你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

DevOps 的 Azure 内置角色

本文列出了 DevOps 类别中的 Azure 内置角色。

部署环境读取者

提供对环境资源的读取访问权限。

了解详细信息

操作 说明
Microsoft.DevCenter/projects/read 获取特定项目。
Microsoft.DevCenter/projects/*/read
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
不操作
Microsoft.DevCenter/projects/pools/read 获取计算机池
Microsoft.DevCenter/projects/pools/schedules/read 获取计划资源。
DataActions
Microsoft.DevCenter/projects/users/environments/adminRead/action 允许项目管理员读取项目中的所有环境。
Microsoft.DevCenter/projects/users/environments/adminActionRead/action 允许管理员读取环境操作。
Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action 允许管理员从环境部署中读取输出值。
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides read access to environment resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/eb960402-bf75-4cc3-8d68-35b34f960f72",
  "name": "eb960402-bf75-4cc3-8d68-35b34f960f72",
  "permissions": [
    {
      "actions": [
        "Microsoft.DevCenter/projects/read",
        "Microsoft.DevCenter/projects/*/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [
        "Microsoft.DevCenter/projects/pools/read",
        "Microsoft.DevCenter/projects/pools/schedules/read"
      ],
      "dataActions": [
        "Microsoft.DevCenter/projects/users/environments/adminRead/action",
        "Microsoft.DevCenter/projects/users/environments/adminActionRead/action",
        "Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Deployment Environments Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

部署环境用户

提供管理环境资源的访问权限。

了解详细信息

操作 说明
Microsoft.DevCenter/projects/read 获取特定项目。
Microsoft.DevCenter/projects/*/read
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
Microsoft.Authorization/*/read 读取角色和角色分配
不操作
Microsoft.DevCenter/projects/pools/read 获取计算机池
Microsoft.DevCenter/projects/pools/schedules/read 获取计划资源。
DataActions
Microsoft.DevCenter/projects/users/environments/userRead/action 允许用户读取他们在项目中有权访问的环境。
Microsoft.DevCenter/projects/users/environments/userWrite/action 允许用户编写他们在项目中有权访问的环境。
Microsoft.DevCenter/projects/users/environments/userDelete/action 允许用户删除他们在项目中有权访问的环境。
Microsoft.DevCenter/projects/users/environments/userActionManage/action 允许用户跳过、延迟等环境操作。
Microsoft.DevCenter/projects/users/environments/userOutputsRead/action 允许用户从环境部署中读取输出值。
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides access to manage environment resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/18e40d4e-8d2e-438d-97e1-9528336e149c",
  "name": "18e40d4e-8d2e-438d-97e1-9528336e149c",
  "permissions": [
    {
      "actions": [
        "Microsoft.DevCenter/projects/read",
        "Microsoft.DevCenter/projects/*/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [
        "Microsoft.DevCenter/projects/pools/read",
        "Microsoft.DevCenter/projects/pools/schedules/read"
      ],
      "dataActions": [
        "Microsoft.DevCenter/projects/users/environments/userRead/action",
        "Microsoft.DevCenter/projects/users/environments/userWrite/action",
        "Microsoft.DevCenter/projects/users/environments/userDelete/action",
        "Microsoft.DevCenter/projects/users/environments/userActionManage/action",
        "Microsoft.DevCenter/projects/users/environments/userOutputsRead/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Deployment Environments User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DevCenter 开发箱用户

提供创建和管理开发框的访问权限。

了解详细信息

操作 说明
Microsoft.DevCenter/projects/read 获取特定项目。
Microsoft.DevCenter/projects/*/read
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
不操作
DataActions
Microsoft.DevCenter/projects/users/devboxes/userStop/action 允许用户停止自己的 Dev Box 资源。
Microsoft.DevCenter/projects/users/devboxes/userStart/action 允许用户启动自己的 Dev Box 资源。
Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action 允许用户获取其自己的 Dev Box 资源的 RDP 连接信息。
Microsoft.DevCenter/projects/users/devboxes/userRead/action 允许用户读取自己的 Dev Box 资源。
Microsoft.DevCenter/projects/users/devboxes/userWrite/action 允许用户创建和更新自己的 Dev Box 资源。
Microsoft.DevCenter/projects/users/devboxes/userDelete/action 允许用户删除自己的 Dev Box 资源。
Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionRead/action 允许用户读取即将发生的操作。
Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionManage/action 允许用户跳过或延迟即将发生的操作。
Microsoft.DevCenter/projects/users/devboxes/userActionRead/action 允许用户读取开发框操作。
Microsoft.DevCenter/projects/users/devboxes/userActionManage/action 允许用户跳过或延迟开发框操作。
Microsoft.DevCenter/projects/users/devboxes/userCustomize/action 允许用户自定义自己的 Dev Box 资源。
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides access to create and manage dev boxes.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/45d50f46-0b78-4001-a660-4198cbe8cd05",
  "name": "45d50f46-0b78-4001-a660-4198cbe8cd05",
  "permissions": [
    {
      "actions": [
        "Microsoft.DevCenter/projects/read",
        "Microsoft.DevCenter/projects/*/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.DevCenter/projects/users/devboxes/userStop/action",
        "Microsoft.DevCenter/projects/users/devboxes/userStart/action",
        "Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action",
        "Microsoft.DevCenter/projects/users/devboxes/userRead/action",
        "Microsoft.DevCenter/projects/users/devboxes/userWrite/action",
        "Microsoft.DevCenter/projects/users/devboxes/userDelete/action",
        "Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionRead/action",
        "Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionManage/action",
        "Microsoft.DevCenter/projects/users/devboxes/userActionRead/action",
        "Microsoft.DevCenter/projects/users/devboxes/userActionManage/action",
        "Microsoft.DevCenter/projects/users/devboxes/userCustomize/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "DevCenter Dev Box User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

开发人员中心项目管理员

提供管理项目资源的访问权限。

了解详细信息

操作 说明
Microsoft.DevCenter/projects/*
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
不操作
Microsoft.DevCenter/projects/write 部分更新项目。
Microsoft.DevCenter/projects/delete 删除项目资源。
DataActions
Microsoft.DevCenter/projects/users/devboxes/adminStart/action 允许用户启动任何 Dev Box 资源。
Microsoft.DevCenter/projects/users/devboxes/adminStop/action 允许用户停止任何 Dev Box 资源。
Microsoft.DevCenter/projects/users/devboxes/adminRead/action 允许用户读取对任何 Dev Box 资源的访问权限。
Microsoft.DevCenter/projects/users/devboxes/adminWrite/action 允许用户写入对任何 Dev Box 资源的访问权限。
Microsoft.DevCenter/projects/users/devboxes/adminDelete/action 允许用户删除任何 Dev Box 资源。
Microsoft.DevCenter/projects/users/devboxes/userStop/action 允许用户停止自己的 Dev Box 资源。
Microsoft.DevCenter/projects/users/devboxes/userStart/action 允许用户启动自己的 Dev Box 资源。
Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action 允许用户获取其自己的 Dev Box 资源的 RDP 连接信息。
Microsoft.DevCenter/projects/users/devboxes/userRead/action 允许用户读取自己的 Dev Box 资源。
Microsoft.DevCenter/projects/users/devboxes/userWrite/action 允许用户创建和更新自己的 Dev Box 资源。
Microsoft.DevCenter/projects/users/devboxes/userDelete/action 允许用户删除自己的 Dev Box 资源。
Microsoft.DevCenter/projects/users/devboxes/userActionRead/action 允许用户读取开发框操作。
Microsoft.DevCenter/projects/users/devboxes/userActionManage/action 允许用户跳过或延迟开发框操作。
Microsoft.DevCenter/projects/users/devboxes/userCustomize/action 允许用户自定义自己的 Dev Box 资源。
Microsoft.DevCenter/projects/users/environments/adminRead/action 允许项目管理员读取项目中的所有环境。
Microsoft.DevCenter/projects/users/environments/userWrite/action 允许用户编写他们在项目中有权访问的环境。
Microsoft.DevCenter/projects/users/environments/adminWrite/action 允许项目管理员在项目中写入所有环境。
Microsoft.DevCenter/projects/users/environments/userDelete/action 允许用户删除他们在项目中有权访问的环境。
Microsoft.DevCenter/projects/users/environments/adminDelete/action 允许项目管理员删除项目中的所有环境。
Microsoft.DevCenter/projects/users/environments/adminAction/action 允许项目管理员对项目中的所有环境执行操作。
Microsoft.DevCenter/projects/users/environments/adminActionRead/action 允许管理员读取环境操作。
Microsoft.DevCenter/projects/users/environments/adminActionManage/action 允许管理员跳过、延迟等环境操作。
Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action 允许管理员从环境部署中读取输出值。
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides access to manage project resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/331c37c6-af14-46d9-b9f4-e1909e1b95a0",
  "name": "331c37c6-af14-46d9-b9f4-e1909e1b95a0",
  "permissions": [
    {
      "actions": [
        "Microsoft.DevCenter/projects/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [
        "Microsoft.DevCenter/projects/write",
        "Microsoft.DevCenter/projects/delete"
      ],
      "dataActions": [
        "Microsoft.DevCenter/projects/users/devboxes/adminStart/action",
        "Microsoft.DevCenter/projects/users/devboxes/adminStop/action",
        "Microsoft.DevCenter/projects/users/devboxes/adminRead/action",
        "Microsoft.DevCenter/projects/users/devboxes/adminWrite/action",
        "Microsoft.DevCenter/projects/users/devboxes/adminDelete/action",
        "Microsoft.DevCenter/projects/users/devboxes/userStop/action",
        "Microsoft.DevCenter/projects/users/devboxes/userStart/action",
        "Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action",
        "Microsoft.DevCenter/projects/users/devboxes/userRead/action",
        "Microsoft.DevCenter/projects/users/devboxes/userWrite/action",
        "Microsoft.DevCenter/projects/users/devboxes/userDelete/action",
        "Microsoft.DevCenter/projects/users/devboxes/userActionRead/action",
        "Microsoft.DevCenter/projects/users/devboxes/userActionManage/action",
        "Microsoft.DevCenter/projects/users/devboxes/userCustomize/action",
        "Microsoft.DevCenter/projects/users/environments/adminRead/action",
        "Microsoft.DevCenter/projects/users/environments/userWrite/action",
        "Microsoft.DevCenter/projects/users/environments/adminWrite/action",
        "Microsoft.DevCenter/projects/users/environments/userDelete/action",
        "Microsoft.DevCenter/projects/users/environments/adminDelete/action",
        "Microsoft.DevCenter/projects/users/environments/adminAction/action",
        "Microsoft.DevCenter/projects/users/environments/adminActionRead/action",
        "Microsoft.DevCenter/projects/users/environments/adminActionManage/action",
        "Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "DevCenter Project Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DevTest 实验室用户

允许连接、启动、重启和关闭 Azure 开发测试实验室中的虚拟机。

了解详细信息

操作 说明
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Compute/availabilitySets/read 获取可用性集的属性
Microsoft.Compute/virtualMachines/*/read 读取虚拟机属性(VM 大小、运行时状态、VM 扩展等)
Microsoft.Compute/virtualMachines/deallocate/action 关闭虚拟机并释放计算资源
Microsoft.Compute/virtualMachines/read 获取虚拟机的属性
Microsoft.Compute/virtualMachines/restart/action 重新启动虚拟机
Microsoft.Compute/virtualMachines/start/action 启动虚拟机
Microsoft.DevTestLab/*/read 读取实验室属性
Microsoft.DevTestLab/labs/claimAnyVm/action 在实验室中声明随机可声明的虚拟机。
Microsoft.DevTestLab/labs/createEnvironment/action 在实验室中创建虚拟机。
Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action 确保当前用户在实验室中存在有效的配置文件。
Microsoft.DevTestLab/labs/formulas/delete 删除公式。
Microsoft.DevTestLab/labs/formulas/read 读取公式。
Microsoft.DevTestLab/labs/formulas/write 添加或修改公式。
Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action 评估实验室策略。
Microsoft.DevTestLab/labs/virtualMachines/claim/action 获得现有虚拟机的所有权
Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action 列出适用的启动/停止计划(如果有)。
Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action 获取一个字符串,该字符串表示虚拟机的 RDP 文件内容
Microsoft.Network/loadBalancers/backendAddressPools/join/action 加入负载均衡器后端地址池。 不可发出警报。
Microsoft.Network/loadBalancers/inboundNatRules/join/action 加入负载均衡器入站 NAT 规则。 不可发出警报。
Microsoft.Network/networkInterfaces/*/read 读取网络接口(例如,此网络接口所属的所有负载均衡器)的属性
Microsoft.Network/networkInterfaces/join/action 将虚拟机加入到网络接口。 不可发出警报。
Microsoft.Network/networkInterfaces/read 获取网络接口定义。
Microsoft.Network/networkInterfaces/write 创建网络接口,或更新现有的网络接口。
Microsoft.Network/publicIPAddresses/*/read 读取公共 IP 地址的属性
Microsoft.Network/publicIPAddresses/join/action 加入公共 IP 地址。 不可发出警报。
Microsoft.Network/publicIPAddresses/read 获取公共 IP 地址定义。
Microsoft.Network/virtualNetworks/subnets/join/action 加入虚拟网络。 不可发出警报。
Microsoft.Resources/deployments/operations/read 获取或列出部署操作。
Microsoft.Resources/deployments/read 获取或列出部署。
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
Microsoft.Storage/storageAccounts/listKeys/action 返回指定存储帐户的访问密钥。
不操作
Microsoft.Compute/virtualMachines/vmSizes/read 列出可将虚拟机更新到的大小
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64",
  "name": "76283e04-6283-4c54-8f91-bcf1374a3c64",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/availabilitySets/read",
        "Microsoft.Compute/virtualMachines/*/read",
        "Microsoft.Compute/virtualMachines/deallocate/action",
        "Microsoft.Compute/virtualMachines/read",
        "Microsoft.Compute/virtualMachines/restart/action",
        "Microsoft.Compute/virtualMachines/start/action",
        "Microsoft.DevTestLab/*/read",
        "Microsoft.DevTestLab/labs/claimAnyVm/action",
        "Microsoft.DevTestLab/labs/createEnvironment/action",
        "Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action",
        "Microsoft.DevTestLab/labs/formulas/delete",
        "Microsoft.DevTestLab/labs/formulas/read",
        "Microsoft.DevTestLab/labs/formulas/write",
        "Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action",
        "Microsoft.DevTestLab/labs/virtualMachines/claim/action",
        "Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action",
        "Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action",
        "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatRules/join/action",
        "Microsoft.Network/networkInterfaces/*/read",
        "Microsoft.Network/networkInterfaces/join/action",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/write",
        "Microsoft.Network/publicIPAddresses/*/read",
        "Microsoft.Network/publicIPAddresses/join/action",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/deployments/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/listKeys/action"
      ],
      "notActions": [
        "Microsoft.Compute/virtualMachines/vmSizes/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DevTest Labs User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

实验室助理

允许查看现有实验室、在实验室 VM 上执行操作,以及向实验室发送邀请。

了解详细信息

操作 说明
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Insights/alertRules/* 创建和管理经典指标警报
Microsoft.LabServices/labPlans/images/read 获取映像的属性。
Microsoft.LabServices/labPlans/read 获取实验室计划的属性。
Microsoft.LabServices/labs/read 获取实验室的属性。
Microsoft.LabServices/labs/schedules/read 获取计划的属性。
Microsoft.LabServices/labs/users/read 获取用户的属性。
Microsoft.LabServices/labs/users/invite/action 向用户发送电子邮件以邀请其加入实验室。
Microsoft.LabServices/labs/virtualMachines/read 获取虚拟机的属性。
Microsoft.LabServices/labs/virtualMachines/start/action 启动虚拟机。
Microsoft.LabServices/labs/virtualMachines/stop/action 停止和释放虚拟机。
Microsoft.LabServices/labs/virtualMachines/reimage/action 将虚拟机重新映像到上次发布的映像。
Microsoft.LabServices/labs/virtualMachines/redeploy/action 将虚拟机重新部署到其他计算节点。
Microsoft.LabServices/locations/usages/read 获取位置中的使用情况
Microsoft.LabServices/skus/read 获取实验室服务 SKU 的属性。
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "The lab assistant role",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/ce40b423-cede-4313-a93f-9b28290b72e1",
  "name": "ce40b423-cede-4313-a93f-9b28290b72e1",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.LabServices/labPlans/images/read",
        "Microsoft.LabServices/labPlans/read",
        "Microsoft.LabServices/labs/read",
        "Microsoft.LabServices/labs/schedules/read",
        "Microsoft.LabServices/labs/users/read",
        "Microsoft.LabServices/labs/users/invite/action",
        "Microsoft.LabServices/labs/virtualMachines/read",
        "Microsoft.LabServices/labs/virtualMachines/start/action",
        "Microsoft.LabServices/labs/virtualMachines/stop/action",
        "Microsoft.LabServices/labs/virtualMachines/reimage/action",
        "Microsoft.LabServices/labs/virtualMachines/redeploy/action",
        "Microsoft.LabServices/locations/usages/read",
        "Microsoft.LabServices/skus/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Lab Assistant",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

实验室参与者

适用于实验室级别,允许管理实验室。 适用于资源组,允许创建和管理实验室。

了解详细信息

操作 说明
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Insights/alertRules/* 创建和管理经典指标警报
Microsoft.LabServices/labPlans/images/read 获取映像的属性。
Microsoft.LabServices/labPlans/read 获取实验室计划的属性。
Microsoft.LabServices/labPlans/saveImage/action 从附加到实验室计划的库中的虚拟机创建映像。
Microsoft.LabServices/labs/read 获取实验室的属性。
Microsoft.LabServices/labs/write 新建实验室或更新现有的实验室。
Microsoft.LabServices/labs/delete 删除实验室及其所有用户、计划和虚拟机。
Microsoft.LabServices/labs/publish/action 通过将模板虚拟机的映像传播到实验室中的所有虚拟机来发布实验室。
Microsoft.LabServices/labs/syncGroup/action 更新分配到实验室的 Active Directory 组中用户的列表。
Microsoft.LabServices/labs/schedules/read 获取计划的属性。
Microsoft.LabServices/labs/schedules/write 新建计划或更新现有的计划。
Microsoft.LabServices/labs/schedules/delete 删除计划。
Microsoft.LabServices/labs/users/read 获取用户的属性。
Microsoft.LabServices/labs/users/write 新建用户或更新现有的用户。
Microsoft.LabServices/labs/users/delete 删除用户。
Microsoft.LabServices/labs/users/invite/action 向用户发送电子邮件以邀请其加入实验室。
Microsoft.LabServices/labs/virtualMachines/read 获取虚拟机的属性。
Microsoft.LabServices/labs/virtualMachines/start/action 启动虚拟机。
Microsoft.LabServices/labs/virtualMachines/stop/action 停止和释放虚拟机。
Microsoft.LabServices/labs/virtualMachines/reimage/action 将虚拟机重新映像到上次发布的映像。
Microsoft.LabServices/labs/virtualMachines/redeploy/action 将虚拟机重新部署到其他计算节点。
Microsoft.LabServices/labs/virtualMachines/resetPassword/action 重置虚拟机上本地用户的密码。
Microsoft.LabServices/locations/usages/read 获取位置中的使用情况
Microsoft.LabServices/skus/read 获取实验室服务 SKU 的属性。
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
不操作
DataActions
Microsoft.LabServices/labPlans/createLab/action 从实验室计划创建新实验室。
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "The lab contributor role",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/5daaa2af-1fe8-407c-9122-bba179798270",
  "name": "5daaa2af-1fe8-407c-9122-bba179798270",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.LabServices/labPlans/images/read",
        "Microsoft.LabServices/labPlans/read",
        "Microsoft.LabServices/labPlans/saveImage/action",
        "Microsoft.LabServices/labs/read",
        "Microsoft.LabServices/labs/write",
        "Microsoft.LabServices/labs/delete",
        "Microsoft.LabServices/labs/publish/action",
        "Microsoft.LabServices/labs/syncGroup/action",
        "Microsoft.LabServices/labs/schedules/read",
        "Microsoft.LabServices/labs/schedules/write",
        "Microsoft.LabServices/labs/schedules/delete",
        "Microsoft.LabServices/labs/users/read",
        "Microsoft.LabServices/labs/users/write",
        "Microsoft.LabServices/labs/users/delete",
        "Microsoft.LabServices/labs/users/invite/action",
        "Microsoft.LabServices/labs/virtualMachines/read",
        "Microsoft.LabServices/labs/virtualMachines/start/action",
        "Microsoft.LabServices/labs/virtualMachines/stop/action",
        "Microsoft.LabServices/labs/virtualMachines/reimage/action",
        "Microsoft.LabServices/labs/virtualMachines/redeploy/action",
        "Microsoft.LabServices/labs/virtualMachines/resetPassword/action",
        "Microsoft.LabServices/locations/usages/read",
        "Microsoft.LabServices/skus/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.LabServices/labPlans/createLab/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Lab Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

实验室创建者

允许在 Azure 实验室帐户下新建实验室。

了解详细信息

操作 说明
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.LabServices/labAccounts/*/read
Microsoft.LabServices/labAccounts/createLab/action 在实验室帐户中创建实验室。
Microsoft.LabServices/labAccounts/getPricingAndAvailability/action 获取实验室帐户的大小、地理位置和操作系统组合的定价与可用性。
Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action 获取此订阅的核心限制和用量
Microsoft.Insights/alertRules/* 创建和管理经典指标警报
Microsoft.LabServices/labPlans/images/read 获取映像的属性。
Microsoft.LabServices/labPlans/read 获取实验室计划的属性。
Microsoft.LabServices/labPlans/saveImage/action 从附加到实验室计划的库中的虚拟机创建映像。
Microsoft.LabServices/labs/read 获取实验室的属性。
Microsoft.LabServices/labs/schedules/read 获取计划的属性。
Microsoft.LabServices/labs/users/read 获取用户的属性。
Microsoft.LabServices/labs/virtualMachines/read 获取虚拟机的属性。
Microsoft.LabServices/locations/usages/read 获取位置中的使用情况
Microsoft.LabServices/skus/read 获取实验室服务 SKU 的属性。
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
Microsoft.Support/* 创建和更新支持票证
不操作
DataActions
Microsoft.LabServices/labPlans/createLab/action 从实验室计划创建新实验室。
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create new labs under your Azure Lab Accounts.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
  "name": "b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.LabServices/labAccounts/*/read",
        "Microsoft.LabServices/labAccounts/createLab/action",
        "Microsoft.LabServices/labAccounts/getPricingAndAvailability/action",
        "Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.LabServices/labPlans/images/read",
        "Microsoft.LabServices/labPlans/read",
        "Microsoft.LabServices/labPlans/saveImage/action",
        "Microsoft.LabServices/labs/read",
        "Microsoft.LabServices/labs/schedules/read",
        "Microsoft.LabServices/labs/users/read",
        "Microsoft.LabServices/labs/virtualMachines/read",
        "Microsoft.LabServices/locations/usages/read",
        "Microsoft.LabServices/skus/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.LabServices/labPlans/createLab/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Lab Creator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

实验室操作员

允许有限地管理现有实验室。

了解详细信息

操作 说明
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Insights/alertRules/* 创建和管理经典指标警报
Microsoft.LabServices/labPlans/images/read 获取映像的属性。
Microsoft.LabServices/labPlans/read 获取实验室计划的属性。
Microsoft.LabServices/labPlans/saveImage/action 从附加到实验室计划的库中的虚拟机创建映像。
Microsoft.LabServices/labs/publish/action 通过将模板虚拟机的映像传播到实验室中的所有虚拟机来发布实验室。
Microsoft.LabServices/labs/read 获取实验室的属性。
Microsoft.LabServices/labs/schedules/read 获取计划的属性。
Microsoft.LabServices/labs/schedules/write 新建计划或更新现有的计划。
Microsoft.LabServices/labs/schedules/delete 删除计划。
Microsoft.LabServices/labs/users/read 获取用户的属性。
Microsoft.LabServices/labs/users/write 新建用户或更新现有的用户。
Microsoft.LabServices/labs/users/delete 删除用户。
Microsoft.LabServices/labs/users/invite/action 向用户发送电子邮件以邀请其加入实验室。
Microsoft.LabServices/labs/virtualMachines/read 获取虚拟机的属性。
Microsoft.LabServices/labs/virtualMachines/start/action 启动虚拟机。
Microsoft.LabServices/labs/virtualMachines/stop/action 停止和释放虚拟机。
Microsoft.LabServices/labs/virtualMachines/reimage/action 将虚拟机重新映像到上次发布的映像。
Microsoft.LabServices/labs/virtualMachines/redeploy/action 将虚拟机重新部署到其他计算节点。
Microsoft.LabServices/labs/virtualMachines/resetPassword/action 重置虚拟机上本地用户的密码。
Microsoft.LabServices/locations/usages/read 获取位置中的使用情况
Microsoft.LabServices/skus/read 获取实验室服务 SKU 的属性。
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "The lab operator role",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/a36e6959-b6be-4b12-8e9f-ef4b474d304d",
  "name": "a36e6959-b6be-4b12-8e9f-ef4b474d304d",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.LabServices/labPlans/images/read",
        "Microsoft.LabServices/labPlans/read",
        "Microsoft.LabServices/labPlans/saveImage/action",
        "Microsoft.LabServices/labs/publish/action",
        "Microsoft.LabServices/labs/read",
        "Microsoft.LabServices/labs/schedules/read",
        "Microsoft.LabServices/labs/schedules/write",
        "Microsoft.LabServices/labs/schedules/delete",
        "Microsoft.LabServices/labs/users/read",
        "Microsoft.LabServices/labs/users/write",
        "Microsoft.LabServices/labs/users/delete",
        "Microsoft.LabServices/labs/users/invite/action",
        "Microsoft.LabServices/labs/virtualMachines/read",
        "Microsoft.LabServices/labs/virtualMachines/start/action",
        "Microsoft.LabServices/labs/virtualMachines/stop/action",
        "Microsoft.LabServices/labs/virtualMachines/reimage/action",
        "Microsoft.LabServices/labs/virtualMachines/redeploy/action",
        "Microsoft.LabServices/labs/virtualMachines/resetPassword/action",
        "Microsoft.LabServices/locations/usages/read",
        "Microsoft.LabServices/skus/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Lab Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

实验室服务参与者

允许完全控制资源组中的所有实验室服务方案。

了解详细信息

操作 说明
Microsoft.LabServices/* 创建和管理实验室服务组件
Microsoft.Insights/alertRules/* 创建和管理经典指标警报
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
不操作
DataActions
Microsoft.LabServices/labPlans/createLab/action 从实验室计划创建新实验室。
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "The lab services contributor role",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f69b8690-cc87-41d6-b77a-a4bc3c0a966f",
  "name": "f69b8690-cc87-41d6-b77a-a4bc3c0a966f",
  "permissions": [
    {
      "actions": [
        "Microsoft.LabServices/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.LabServices/labPlans/createLab/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Lab Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

实验室服务读取者

允许查看所有实验室计划和实验室资源,但不允许更改。

了解详细信息

操作 说明
Microsoft.LabServices/*/read 读取实验室服务属性
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "The lab services reader role",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc",
  "name": "2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc",
  "permissions": [
    {
      "actions": [
        "Microsoft.LabServices/*/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Lab Services Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

负载测试参与者

查看、创建、更新、删除和执行负载测试。 查看并列出负载测试资源,但不能进行任何更改。

了解详细信息

操作 说明
Microsoft.LoadTestService/*/read 读取负载测试资源
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
Microsoft.Insights/alertRules/* 创建和管理经典指标警报
不操作
DataActions
Microsoft.LoadTestService/loadtests/* 创建和管理负载测试
Microsoft.LoadTestService/testProfiles/*
Microsoft.LoadTestService/testProfileRuns/*
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "View, create, update, delete and execute load tests. View and list load test resources but can not make any changes.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/749a398d-560b-491b-bb21-08924219302e",
  "name": "749a398d-560b-491b-bb21-08924219302e",
  "permissions": [
    {
      "actions": [
        "Microsoft.LoadTestService/*/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Insights/alertRules/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.LoadTestService/loadtests/*",
        "Microsoft.LoadTestService/testProfiles/*",
        "Microsoft.LoadTestService/testProfileRuns/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Load Test Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

负载测试所有者

对负载测试资源和负载测试执行所有操作

了解详细信息

操作 说明
Microsoft.LoadTestService/* 创建和管理负载测试资源
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
Microsoft.Insights/alertRules/* 创建和管理经典指标警报
不操作
DataActions
Microsoft.LoadTestService/* 创建和管理负载测试资源
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Execute all operations on load test resources and load tests",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/45bb0b16-2f0c-4e78-afaa-a07599b003f6",
  "name": "45bb0b16-2f0c-4e78-afaa-a07599b003f6",
  "permissions": [
    {
      "actions": [
        "Microsoft.LoadTestService/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Insights/alertRules/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.LoadTestService/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Load Test Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

负载测试读取者

查看并列出所有负载测试和负载测试资源,但不能进行任何更改

了解详细信息

操作 说明
Microsoft.LoadTestService/*/read 读取负载测试资源
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
Microsoft.Insights/alertRules/* 创建和管理经典指标警报
不操作
DataActions
Microsoft.LoadTestService/loadtests/readTest/action 读取负载测试
Microsoft.LoadTestService/testProfiles/read 读取测试配置文件
Microsoft.LoadTestService/testProfileRuns/read 读取测试配置文件运行
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "View and list all load tests and load test resources but can not make any changes",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/3ae3fb29-0000-4ccd-bf80-542e7b26e081",
  "name": "3ae3fb29-0000-4ccd-bf80-542e7b26e081",
  "permissions": [
    {
      "actions": [
        "Microsoft.LoadTestService/*/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Insights/alertRules/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.LoadTestService/loadtests/readTest/action",
        "Microsoft.LoadTestService/testProfiles/read",
        "Microsoft.LoadTestService/testProfileRuns/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Load Test Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

后续步骤