例密钥和机密和最终用户输入之外的所有机器人资源、方案和配置设置。 对机器人技能和通道的只读访问权限。
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Users with editor access can sign in, view and edit all the bot resources, scenarios and configuration setting except for the bot instance keys & secrets and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). A read-only access to the bot skills and channels.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/af854a69-80ce-4ff7-8447-f1118a2e0ca8",
  "name": "af854a69-80ce-4ff7-8447-f1118a2e0ca8",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthBot/healthBots/Editor/Action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Health Bot Editor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Health Bot 阅读器

具有读者存取权限的使用者可以登录,对机器人资源、场景和配置设定具有唯读存取权限,机器人实例金钥&金钥(包括身份验证、数据连接和通道金钥)和最终用户输入(包括回馈、无法辨识的话语和对话日志)。

了解详细信息

操作 说明
不操作
DataActions
Microsoft.HealthBot/healthBots/Reader/Action 使用对资源、方案和配置设置的只读访问权限登录到管理门户,但机器人实例密钥和机密和最终用户输入除外。
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Users with reader access can sign in, have read-only access to the bot resources, scenarios and configuration setting except for the bot instance keys & secrets (including Authentication, Data Connection and Channels keys) and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs).",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/eb5a76d5-50e7-4c33-a449-070e7c9c4cf2",
  "name": "eb5a76d5-50e7-4c33-a449-070e7c9c4cf2",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthBot/healthBots/Reader/Action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Health Bot Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

搜索索引数据参与者

授予对 Azure 认知搜索索引数据的完全访问权限。

操作 说明
不操作
DataActions
Microsoft.Search/searchServices/indexes/documents/*
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to Azure Cognitive Search index data.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7",
  "name": "8ebe5a00-799e-43f5-93ac-243d3dce84a7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Search/searchServices/indexes/documents/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Search Index Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

搜索索引数据读取者

授予对 Azure 认知搜索索引数据的读取访问权限。

操作 说明
不操作
DataActions
Microsoft.Search/searchServices/indexes/documents/read 从索引中读取文档或建议的查询词。
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants read access to Azure Cognitive Search index data.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f",
  "name": "1407120a-92aa-4202-b7e9-c0e197c71c8f",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Search/searchServices/indexes/documents/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Search Index Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

搜索服务参与者

允许管理搜索服务,但不允许访问这些服务。

了解详细信息

操作 说明
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Insights/alertRules/* 创建和管理经典指标警报
Microsoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
Microsoft.Search/searchServices/* 创建和管理搜索服务
Microsoft.Support/* 创建和更新支持票证
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Search services, but not access to them.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Search/searchServices/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Search Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

后续步骤