你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
DevOps 的 Azure 内置角色
本文列出了 DevOps 类别中的 Azure 内置角色。
部署环境读取者
提供对环境资源的读取访问权限。
操作 | 说明 |
---|---|
Microsoft.DevCenter/projects/read | 获取特定项目。 |
Microsoft.DevCenter/projects/*/read | |
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
不操作 | |
Microsoft.DevCenter/projects/pools/read | 获取计算机池 |
Microsoft.DevCenter/projects/pools/schedules/read | 获取计划资源。 |
DataActions | |
Microsoft.DevCenter/projects/users/environments/adminRead/action | 允许项目管理员读取项目中的所有环境。 |
Microsoft.DevCenter/projects/users/environments/adminActionRead/action | 允许管理员读取环境操作。 |
Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action | 允许管理员从环境部署中读取输出值。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Provides read access to environment resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/eb960402-bf75-4cc3-8d68-35b34f960f72",
"name": "eb960402-bf75-4cc3-8d68-35b34f960f72",
"permissions": [
{
"actions": [
"Microsoft.DevCenter/projects/read",
"Microsoft.DevCenter/projects/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [
"Microsoft.DevCenter/projects/pools/read",
"Microsoft.DevCenter/projects/pools/schedules/read"
],
"dataActions": [
"Microsoft.DevCenter/projects/users/environments/adminRead/action",
"Microsoft.DevCenter/projects/users/environments/adminActionRead/action",
"Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action"
],
"notDataActions": []
}
],
"roleName": "Deployment Environments Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
部署环境用户
提供管理环境资源的访问权限。
操作 | 说明 |
---|---|
Microsoft.DevCenter/projects/read | 获取特定项目。 |
Microsoft.DevCenter/projects/*/read | |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.Authorization/*/read | 读取角色和角色分配 |
不操作 | |
Microsoft.DevCenter/projects/pools/read | 获取计算机池 |
Microsoft.DevCenter/projects/pools/schedules/read | 获取计划资源。 |
DataActions | |
Microsoft.DevCenter/projects/users/environments/userRead/action | 允许用户读取他们在项目中有权访问的环境。 |
Microsoft.DevCenter/projects/users/environments/userWrite/action | 允许用户编写他们在项目中有权访问的环境。 |
Microsoft.DevCenter/projects/users/environments/userDelete/action | 允许用户删除他们在项目中有权访问的环境。 |
Microsoft.DevCenter/projects/users/environments/userActionManage/action | 允许用户跳过、延迟等环境操作。 |
Microsoft.DevCenter/projects/users/environments/userOutputsRead/action | 允许用户从环境部署中读取输出值。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Provides access to manage environment resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/18e40d4e-8d2e-438d-97e1-9528336e149c",
"name": "18e40d4e-8d2e-438d-97e1-9528336e149c",
"permissions": [
{
"actions": [
"Microsoft.DevCenter/projects/read",
"Microsoft.DevCenter/projects/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Authorization/*/read"
],
"notActions": [
"Microsoft.DevCenter/projects/pools/read",
"Microsoft.DevCenter/projects/pools/schedules/read"
],
"dataActions": [
"Microsoft.DevCenter/projects/users/environments/userRead/action",
"Microsoft.DevCenter/projects/users/environments/userWrite/action",
"Microsoft.DevCenter/projects/users/environments/userDelete/action",
"Microsoft.DevCenter/projects/users/environments/userActionManage/action",
"Microsoft.DevCenter/projects/users/environments/userOutputsRead/action"
],
"notDataActions": []
}
],
"roleName": "Deployment Environments User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DevCenter 开发箱用户
提供创建和管理开发框的访问权限。
操作 | 说明 |
---|---|
Microsoft.DevCenter/projects/read | 获取特定项目。 |
Microsoft.DevCenter/projects/*/read | |
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
不操作 | |
无 | |
DataActions | |
Microsoft.DevCenter/projects/users/devboxes/userStop/action | 允许用户停止自己的 Dev Box 资源。 |
Microsoft.DevCenter/projects/users/devboxes/userStart/action | 允许用户启动自己的 Dev Box 资源。 |
Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action | 允许用户获取其自己的 Dev Box 资源的 RDP 连接信息。 |
Microsoft.DevCenter/projects/users/devboxes/userRead/action | 允许用户读取自己的 Dev Box 资源。 |
Microsoft.DevCenter/projects/users/devboxes/userWrite/action | 允许用户创建和更新自己的 Dev Box 资源。 |
Microsoft.DevCenter/projects/users/devboxes/userDelete/action | 允许用户删除自己的 Dev Box 资源。 |
Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionRead/action | 允许用户读取即将发生的操作。 |
Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionManage/action | 允许用户跳过或延迟即将发生的操作。 |
Microsoft.DevCenter/projects/users/devboxes/userActionRead/action | 允许用户读取开发框操作。 |
Microsoft.DevCenter/projects/users/devboxes/userActionManage/action | 允许用户跳过或延迟开发框操作。 |
Microsoft.DevCenter/projects/users/devboxes/userCustomize/action | 允许用户自定义自己的 Dev Box 资源。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Provides access to create and manage dev boxes.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/45d50f46-0b78-4001-a660-4198cbe8cd05",
"name": "45d50f46-0b78-4001-a660-4198cbe8cd05",
"permissions": [
{
"actions": [
"Microsoft.DevCenter/projects/read",
"Microsoft.DevCenter/projects/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.DevCenter/projects/users/devboxes/userStop/action",
"Microsoft.DevCenter/projects/users/devboxes/userStart/action",
"Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action",
"Microsoft.DevCenter/projects/users/devboxes/userRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userWrite/action",
"Microsoft.DevCenter/projects/users/devboxes/userDelete/action",
"Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionManage/action",
"Microsoft.DevCenter/projects/users/devboxes/userActionRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userActionManage/action",
"Microsoft.DevCenter/projects/users/devboxes/userCustomize/action"
],
"notDataActions": []
}
],
"roleName": "DevCenter Dev Box User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
开发人员中心项目管理员
提供管理项目资源的访问权限。
操作 | 说明 |
---|---|
Microsoft.DevCenter/projects/* | |
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
不操作 | |
Microsoft.DevCenter/projects/write | 部分更新项目。 |
Microsoft.DevCenter/projects/delete | 删除项目资源。 |
DataActions | |
Microsoft.DevCenter/projects/users/devboxes/adminStart/action | 允许用户启动任何 Dev Box 资源。 |
Microsoft.DevCenter/projects/users/devboxes/adminStop/action | 允许用户停止任何 Dev Box 资源。 |
Microsoft.DevCenter/projects/users/devboxes/adminRead/action | 允许用户读取对任何 Dev Box 资源的访问权限。 |
Microsoft.DevCenter/projects/users/devboxes/adminWrite/action | 允许用户写入对任何 Dev Box 资源的访问权限。 |
Microsoft.DevCenter/projects/users/devboxes/adminDelete/action | 允许用户删除任何 Dev Box 资源。 |
Microsoft.DevCenter/projects/users/devboxes/userStop/action | 允许用户停止自己的 Dev Box 资源。 |
Microsoft.DevCenter/projects/users/devboxes/userStart/action | 允许用户启动自己的 Dev Box 资源。 |
Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action | 允许用户获取其自己的 Dev Box 资源的 RDP 连接信息。 |
Microsoft.DevCenter/projects/users/devboxes/userRead/action | 允许用户读取自己的 Dev Box 资源。 |
Microsoft.DevCenter/projects/users/devboxes/userWrite/action | 允许用户创建和更新自己的 Dev Box 资源。 |
Microsoft.DevCenter/projects/users/devboxes/userDelete/action | 允许用户删除自己的 Dev Box 资源。 |
Microsoft.DevCenter/projects/users/devboxes/userActionRead/action | 允许用户读取开发框操作。 |
Microsoft.DevCenter/projects/users/devboxes/userActionManage/action | 允许用户跳过或延迟开发框操作。 |
Microsoft.DevCenter/projects/users/devboxes/userCustomize/action | 允许用户自定义自己的 Dev Box 资源。 |
Microsoft.DevCenter/projects/users/environments/adminRead/action | 允许项目管理员读取项目中的所有环境。 |
Microsoft.DevCenter/projects/users/environments/userWrite/action | 允许用户编写他们在项目中有权访问的环境。 |
Microsoft.DevCenter/projects/users/environments/adminWrite/action | 允许项目管理员在项目中写入所有环境。 |
Microsoft.DevCenter/projects/users/environments/userDelete/action | 允许用户删除他们在项目中有权访问的环境。 |
Microsoft.DevCenter/projects/users/environments/adminDelete/action | 允许项目管理员删除项目中的所有环境。 |
Microsoft.DevCenter/projects/users/environments/adminAction/action | 允许项目管理员对项目中的所有环境执行操作。 |
Microsoft.DevCenter/projects/users/environments/adminActionRead/action | 允许管理员读取环境操作。 |
Microsoft.DevCenter/projects/users/environments/adminActionManage/action | 允许管理员跳过、延迟等环境操作。 |
Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action | 允许管理员从环境部署中读取输出值。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Provides access to manage project resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/331c37c6-af14-46d9-b9f4-e1909e1b95a0",
"name": "331c37c6-af14-46d9-b9f4-e1909e1b95a0",
"permissions": [
{
"actions": [
"Microsoft.DevCenter/projects/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [
"Microsoft.DevCenter/projects/write",
"Microsoft.DevCenter/projects/delete"
],
"dataActions": [
"Microsoft.DevCenter/projects/users/devboxes/adminStart/action",
"Microsoft.DevCenter/projects/users/devboxes/adminStop/action",
"Microsoft.DevCenter/projects/users/devboxes/adminRead/action",
"Microsoft.DevCenter/projects/users/devboxes/adminWrite/action",
"Microsoft.DevCenter/projects/users/devboxes/adminDelete/action",
"Microsoft.DevCenter/projects/users/devboxes/userStop/action",
"Microsoft.DevCenter/projects/users/devboxes/userStart/action",
"Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action",
"Microsoft.DevCenter/projects/users/devboxes/userRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userWrite/action",
"Microsoft.DevCenter/projects/users/devboxes/userDelete/action",
"Microsoft.DevCenter/projects/users/devboxes/userActionRead/action",
"Microsoft.DevCenter/projects/users/devboxes/userActionManage/action",
"Microsoft.DevCenter/projects/users/devboxes/userCustomize/action",
"Microsoft.DevCenter/projects/users/environments/adminRead/action",
"Microsoft.DevCenter/projects/users/environments/userWrite/action",
"Microsoft.DevCenter/projects/users/environments/adminWrite/action",
"Microsoft.DevCenter/projects/users/environments/userDelete/action",
"Microsoft.DevCenter/projects/users/environments/adminDelete/action",
"Microsoft.DevCenter/projects/users/environments/adminAction/action",
"Microsoft.DevCenter/projects/users/environments/adminActionRead/action",
"Microsoft.DevCenter/projects/users/environments/adminActionManage/action",
"Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action"
],
"notDataActions": []
}
],
"roleName": "DevCenter Project Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DevTest 实验室用户
允许连接、启动、重启和关闭 Azure 开发测试实验室中的虚拟机。
操作 | 说明 |
---|---|
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Compute/availabilitySets/read | 获取可用性集的属性 |
Microsoft.Compute/virtualMachines/*/read | 读取虚拟机属性(VM 大小、运行时状态、VM 扩展等) |
Microsoft.Compute/virtualMachines/deallocate/action | 关闭虚拟机并释放计算资源 |
Microsoft.Compute/virtualMachines/read | 获取虚拟机的属性 |
Microsoft.Compute/virtualMachines/restart/action | 重新启动虚拟机 |
Microsoft.Compute/virtualMachines/start/action | 启动虚拟机 |
Microsoft.DevTestLab/*/read | 读取实验室属性 |
Microsoft.DevTestLab/labs/claimAnyVm/action | 在实验室中声明随机可声明的虚拟机。 |
Microsoft.DevTestLab/labs/createEnvironment/action | 在实验室中创建虚拟机。 |
Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action | 确保当前用户在实验室中存在有效的配置文件。 |
Microsoft.DevTestLab/labs/formulas/delete | 删除公式。 |
Microsoft.DevTestLab/labs/formulas/read | 读取公式。 |
Microsoft.DevTestLab/labs/formulas/write | 添加或修改公式。 |
Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action | 评估实验室策略。 |
Microsoft.DevTestLab/labs/virtualMachines/claim/action | 获得现有虚拟机的所有权 |
Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action | 列出适用的启动/停止计划(如果有)。 |
Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action | 获取一个字符串,该字符串表示虚拟机的 RDP 文件内容 |
Microsoft.Network/loadBalancers/backendAddressPools/join/action | 加入负载均衡器后端地址池。 不可发出警报。 |
Microsoft.Network/loadBalancers/inboundNatRules/join/action | 加入负载均衡器入站 NAT 规则。 不可发出警报。 |
Microsoft.Network/networkInterfaces/*/read | 读取网络接口(例如,此网络接口所属的所有负载均衡器)的属性 |
Microsoft.Network/networkInterfaces/join/action | 将虚拟机加入到网络接口。 不可发出警报。 |
Microsoft.Network/networkInterfaces/read | 获取网络接口定义。 |
Microsoft.Network/networkInterfaces/write | 创建网络接口,或更新现有的网络接口。 |
Microsoft.Network/publicIPAddresses/*/read | 读取公共 IP 地址的属性 |
Microsoft.Network/publicIPAddresses/join/action | 加入公共 IP 地址。 不可发出警报。 |
Microsoft.Network/publicIPAddresses/read | 获取公共 IP 地址定义。 |
Microsoft.Network/virtualNetworks/subnets/join/action | 加入虚拟网络。 不可发出警报。 |
Microsoft.Resources/deployments/operations/read | 获取或列出部署操作。 |
Microsoft.Resources/deployments/read | 获取或列出部署。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.Storage/storageAccounts/listKeys/action | 返回指定存储帐户的访问密钥。 |
不操作 | |
Microsoft.Compute/virtualMachines/vmSizes/read | 列出可将虚拟机更新到的大小 |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64",
"name": "76283e04-6283-4c54-8f91-bcf1374a3c64",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.Compute/virtualMachines/deallocate/action",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/restart/action",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.DevTestLab/*/read",
"Microsoft.DevTestLab/labs/claimAnyVm/action",
"Microsoft.DevTestLab/labs/createEnvironment/action",
"Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action",
"Microsoft.DevTestLab/labs/formulas/delete",
"Microsoft.DevTestLab/labs/formulas/read",
"Microsoft.DevTestLab/labs/formulas/write",
"Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action",
"Microsoft.DevTestLab/labs/virtualMachines/claim/action",
"Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action",
"Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/networkInterfaces/*/read",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/publicIPAddresses/*/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/listKeys/action"
],
"notActions": [
"Microsoft.Compute/virtualMachines/vmSizes/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DevTest Labs User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
实验室助理
允许查看现有实验室、在实验室 VM 上执行操作,以及向实验室发送邀请。
操作 | 说明 |
---|---|
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
Microsoft.LabServices/labPlans/images/read | 获取映像的属性。 |
Microsoft.LabServices/labPlans/read | 获取实验室计划的属性。 |
Microsoft.LabServices/labs/read | 获取实验室的属性。 |
Microsoft.LabServices/labs/schedules/read | 获取计划的属性。 |
Microsoft.LabServices/labs/users/read | 获取用户的属性。 |
Microsoft.LabServices/labs/users/invite/action | 向用户发送电子邮件以邀请其加入实验室。 |
Microsoft.LabServices/labs/virtualMachines/read | 获取虚拟机的属性。 |
Microsoft.LabServices/labs/virtualMachines/start/action | 启动虚拟机。 |
Microsoft.LabServices/labs/virtualMachines/stop/action | 停止和释放虚拟机。 |
Microsoft.LabServices/labs/virtualMachines/reimage/action | 将虚拟机重新映像到上次发布的映像。 |
Microsoft.LabServices/labs/virtualMachines/redeploy/action | 将虚拟机重新部署到其他计算节点。 |
Microsoft.LabServices/locations/usages/read | 获取位置中的使用情况 |
Microsoft.LabServices/skus/read | 获取实验室服务 SKU 的属性。 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "The lab assistant role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ce40b423-cede-4313-a93f-9b28290b72e1",
"name": "ce40b423-cede-4313-a93f-9b28290b72e1",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/users/invite/action",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/labs/virtualMachines/start/action",
"Microsoft.LabServices/labs/virtualMachines/stop/action",
"Microsoft.LabServices/labs/virtualMachines/reimage/action",
"Microsoft.LabServices/labs/virtualMachines/redeploy/action",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Lab Assistant",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
实验室参与者
适用于实验室级别,允许管理实验室。 适用于资源组,允许创建和管理实验室。
操作 | 说明 |
---|---|
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
Microsoft.LabServices/labPlans/images/read | 获取映像的属性。 |
Microsoft.LabServices/labPlans/read | 获取实验室计划的属性。 |
Microsoft.LabServices/labPlans/saveImage/action | 从附加到实验室计划的库中的虚拟机创建映像。 |
Microsoft.LabServices/labs/read | 获取实验室的属性。 |
Microsoft.LabServices/labs/write | 新建实验室或更新现有的实验室。 |
Microsoft.LabServices/labs/delete | 删除实验室及其所有用户、计划和虚拟机。 |
Microsoft.LabServices/labs/publish/action | 通过将模板虚拟机的映像传播到实验室中的所有虚拟机来发布实验室。 |
Microsoft.LabServices/labs/syncGroup/action | 更新分配到实验室的 Active Directory 组中用户的列表。 |
Microsoft.LabServices/labs/schedules/read | 获取计划的属性。 |
Microsoft.LabServices/labs/schedules/write | 新建计划或更新现有的计划。 |
Microsoft.LabServices/labs/schedules/delete | 删除计划。 |
Microsoft.LabServices/labs/users/read | 获取用户的属性。 |
Microsoft.LabServices/labs/users/write | 新建用户或更新现有的用户。 |
Microsoft.LabServices/labs/users/delete | 删除用户。 |
Microsoft.LabServices/labs/users/invite/action | 向用户发送电子邮件以邀请其加入实验室。 |
Microsoft.LabServices/labs/virtualMachines/read | 获取虚拟机的属性。 |
Microsoft.LabServices/labs/virtualMachines/start/action | 启动虚拟机。 |
Microsoft.LabServices/labs/virtualMachines/stop/action | 停止和释放虚拟机。 |
Microsoft.LabServices/labs/virtualMachines/reimage/action | 将虚拟机重新映像到上次发布的映像。 |
Microsoft.LabServices/labs/virtualMachines/redeploy/action | 将虚拟机重新部署到其他计算节点。 |
Microsoft.LabServices/labs/virtualMachines/resetPassword/action | 重置虚拟机上本地用户的密码。 |
Microsoft.LabServices/locations/usages/read | 获取位置中的使用情况 |
Microsoft.LabServices/skus/read | 获取实验室服务 SKU 的属性。 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
不操作 | |
无 | |
DataActions | |
Microsoft.LabServices/labPlans/createLab/action | 从实验室计划创建新实验室。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "The lab contributor role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5daaa2af-1fe8-407c-9122-bba179798270",
"name": "5daaa2af-1fe8-407c-9122-bba179798270",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labPlans/saveImage/action",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/write",
"Microsoft.LabServices/labs/delete",
"Microsoft.LabServices/labs/publish/action",
"Microsoft.LabServices/labs/syncGroup/action",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/schedules/write",
"Microsoft.LabServices/labs/schedules/delete",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/users/write",
"Microsoft.LabServices/labs/users/delete",
"Microsoft.LabServices/labs/users/invite/action",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/labs/virtualMachines/start/action",
"Microsoft.LabServices/labs/virtualMachines/stop/action",
"Microsoft.LabServices/labs/virtualMachines/reimage/action",
"Microsoft.LabServices/labs/virtualMachines/redeploy/action",
"Microsoft.LabServices/labs/virtualMachines/resetPassword/action",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.LabServices/labPlans/createLab/action"
],
"notDataActions": []
}
],
"roleName": "Lab Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
实验室创建者
允许在 Azure 实验室帐户下新建实验室。
操作 | 说明 |
---|---|
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.LabServices/labAccounts/*/read | |
Microsoft.LabServices/labAccounts/createLab/action | 在实验室帐户中创建实验室。 |
Microsoft.LabServices/labAccounts/getPricingAndAvailability/action | 获取实验室帐户的大小、地理位置和操作系统组合的定价与可用性。 |
Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action | 获取此订阅的核心限制和用量 |
Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
Microsoft.LabServices/labPlans/images/read | 获取映像的属性。 |
Microsoft.LabServices/labPlans/read | 获取实验室计划的属性。 |
Microsoft.LabServices/labPlans/saveImage/action | 从附加到实验室计划的库中的虚拟机创建映像。 |
Microsoft.LabServices/labs/read | 获取实验室的属性。 |
Microsoft.LabServices/labs/schedules/read | 获取计划的属性。 |
Microsoft.LabServices/labs/users/read | 获取用户的属性。 |
Microsoft.LabServices/labs/virtualMachines/read | 获取虚拟机的属性。 |
Microsoft.LabServices/locations/usages/read | 获取位置中的使用情况 |
Microsoft.LabServices/skus/read | 获取实验室服务 SKU 的属性。 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.Support/* | 创建和更新支持票证 |
不操作 | |
无 | |
DataActions | |
Microsoft.LabServices/labPlans/createLab/action | 从实验室计划创建新实验室。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you create new labs under your Azure Lab Accounts.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
"name": "b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.LabServices/labAccounts/*/read",
"Microsoft.LabServices/labAccounts/createLab/action",
"Microsoft.LabServices/labAccounts/getPricingAndAvailability/action",
"Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labPlans/saveImage/action",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [
"Microsoft.LabServices/labPlans/createLab/action"
],
"notDataActions": []
}
],
"roleName": "Lab Creator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
实验室操作员
允许有限地管理现有实验室。
操作 | 说明 |
---|---|
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
Microsoft.LabServices/labPlans/images/read | 获取映像的属性。 |
Microsoft.LabServices/labPlans/read | 获取实验室计划的属性。 |
Microsoft.LabServices/labPlans/saveImage/action | 从附加到实验室计划的库中的虚拟机创建映像。 |
Microsoft.LabServices/labs/publish/action | 通过将模板虚拟机的映像传播到实验室中的所有虚拟机来发布实验室。 |
Microsoft.LabServices/labs/read | 获取实验室的属性。 |
Microsoft.LabServices/labs/schedules/read | 获取计划的属性。 |
Microsoft.LabServices/labs/schedules/write | 新建计划或更新现有的计划。 |
Microsoft.LabServices/labs/schedules/delete | 删除计划。 |
Microsoft.LabServices/labs/users/read | 获取用户的属性。 |
Microsoft.LabServices/labs/users/write | 新建用户或更新现有的用户。 |
Microsoft.LabServices/labs/users/delete | 删除用户。 |
Microsoft.LabServices/labs/users/invite/action | 向用户发送电子邮件以邀请其加入实验室。 |
Microsoft.LabServices/labs/virtualMachines/read | 获取虚拟机的属性。 |
Microsoft.LabServices/labs/virtualMachines/start/action | 启动虚拟机。 |
Microsoft.LabServices/labs/virtualMachines/stop/action | 停止和释放虚拟机。 |
Microsoft.LabServices/labs/virtualMachines/reimage/action | 将虚拟机重新映像到上次发布的映像。 |
Microsoft.LabServices/labs/virtualMachines/redeploy/action | 将虚拟机重新部署到其他计算节点。 |
Microsoft.LabServices/labs/virtualMachines/resetPassword/action | 重置虚拟机上本地用户的密码。 |
Microsoft.LabServices/locations/usages/read | 获取位置中的使用情况 |
Microsoft.LabServices/skus/read | 获取实验室服务 SKU 的属性。 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "The lab operator role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a36e6959-b6be-4b12-8e9f-ef4b474d304d",
"name": "a36e6959-b6be-4b12-8e9f-ef4b474d304d",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.LabServices/labPlans/images/read",
"Microsoft.LabServices/labPlans/read",
"Microsoft.LabServices/labPlans/saveImage/action",
"Microsoft.LabServices/labs/publish/action",
"Microsoft.LabServices/labs/read",
"Microsoft.LabServices/labs/schedules/read",
"Microsoft.LabServices/labs/schedules/write",
"Microsoft.LabServices/labs/schedules/delete",
"Microsoft.LabServices/labs/users/read",
"Microsoft.LabServices/labs/users/write",
"Microsoft.LabServices/labs/users/delete",
"Microsoft.LabServices/labs/users/invite/action",
"Microsoft.LabServices/labs/virtualMachines/read",
"Microsoft.LabServices/labs/virtualMachines/start/action",
"Microsoft.LabServices/labs/virtualMachines/stop/action",
"Microsoft.LabServices/labs/virtualMachines/reimage/action",
"Microsoft.LabServices/labs/virtualMachines/redeploy/action",
"Microsoft.LabServices/labs/virtualMachines/resetPassword/action",
"Microsoft.LabServices/locations/usages/read",
"Microsoft.LabServices/skus/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Lab Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
实验室服务参与者
允许完全控制资源组中的所有实验室服务方案。
操作 | 说明 |
---|---|
Microsoft.LabServices/* | 创建和管理实验室服务组件 |
Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
不操作 | |
无 | |
DataActions | |
Microsoft.LabServices/labPlans/createLab/action | 从实验室计划创建新实验室。 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "The lab services contributor role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f69b8690-cc87-41d6-b77a-a4bc3c0a966f",
"name": "f69b8690-cc87-41d6-b77a-a4bc3c0a966f",
"permissions": [
{
"actions": [
"Microsoft.LabServices/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.LabServices/labPlans/createLab/action"
],
"notDataActions": []
}
],
"roleName": "Lab Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
实验室服务读取者
允许查看所有实验室计划和实验室资源,但不允许更改。
操作 | 说明 |
---|---|
Microsoft.LabServices/*/read | 读取实验室服务属性 |
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "The lab services reader role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc",
"name": "2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc",
"permissions": [
{
"actions": [
"Microsoft.LabServices/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Lab Services Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
负载测试参与者
查看、创建、更新、删除和执行负载测试。 查看并列出负载测试资源,但不能进行任何更改。
操作 | 说明 |
---|---|
Microsoft.LoadTestService/*/read | 读取负载测试资源 |
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
不操作 | |
无 | |
DataActions | |
Microsoft.LoadTestService/loadtests/* | 创建和管理负载测试 |
Microsoft.LoadTestService/testProfiles/* | |
Microsoft.LoadTestService/testProfileRuns/* | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "View, create, update, delete and execute load tests. View and list load test resources but can not make any changes.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/749a398d-560b-491b-bb21-08924219302e",
"name": "749a398d-560b-491b-bb21-08924219302e",
"permissions": [
{
"actions": [
"Microsoft.LoadTestService/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.LoadTestService/loadtests/*",
"Microsoft.LoadTestService/testProfiles/*",
"Microsoft.LoadTestService/testProfileRuns/*"
],
"notDataActions": []
}
],
"roleName": "Load Test Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
负载测试所有者
对负载测试资源和负载测试执行所有操作
操作 | 说明 |
---|---|
Microsoft.LoadTestService/* | 创建和管理负载测试资源 |
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
不操作 | |
无 | |
DataActions | |
Microsoft.LoadTestService/* | 创建和管理负载测试资源 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Execute all operations on load test resources and load tests",
"id": "/providers/Microsoft.Authorization/roleDefinitions/45bb0b16-2f0c-4e78-afaa-a07599b003f6",
"name": "45bb0b16-2f0c-4e78-afaa-a07599b003f6",
"permissions": [
{
"actions": [
"Microsoft.LoadTestService/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.LoadTestService/*"
],
"notDataActions": []
}
],
"roleName": "Load Test Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
负载测试读取者
查看并列出所有负载测试和负载测试资源,但不能进行任何更改
操作 | 说明 |
---|---|
Microsoft.LoadTestService/*/read | 读取负载测试资源 |
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.Insights/alertRules/* | 创建和管理经典指标警报 |
不操作 | |
无 | |
DataActions | |
Microsoft.LoadTestService/loadtests/readTest/action | 读取负载测试 |
Microsoft.LoadTestService/testProfiles/read | 读取测试配置文件 |
Microsoft.LoadTestService/testProfileRuns/read | 读取测试配置文件运行 |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "View and list all load tests and load test resources but can not make any changes",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3ae3fb29-0000-4ccd-bf80-542e7b26e081",
"name": "3ae3fb29-0000-4ccd-bf80-542e7b26e081",
"permissions": [
{
"actions": [
"Microsoft.LoadTestService/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*"
],
"notActions": [],
"dataActions": [
"Microsoft.LoadTestService/loadtests/readTest/action",
"Microsoft.LoadTestService/testProfiles/read",
"Microsoft.LoadTestService/testProfileRuns/read"
],
"notDataActions": []
}
],
"roleName": "Load Test Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}