你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
用于混合 + 多云的 Azure 内置角色
本文列出了混合 + 多云类别的 Azure 内置角色。
Azure 资源网桥部署角色
Azure 资源网桥部署角色
操作 | 说明 |
---|---|
Microsoft.Authorization/roleassignments/read | 获取有关角色分配的信息。 |
Microsoft.AzureStackHCI/Register/Action | 注册 Azure Stack HCI 资源提供程序的订阅,允许创建 Azure Stack HCI 资源。 |
Microsoft.ResourceConnector/register/action | 注册设备资源提供程序的订阅,并启用设备的创建。 |
Microsoft.ResourceConnector/appliances/read | 获取设备资源 |
Microsoft.ResourceConnector/appliances/write | 创建或更新设备资源 |
Microsoft.ResourceConnector/appliances/delete | 删除设备资源 |
Microsoft.ResourceConnector/locations/operationresults/read | 获取设备操作的结果 |
Microsoft.ResourceConnector/locations/operationsstatus/read | 获取设备操作的结果 |
Microsoft.ResourceConnector/appliances/listClusterUserCredential/action | 获取设备群集用户凭据 |
Microsoft.ResourceConnector/appliances/listKeys/action | 获取设备群集客户用户密钥 |
Microsoft.ResourceConnector/appliances/upgradeGraphs/read | 获取设备群集的升级图 |
Microsoft.ResourceConnector/telemetryconfig/read | 获取设备 CLI 使用的设备遥测配置 |
Microsoft.ResourceConnector/operations/read | 获取设备可用操作的列表 |
Microsoft.ExtendedLocation/register/action | 注册自定义位置资源提供程序的订阅,并启用自定义位置的创建。 |
Microsoft.ExtendedLocation/customLocations/deploy/action | 部署自定义位置资源的权限 |
Microsoft.ExtendedLocation/customLocations/read | 获取自定义位置资源 |
Microsoft.ExtendedLocation/customLocations/write | 创建或更新自定义位置资源 |
Microsoft.ExtendedLocation/customLocations/delete | 删除自定义位置资源 |
Microsoft.HybridConnectivity/register/action | 注册 Microsoft.HybridConnectivity 的订阅 |
Microsoft.Kubernetes/register/action | 向 Microsoft.Kubernetes 资源提供程序注册订阅 |
Microsoft.KubernetesConfiguration/register/action | 注册 Microsoft.KubernetesConfiguration 资源提供程序订阅。 |
Microsoft.KubernetesConfiguration/extensions/write | 创建或更新扩展资源。 |
Microsoft.KubernetesConfiguration/extensions/read | 获取扩展实例资源。 |
Microsoft.KubernetesConfiguration/extensions/delete | 删除扩展实例资源。 |
Microsoft.KubernetesConfiguration/extensions/operations/read | 获取异步操作状态。 |
Microsoft.KubernetesConfiguration/namespaces/read | 获取命名空间资源 |
Microsoft.KubernetesConfiguration/operations/read | 获取 Microsoft.KubernetesConfiguration 资源提供程序的可用操作。 |
Microsoft.GuestConfiguration/guestConfigurationAssignments/read | 获取来宾配置分配。 |
Microsoft.HybridContainerService/register/action | 注册 Microsoft.HybridContainerService 的订阅 |
Microsoft.HybridContainerService/kubernetesVersions/read | 列出基础自定义位置中受支持的 kubernetes 版本 |
Microsoft.HybridContainerService/kubernetesVersions/write | 放置 Kubernetes 版本资源类型 |
Microsoft.HybridContainerService/skus/read | 列出基础自定义位置中受支持的 VM SKU |
Microsoft.HybridContainerService/skus/write | 放置 VM SKU 资源类型 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.AzureStackHCI/StorageContainers/Write | 创建/更新存储容器资源 |
Microsoft.AzureStackHCI/StorageContainers/Read | 获取/列出存储容器资源 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Azure Resource Bridge Deployment Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7b1f81f9-4196-4058-8aae-762e593270df",
"name": "7b1f81f9-4196-4058-8aae-762e593270df",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleassignments/read",
"Microsoft.AzureStackHCI/Register/Action",
"Microsoft.ResourceConnector/register/action",
"Microsoft.ResourceConnector/appliances/read",
"Microsoft.ResourceConnector/appliances/write",
"Microsoft.ResourceConnector/appliances/delete",
"Microsoft.ResourceConnector/locations/operationresults/read",
"Microsoft.ResourceConnector/locations/operationsstatus/read",
"Microsoft.ResourceConnector/appliances/listClusterUserCredential/action",
"Microsoft.ResourceConnector/appliances/listKeys/action",
"Microsoft.ResourceConnector/appliances/upgradeGraphs/read",
"Microsoft.ResourceConnector/telemetryconfig/read",
"Microsoft.ResourceConnector/operations/read",
"Microsoft.ExtendedLocation/register/action",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.ExtendedLocation/customLocations/write",
"Microsoft.ExtendedLocation/customLocations/delete",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.Kubernetes/register/action",
"Microsoft.KubernetesConfiguration/register/action",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.KubernetesConfiguration/namespaces/read",
"Microsoft.KubernetesConfiguration/operations/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.HybridContainerService/register/action",
"Microsoft.HybridContainerService/kubernetesVersions/read",
"Microsoft.HybridContainerService/kubernetesVersions/write",
"Microsoft.HybridContainerService/skus/read",
"Microsoft.HybridContainerService/skus/write",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.AzureStackHCI/StorageContainers/Write",
"Microsoft.AzureStackHCI/StorageContainers/Read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Resource Bridge Deployment Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI 管理员
授予对群集及其资源的完全访问权限,包括注册 Azure Stack HCI 并将其他人分配为 Azure Arc HCI VM 参与者和/或 Azure Arc HCI VM 读者的权限
操作 | 说明 |
---|---|
Microsoft.AzureStackHCI/register/action | 注册 Azure Stack HCI 资源提供程序的订阅,允许创建 Azure Stack HCI 资源。 |
Microsoft.AzureStackHCI/Unregister/Action | 取消注册 Azure Stack HCI 资源提供程序的订阅。 |
Microsoft.AzureStackHCI/clusters/* | |
Microsoft.AzureStackHCI/NetworkSecurityGroups/Read | 获取/列出网络安全组资源 |
Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read | 获取/列出安全规则资源 |
Microsoft.AzureStackHCI/NetworkSecurityGroups/Write | 创建/更新网络安全组资源 |
Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Write | 创建/更新安全规则资源 |
Microsoft.AzureStackHCI/NetworkSecurityGroups/Delete | 删除网络安全组资源 |
Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Delete | 删除安全规则资源 |
Microsoft.AzureStackHCI/NetworkSecurityGroups/join/action | 加入网络安全组资源 |
Microsoft.HybridCompute/register/action | 注册 Microsoft.HybridCompute 资源提供程序的订阅 |
Microsoft.GuestConfiguration/register/action | 注册 Microsoft.GuestConfiguration 资源提供程序的订阅。 |
Microsoft.GuestConfiguration/guestConfigurationAssignments/read | 获取来宾配置分配。 |
Microsoft.Resources/subscriptions/resourceGroups/write | 创建或更新资源组。 |
Microsoft.Resources/subscriptions/resourceGroups/delete | 删除资源组及其所有资源。 |
Microsoft.HybridConnectivity/register/action | 注册 Microsoft.HybridConnectivity 的订阅 |
Microsoft.Authorization/roleAssignments/write | 创建指定范围的角色分配。 |
Microsoft.Authorization/roleAssignments/delete | 删除指定范围的角色分配。 |
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Resources/deployments/* | 创建和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.Resources/subscriptions/read | 获取订阅的列表。 |
Microsoft.Management/managementGroups/read | 列出已通过身份验证的用户的管理组。 |
Microsoft.Support/* | 创建和更新支持票证 |
Microsoft.AzureStackHCI/* | |
Microsoft.Insights/AlertRules/Write | 创建或更新经典指标警报 |
Microsoft.Insights/AlertRules/Delete | 删除经典指标警报 |
Microsoft.Insights/AlertRules/Read | 读取经典指标警报 |
Microsoft.Insights/AlertRules/Activated/Action | 经典指标警报已激活 |
Microsoft.Insights/AlertRules/Resolved/Action | 经典指标警报已解决 |
Microsoft.Insights/AlertRules/Throttled/Action | 经典指标预警规则已中止 |
Microsoft.Insights/AlertRules/Incidents/Read | 读取经典指标警报事件 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/read | 获取或列出部署。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/write | 创建或更新部署。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | 获取或列出部署操作。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | 获取或列出部署操作状态。 |
Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
Microsoft.Resources/subscriptions/read | 获取订阅的列表。 |
Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
Microsoft.HybridCompute/machines/read | 读取任何 Azure Arc 计算机 |
Microsoft.HybridCompute/machines/write | 写入 Azure Arc 计算机 |
Microsoft.HybridCompute/machines/delete | 删除 Azure Arc 计算机 |
Microsoft.HybridCompute/machines/UpgradeExtensions/action | 升级 Azure Arc 计算机上的扩展 |
Microsoft.HybridCompute/machines/assessPatches/action | 评估任何 Azure Arc 计算机以获取缺失的软件补丁 |
Microsoft.HybridCompute/machines/installPatches/action | 在任何 Azure Arc 计算机上安装补丁 |
Microsoft.HybridCompute/machines/extensions/read | 读取任何 Azure Arc 扩展 |
Microsoft.HybridCompute/machines/extensions/write | 安装或更新 Azure Arc 扩展 |
Microsoft.HybridCompute/machines/extensions/delete | 删除 Azure Arc 扩展 |
Microsoft.HybridCompute/operations/read | 读取适用于服务器的 Azure Arc 的所有操作 |
Microsoft.HybridCompute/locations/operationresults/read | 读取 Microsoft.HybridCompute 资源提供程序的操作状态 |
Microsoft.HybridCompute/locations/operationstatus/read | 读取 Microsoft.HybridCompute 资源提供程序的操作状态 |
Microsoft.HybridCompute/machines/patchAssessmentResults/read | 读取任何 Azure Arc patchAssessmentResults |
Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | 读取任何 Azure Arc patchAssessmentResults/softwarePatches |
Microsoft.HybridCompute/machines/patchInstallationResults/read | 读取任何 Azure Arc patchInstallationResults |
Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | 读取任何 Azure Arc patchInstallationResults/softwarePatches |
Microsoft.HybridCompute/locations/updateCenterOperationResults/read | 在计算机上读取更新中心操作的状态 |
Microsoft.HybridCompute/machines/hybridIdentityMetadata/read | 读取任何 Azure Arc 计算机的混合标识元数据 |
Microsoft.HybridCompute/osType/agentVersions/read | 读取所有可用的 Azure Connected Machine Agent 版本 |
Microsoft.HybridCompute/osType/agentVersions/latest/read | 读取最新的 Azure Connected Machine Agent 版本 |
Microsoft.HybridCompute/machines/runcommands/read | 读取任何 Azure Arc runcommand |
Microsoft.HybridCompute/machines/runcommands/write | 安装或更新 Azure Arc runcommand |
Microsoft.HybridCompute/machines/runcommands/delete | 删除任何 Azure Arc runcommand |
Microsoft.HybridCompute/machines/licenseProfiles/read | 读取任何 Azure Arc licenseProfiles |
Microsoft.HybridCompute/machines/licenseProfiles/write | 安装或更新 Azure Arc licenseProfiles |
Microsoft.HybridCompute/machines/licenseProfiles/delete | 删除 Azure Arc licenseProfiles |
Microsoft.HybridCompute/licenses/read | 读取任何 Azure Arc 许可证 |
Microsoft.HybridCompute/licenses/write | 安装或更新 Azure Arc 许可证 |
Microsoft.HybridCompute/licenses/delete | 删除 Azure Arc 许可证 |
Microsoft.ResourceConnector/register/action | 注册设备资源提供程序的订阅,并启用设备的创建。 |
Microsoft.ResourceConnector/appliances/read | 获取设备资源 |
Microsoft.ResourceConnector/appliances/write | 创建或更新设备资源 |
Microsoft.ResourceConnector/appliances/delete | 删除设备资源 |
Microsoft.ResourceConnector/locations/operationresults/read | 获取设备操作的结果 |
Microsoft.ResourceConnector/locations/operationsstatus/read | 获取设备操作的结果 |
Microsoft.ResourceConnector/appliances/listClusterUserCredential/action | 获取设备群集用户凭据 |
Microsoft.ResourceConnector/appliances/listKeys/action | 获取设备群集客户用户密钥 |
Microsoft.ResourceConnector/operations/read | 获取设备可用操作的列表 |
Microsoft.ExtendedLocation/register/action | 注册自定义位置资源提供程序的订阅,并启用自定义位置的创建。 |
Microsoft.ExtendedLocation/customLocations/read | 获取自定义位置资源 |
Microsoft.ExtendedLocation/customLocations/deploy/action | 部署自定义位置资源的权限 |
Microsoft.ExtendedLocation/customLocations/write | 创建或更新自定义位置资源 |
Microsoft.ExtendedLocation/customLocations/delete | 删除自定义位置资源 |
Microsoft.EdgeMarketplace/offers/read | 获取产品/服务 |
Microsoft.EdgeMarketplace/publishers/read | 获取发布者 |
Microsoft.Kubernetes/register/action | 向 Microsoft.Kubernetes 资源提供程序注册订阅 |
Microsoft.KubernetesConfiguration/register/action | 注册 Microsoft.KubernetesConfiguration 资源提供程序订阅。 |
Microsoft.KubernetesConfiguration/extensions/write | 创建或更新扩展资源。 |
Microsoft.KubernetesConfiguration/extensions/read | 获取扩展实例资源。 |
Microsoft.KubernetesConfiguration/extensions/delete | 删除扩展实例资源。 |
Microsoft.KubernetesConfiguration/extensions/operations/read | 获取异步操作状态。 |
Microsoft.KubernetesConfiguration/namespaces/read | 获取命名空间资源 |
Microsoft.KubernetesConfiguration/operations/read | 获取 Microsoft.KubernetesConfiguration 资源提供程序的可用操作。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.AzureStackHCI/StorageContainers/Write | 创建/更新存储容器资源 |
Microsoft.AzureStackHCI/StorageContainers/Read | 获取/列出存储容器资源 |
Microsoft.HybridContainerService/register/action | 注册 Microsoft.HybridContainerService 的订阅 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 | |
条件 | |
((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6,c99c945f-8bd1-4fb1-a903-01460aae6068})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})或(@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6,c99c945f-8bd1-4fb1-a903-01460aae6068})) | 添加或移除以下角色的角色分配: Azure Connected Machine 资源管理员 Azure Connected Machine 资源管理员 Azure Connected Machine 加入 Azure Stack HCI 连接的基础结构 Azure Stack HCI VM 读者 Azure Stack HCI VM 参与者 Azure Stack HCI 设备管理角色 Azure 资源网桥部署角色 Key Vault 机密用户 |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to the cluster and its resources, including the ability to register Azure Stack HCI and assign others as Azure Arc HCI VM Contributor and/or Azure Arc HCI VM Reader",
"id": "/providers/Microsoft.Authorization/roleDefinitions/bda0d508-adf1-4af0-9c28-88919fc3ae06",
"name": "bda0d508-adf1-4af0-9c28-88919fc3ae06",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/register/action",
"Microsoft.AzureStackHCI/Unregister/Action",
"Microsoft.AzureStackHCI/clusters/*",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Write",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Write",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Delete",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Delete",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/join/action",
"Microsoft.HybridCompute/register/action",
"Microsoft.GuestConfiguration/register/action",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourceGroups/delete",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Support/*",
"Microsoft.AzureStackHCI/*",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/assessPatches/action",
"Microsoft.HybridCompute/machines/installPatches/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/operations/read",
"Microsoft.HybridCompute/locations/operationresults/read",
"Microsoft.HybridCompute/locations/operationstatus/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
"Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
"Microsoft.HybridCompute/osType/agentVersions/read",
"Microsoft.HybridCompute/osType/agentVersions/latest/read",
"Microsoft.HybridCompute/machines/runcommands/read",
"Microsoft.HybridCompute/machines/runcommands/write",
"Microsoft.HybridCompute/machines/runcommands/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.ResourceConnector/register/action",
"Microsoft.ResourceConnector/appliances/read",
"Microsoft.ResourceConnector/appliances/write",
"Microsoft.ResourceConnector/appliances/delete",
"Microsoft.ResourceConnector/locations/operationresults/read",
"Microsoft.ResourceConnector/locations/operationsstatus/read",
"Microsoft.ResourceConnector/appliances/listClusterUserCredential/action",
"Microsoft.ResourceConnector/appliances/listKeys/action",
"Microsoft.ResourceConnector/operations/read",
"Microsoft.ExtendedLocation/register/action",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.ExtendedLocation/customLocations/write",
"Microsoft.ExtendedLocation/customLocations/delete",
"Microsoft.EdgeMarketplace/offers/read",
"Microsoft.EdgeMarketplace/publishers/read",
"Microsoft.Kubernetes/register/action",
"Microsoft.KubernetesConfiguration/register/action",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.KubernetesConfiguration/namespaces/read",
"Microsoft.KubernetesConfiguration/operations/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.AzureStackHCI/StorageContainers/Write",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.HybridContainerService/register/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"conditionVersion": "2.0",
"condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6,c99c945f-8bd1-4fb1-a903-01460aae6068})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6,c99c945f-8bd1-4fb1-a903-01460aae6068}))"
}
],
"roleName": "Azure Stack HCI Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI 连接的基础结构
Azure Stack HCI 基础结构虚拟机 Arc 集成的角色。
操作 | 说明 |
---|---|
Microsoft.HybridCompute/*/read | |
Microsoft.HybridCompute/machines/write | 写入 Azure Arc 计算机 |
Microsoft.HybridCompute/machines/delete | 删除 Azure Arc 计算机 |
Microsoft.HybridCompute/machines/extensions/read | 读取任何 Azure Arc 扩展 |
Microsoft.HybridCompute/machines/extensions/write | 安装或更新 Azure Arc 扩展 |
Microsoft.HybridCompute/machines/extensions/delete | 删除 Azure Arc 扩展 |
Microsoft.HybridCompute/machines/UpgradeExtensions/action | 升级 Azure Arc 计算机上的扩展 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Role of Arc Integration for Azure Stack HCI Infrastructure Virtual Machines.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c99c945f-8bd1-4fb1-a903-01460aae6068",
"name": "c99c945f-8bd1-4fb1-a903-01460aae6068",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/*/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI Connected InfraVMs",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI 设备管理角色
Microsoft.AzureStackHCI 设备管理角色
操作 | 说明 |
---|---|
Microsoft.AzureStackHCI/Clusters/* | |
Microsoft.AzureStackHCI/EdgeDevices/* | |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Microsoft.AzureStackHCI Device Management Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/865ae368-6a45-4bd1-8fbf-0d5151f56fc1",
"name": "865ae368-6a45-4bd1-8fbf-0d5151f56fc1",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/Clusters/*",
"Microsoft.AzureStackHCI/EdgeDevices/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI Device Management Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI VM 参与者
授予执行所有 VM 操作的权限
操作 | 说明 |
---|---|
Microsoft.AzureStackHCI/VirtualMachines/* | |
Microsoft.AzureStackHCI/virtualMachineInstances/* | |
Microsoft.AzureStackHCI/NetworkInterfaces/* | |
Microsoft.AzureStackHCI/VirtualHardDisks/* | |
Microsoft.AzureStackHCI/VirtualNetworks/Read | 获取/列出虚拟网络资源 |
Microsoft.AzureStackHCI/VirtualNetworks/join/action | 联接虚拟网络资源 |
Microsoft.AzureStackHCI/LogicalNetworks/Read | 获取/列出逻辑网络资源 |
Microsoft.AzureStackHCI/LogicalNetworks/join/action | 联接逻辑网络资源 |
Microsoft.AzureStackHCI/GalleryImages/Read | 获取/列出库映像资源 |
Microsoft.AzureStackHCI/GalleryImages/deploy/action | 部署库映像资源 |
Microsoft.AzureStackHCI/StorageContainers/Read | 获取/列出存储容器资源 |
Microsoft.AzureStackHCI/StorageContainers/deploy/action | 部署存储容器资源 |
Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read | 获取/列出市场库映像资源 |
Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action | 部署市场库映像资源 |
Microsoft.AzureStackHCI/Clusters/Read | 获取群集 |
Microsoft.AzureStackHCI/Clusters/ArcSettings/Read | 获取 HCI 群集的 Arc 资源 |
Microsoft.AzureStackHCI/NetworkSecurityGroups/Read | 获取/列出网络安全组资源 |
Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read | 获取/列出安全规则资源 |
Microsoft.Insights/AlertRules/Write | 创建或更新经典指标警报 |
Microsoft.Insights/AlertRules/Delete | 删除经典指标警报 |
Microsoft.Insights/AlertRules/Read | 读取经典指标警报 |
Microsoft.Insights/AlertRules/Activated/Action | 经典指标警报已激活 |
Microsoft.Insights/AlertRules/Resolved/Action | 经典指标警报已解决 |
Microsoft.Insights/AlertRules/Throttled/Action | 经典指标预警规则已中止 |
Microsoft.Insights/AlertRules/Incidents/Read | 读取经典指标警报事件 |
Microsoft.Resources/deployments/read | 获取或列出部署。 |
Microsoft.Resources/deployments/write | 创建或更新部署。 |
Microsoft.Resources/deployments/delete | 删除部署。 |
Microsoft.Resources/deployments/cancel/action | 取消部署。 |
Microsoft.Resources/deployments/validate/action | 验证部署。 |
Microsoft.Resources/deployments/whatIf/action | 预测模板部署更改。 |
Microsoft.Resources/deployments/exportTemplate/action | 导出部署的模板 |
Microsoft.Resources/deployments/operations/read | 获取或列出部署操作。 |
Microsoft.Resources/deployments/operationstatuses/read | 获取或列出部署操作状态。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/read | 获取或列出部署。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/write | 创建或更新部署。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | 获取或列出部署操作。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | 获取或列出部署操作状态。 |
Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Resources/subscriptions/read | 获取订阅的列表。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
Microsoft.HybridCompute/machines/read | 读取任何 Azure Arc 计算机 |
Microsoft.HybridCompute/machines/write | 写入 Azure Arc 计算机 |
Microsoft.HybridCompute/machines/delete | 删除 Azure Arc 计算机 |
Microsoft.HybridCompute/machines/UpgradeExtensions/action | 升级 Azure Arc 计算机上的扩展 |
Microsoft.HybridCompute/machines/assessPatches/action | 评估任何 Azure Arc 计算机以获取缺失的软件补丁 |
Microsoft.HybridCompute/machines/installPatches/action | 在任何 Azure Arc 计算机上安装补丁 |
Microsoft.HybridCompute/machines/extensions/read | 读取任何 Azure Arc 扩展 |
Microsoft.HybridCompute/machines/extensions/write | 安装或更新 Azure Arc 扩展 |
Microsoft.HybridCompute/machines/extensions/delete | 删除 Azure Arc 扩展 |
Microsoft.HybridCompute/operations/read | 读取适用于服务器的 Azure Arc 的所有操作 |
Microsoft.HybridCompute/locations/operationresults/read | 读取 Microsoft.HybridCompute 资源提供程序的操作状态 |
Microsoft.HybridCompute/locations/operationstatus/read | 读取 Microsoft.HybridCompute 资源提供程序的操作状态 |
Microsoft.HybridCompute/machines/patchAssessmentResults/read | 读取任何 Azure Arc patchAssessmentResults |
Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | 读取任何 Azure Arc patchAssessmentResults/softwarePatches |
Microsoft.HybridCompute/machines/patchInstallationResults/read | 读取任何 Azure Arc patchInstallationResults |
Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | 读取任何 Azure Arc patchInstallationResults/softwarePatches |
Microsoft.HybridCompute/locations/updateCenterOperationResults/read | 在计算机上读取更新中心操作的状态 |
Microsoft.HybridCompute/machines/hybridIdentityMetadata/read | 读取任何 Azure Arc 计算机的混合标识元数据 |
Microsoft.HybridCompute/osType/agentVersions/read | 读取所有可用的 Azure Connected Machine Agent 版本 |
Microsoft.HybridCompute/osType/agentVersions/latest/read | 读取最新的 Azure Connected Machine Agent 版本 |
Microsoft.HybridCompute/machines/runcommands/read | 读取任何 Azure Arc runcommand |
Microsoft.HybridCompute/machines/runcommands/write | 安装或更新 Azure Arc runcommand |
Microsoft.HybridCompute/machines/runcommands/delete | 删除任何 Azure Arc runcommand |
Microsoft.HybridCompute/machines/licenseProfiles/read | 读取任何 Azure Arc licenseProfiles |
Microsoft.HybridCompute/machines/licenseProfiles/write | 安装或更新 Azure Arc licenseProfiles |
Microsoft.HybridCompute/machines/licenseProfiles/delete | 删除 Azure Arc licenseProfiles |
Microsoft.HybridCompute/licenses/read | 读取任何 Azure Arc 许可证 |
Microsoft.HybridCompute/licenses/write | 安装或更新 Azure Arc 许可证 |
Microsoft.HybridCompute/licenses/delete | 删除 Azure Arc 许可证 |
Microsoft.ExtendedLocation/customLocations/Read | 获取自定义位置资源 |
Microsoft.ExtendedLocation/customLocations/deploy/action | 部署自定义位置资源的权限 |
Microsoft.KubernetesConfiguration/extensions/read | 获取扩展实例资源。 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Grants permissions to perform all VM actions",
"id": "/providers/Microsoft.Authorization/roleDefinitions/874d1c73-6003-4e60-a13a-cb31ea190a85",
"name": "874d1c73-6003-4e60-a13a-cb31ea190a85",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/VirtualMachines/*",
"Microsoft.AzureStackHCI/virtualMachineInstances/*",
"Microsoft.AzureStackHCI/NetworkInterfaces/*",
"Microsoft.AzureStackHCI/VirtualHardDisks/*",
"Microsoft.AzureStackHCI/VirtualNetworks/Read",
"Microsoft.AzureStackHCI/VirtualNetworks/join/action",
"Microsoft.AzureStackHCI/LogicalNetworks/Read",
"Microsoft.AzureStackHCI/LogicalNetworks/join/action",
"Microsoft.AzureStackHCI/GalleryImages/Read",
"Microsoft.AzureStackHCI/GalleryImages/deploy/action",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.AzureStackHCI/StorageContainers/deploy/action",
"Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",
"Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action",
"Microsoft.AzureStackHCI/Clusters/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/delete",
"Microsoft.Resources/deployments/cancel/action",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/whatIf/action",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/assessPatches/action",
"Microsoft.HybridCompute/machines/installPatches/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/operations/read",
"Microsoft.HybridCompute/locations/operationresults/read",
"Microsoft.HybridCompute/locations/operationstatus/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
"Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
"Microsoft.HybridCompute/osType/agentVersions/read",
"Microsoft.HybridCompute/osType/agentVersions/latest/read",
"Microsoft.HybridCompute/machines/runcommands/read",
"Microsoft.HybridCompute/machines/runcommands/write",
"Microsoft.HybridCompute/machines/runcommands/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.ExtendedLocation/customLocations/Read",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.KubernetesConfiguration/extensions/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI VM Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI VM 读者
授予查看 VM 的权限
操作 | 说明 |
---|---|
Microsoft.AzureStackHCI/VirtualMachines/Read | 获取/列出虚拟机资源 |
Microsoft.AzureStackHCI/virtualMachineInstances/Read | 获取/列出虚拟机实例资源 |
Microsoft.AzureStackHCI/VirtualMachines/Extensions/Read | 获取/列出虚拟机扩展资源 |
Microsoft.AzureStackHCI/VirtualNetworks/Read | 获取/列出虚拟网络资源 |
Microsoft.AzureStackHCI/LogicalNetworks/Read | 获取/列出逻辑网络资源 |
Microsoft.AzureStackHCI/NetworkInterfaces/Read | 获取/列出网络接口资源 |
Microsoft.AzureStackHCI/VirtualHardDisks/Read | 获取/列出虚拟硬盘资源 |
Microsoft.AzureStackHCI/StorageContainers/Read | 获取/列出存储容器资源 |
Microsoft.AzureStackHCI/GalleryImages/Read | 获取/列出库映像资源 |
Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read | 获取/列出市场库映像资源 |
Microsoft.AzureStackHCI/NetworkSecurityGroups/Read | 获取/列出网络安全组资源 |
Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read | 获取/列出安全规则资源 |
Microsoft.HybridCompute/licenses/read | 读取任何 Azure Arc 许可证 |
Microsoft.HybridCompute/machines/extensions/read | 读取任何 Azure Arc 扩展 |
Microsoft.HybridCompute/machines/licenseProfiles/read | 读取任何 Azure Arc licenseProfiles |
Microsoft.HybridCompute/machines/patchAssessmentResults/read | 读取任何 Azure Arc patchAssessmentResults |
Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | 读取任何 Azure Arc patchAssessmentResults/softwarePatches |
Microsoft.HybridCompute/machines/patchInstallationResults/read | 读取任何 Azure Arc patchInstallationResults |
Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | 读取任何 Azure Arc patchInstallationResults/softwarePatches |
Microsoft.HybridCompute/machines/read | 读取任何 Azure Arc 计算机 |
Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations/read | 读取任何 Azure Arc networkSecurityPerimeterConfigurations |
Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/read | 读取任何 Azure Arc privateEndpointConnections |
Microsoft.HybridCompute/privateLinkScopes/read | 读取任何 Azure Arc privateLinkScopes |
Microsoft.Insights/AlertRules/Write | 创建或更新经典指标警报 |
Microsoft.Insights/AlertRules/Delete | 删除经典指标警报 |
Microsoft.Insights/AlertRules/Read | 读取经典指标警报 |
Microsoft.Insights/AlertRules/Activated/Action | 经典指标警报已激活 |
Microsoft.Insights/AlertRules/Resolved/Action | 经典指标警报已解决 |
Microsoft.Insights/AlertRules/Throttled/Action | 经典指标预警规则已中止 |
Microsoft.Insights/AlertRules/Incidents/Read | 读取经典指标警报事件 |
Microsoft.Resources/deployments/read | 获取或列出部署。 |
Microsoft.Resources/deployments/exportTemplate/action | 导出部署的模板 |
Microsoft.Resources/deployments/operations/read | 获取或列出部署操作。 |
Microsoft.Resources/deployments/operationstatuses/read | 获取或列出部署操作状态。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/read | 获取或列出部署。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | 获取或列出部署操作。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | 获取或列出部署操作状态。 |
Microsoft.ResourceHealth/availabilityStatuses/read | 获取指定范围内所有资源的可用性状态 |
Microsoft.Authorization/*/read | 读取角色和角色分配 |
Microsoft.Resources/subscriptions/read | 获取订阅的列表。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 获取或列出资源组。 |
Microsoft.Resources/subscriptions/operationresults/read | 获取订阅操作结果。 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Grants permissions to view VMs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4b3fe76c-f777-4d24-a2d7-b027b0f7b273",
"name": "4b3fe76c-f777-4d24-a2d7-b027b0f7b273",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/VirtualMachines/Read",
"Microsoft.AzureStackHCI/virtualMachineInstances/Read",
"Microsoft.AzureStackHCI/VirtualMachines/Extensions/Read",
"Microsoft.AzureStackHCI/VirtualNetworks/Read",
"Microsoft.AzureStackHCI/LogicalNetworks/Read",
"Microsoft.AzureStackHCI/NetworkInterfaces/Read",
"Microsoft.AzureStackHCI/VirtualHardDisks/Read",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.AzureStackHCI/GalleryImages/Read",
"Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations/read",
"Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/read",
"Microsoft.HybridCompute/privateLinkScopes/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI VM Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack 注册所有者
允许管理 Azure Stack 注册。
操作 | 描述 |
---|---|
Microsoft.AzureStack/edgeSubscriptions/read | |
Microsoft.AzureStack/registrations/products/*/action | |
Microsoft.AzureStack/registrations/products/read | 获取 Azure Stack 市场产品的属性 |
Microsoft.AzureStack/registrations/read | 获取 Azure Stack 注册的属性 |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Stack registrations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"permissions": [
{
"actions": [
"Microsoft.AzureStack/edgeSubscriptions/read",
"Microsoft.AzureStack/registrations/products/*/action",
"Microsoft.AzureStack/registrations/products/read",
"Microsoft.AzureStack/registrations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack Registration Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
混合式伺服器资源管理员
可以读取、写入、删除混合伺服器以及将混合伺服器重新载入到混合资源提供者。
操作 | 说明 |
---|---|
Microsoft.HybridCompute/machines/* | |
Microsoft.HybridCompute/*/read | |
不操作 | |
无 | |
DataActions | |
无 | |
NotDataActions | |
无 |
{
"assignableScopes": [
"/"
],
"description": "Can read, write, delete, and re-onboard Hybrid servers to the Hybrid Resource Provider.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/48b40c6e-82e0-4eb3-90d5-19e40f49b624",
"name": "48b40c6e-82e0-4eb3-90d5-19e40f49b624",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/*",
"Microsoft.HybridCompute/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Hybrid Server Resource Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}