你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

Azure 监视内置角色

本文列出了“监视”类别的 Azure 内置角色。

Application Insights 组件参与者

可管理 Application Insights 组件

了解详细信息

操作 说明
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Insights/alertRules/* 创建和管理经典警报规则
Microsoft.Insights/generateLiveToken/read 实时指标获取令牌
Microsoft.Insights/metricAlerts/* 创建和管理新警报规则
Microsoft.Insights/components/* 创建和管理 Insights 组件
Microsoft.Insights/scheduledqueryrules/*
Microsoft.Insights/topology/read 读取拓扑
Microsoft.Insights/transactions/read 读取事务
Microsoft.Insights/webtests/* 创建和管理 Insights Web 测试
Microsoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
Microsoft.Support/* 创建和更新支持票证
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage Application Insights components",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e",
  "name": "ae349356-3a1b-4a5e-921d-050484c6347e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/generateLiveToken/read",
        "Microsoft.Insights/metricAlerts/*",
        "Microsoft.Insights/components/*",
        "Microsoft.Insights/scheduledqueryrules/*",
        "Microsoft.Insights/topology/read",
        "Microsoft.Insights/transactions/read",
        "Microsoft.Insights/webtests/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Application Insights Component Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Application Insights 快照调试器

授予用户查看和下载使用 Application Insights Snapshot Debugger 收集的调试快照的权限。 请注意,所有者参与者角色不包括这些权限。 在向用户授予 Application Insights Snapshot Debugger 角色时,必须将该角色直接授予用户。 将角色添加到自定义角色时,无法识别该角色。

了解详细信息

操作 说明
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Insights/alertRules/* 创建和管理经典指标警报
Microsoft.Insights/components/*/read
Microsoft.Resources/deployments/* 创建和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
Microsoft.Support/* 创建和更新支持票证
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Gives user permission to use Application Insights Snapshot Debugger features",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b",
  "name": "08954f03-6346-4c2e-81c0-ec3a5cfae23b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Application Insights Snapshot Debugger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 托管 Grafana 工作区参与者

可以管理 Azure 托管 Grafana 资源,而无需提供对工作区本身的访问权限。

操作 说明
Microsoft.Dashboard/grafana/write 写入 grafana
Microsoft.Dashboard/grafana/delete 删除 grafana
Microsoft.Dashboard/grafana/PrivateEndpointConnectionsApproval/action 审批 PrivateEndpointConnection
Microsoft.Dashboard/grafana/managedPrivateEndpoints/action 专用终结点上的操作
Microsoft.Dashboard/locations/operationStatuses/write 写入操作状态
Microsoft.Dashboard/grafana/privateEndpointConnectionProxies/validate/action 验证 PrivateEndpointConnectionProxy
Microsoft.Dashboard/grafana/privateEndpointConnectionProxies/write 创建/更新 PrivateEndpointConnectionProxy
Microsoft.Dashboard/grafana/privateEndpointConnectionProxies/delete 删除 PrivateEndpointConnectionProxy
Microsoft.Dashboard/grafana/privateEndpointConnections/write 更新 PrivateEndpointConnection
Microsoft.Dashboard/grafana/privateEndpointConnections/delete 删除 PrivateEndpointConnection
Microsoft.Dashboard/grafana/managedPrivateEndpoints/write 写入托管专用终结点
Microsoft.Dashboard/grafana/managedPrivateEndpoints/delete 删除托管专用终结点
Microsoft.Authorization/*/read 读取角色和角色分配
Microsoft.Insights/AlertRules/Write 创建或更新经典指标警报
Microsoft.Insights/AlertRules/Delete 删除经典指标警报
Microsoft.Insights/AlertRules/Read 读取经典指标警报
Microsoft.Insights/AlertRules/Activated/Action 经典指标警报已激活
Microsoft.Insights/AlertRules/Resolved/Action 经典指标警报已解决
Microsoft.Insights/AlertRules/Throttled/Action 经典指标预警规则已中止
Microsoft.Insights/AlertRules/Incidents/Read 读取经典指标警报事件
Microsoft.Resources/deployments/read 获取或列出部署。
Microsoft.Resources/deployments/write 创建或更新部署。
Microsoft.Resources/deployments/delete 删除部署。
Microsoft.Resources/deployments/cancel/action 取消部署。
Microsoft.Resources/deployments/validate/action 验证部署。
Microsoft.Resources/deployments/whatIf/action 预测模板部署更改。
Microsoft.Resources/deployments/exportTemplate/action 导出部署的模板
Microsoft.Resources/deployments/operations/read 获取或列出部署操作。
Microsoft.Resources/deployments/operationstatuses/read 获取或列出部署操作状态。
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage Azure Managed Grafana resources, without providing access to the workspaces themselves.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/5c2d7e57-b7c2-4d8a-be4f-82afa42c6e95",
  "name": "5c2d7e57-b7c2-4d8a-be4f-82afa42c6e95",
  "permissions": [
    {
      "actions": [
        "Microsoft.Dashboard/grafana/write",
        "Microsoft.Dashboard/grafana/delete",
        "Microsoft.Dashboard/grafana/PrivateEndpointConnectionsApproval/action",
        "Microsoft.Dashboard/grafana/managedPrivateEndpoints/action",
        "Microsoft.Dashboard/locations/operationStatuses/write",
        "Microsoft.Dashboard/grafana/privateEndpointConnectionProxies/validate/action",
        "Microsoft.Dashboard/grafana/privateEndpointConnectionProxies/write",
        "Microsoft.Dashboard/grafana/privateEndpointConnectionProxies/delete",
        "Microsoft.Dashboard/grafana/privateEndpointConnections/write",
        "Microsoft.Dashboard/grafana/privateEndpointConnections/delete",
        "Microsoft.Dashboard/grafana/managedPrivateEndpoints/write",
        "Microsoft.Dashboard/grafana/managedPrivateEndpoints/delete",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/AlertRules/Write",
        "Microsoft.Insights/AlertRules/Delete",
        "Microsoft.Insights/AlertRules/Read",
        "Microsoft.Insights/AlertRules/Activated/Action",
        "Microsoft.Insights/AlertRules/Resolved/Action",
        "Microsoft.Insights/AlertRules/Throttled/Action",
        "Microsoft.Insights/AlertRules/Incidents/Read",
        "Microsoft.Resources/deployments/read",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/deployments/delete",
        "Microsoft.Resources/deployments/cancel/action",
        "Microsoft.Resources/deployments/validate/action",
        "Microsoft.Resources/deployments/whatIf/action",
        "Microsoft.Resources/deployments/exportTemplate/action",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/deployments/operationstatuses/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Managed Grafana Workspace Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Grafana 管理员

管理伺服器范围的设定并管理对组织、使用者和许可证等资源的存取。

了解详细信息

操作 说明
不操作
DataActions
Microsoft.Dashboard/grafana/ActAsGrafanaAdmin/action 充当 Grafana 管理员角色
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Manage server-wide settings and manage access to resources such as organizations, users, and licenses.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/22926164-76b3-42b3-bc55-97df8dab3e41",
  "name": "22926164-76b3-42b3-bc55-97df8dab3e41",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Dashboard/grafana/ActAsGrafanaAdmin/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Grafana Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Grafana 编辑者

建立、编辑、删除或检视仪表板;建立、编辑或删除资料夹;并编辑或查看播放清单。

了解详细信息

操作 说明
不操作
DataActions
Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action 充当 Grafana 编辑者角色
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, edit, delete, or view dashboards; create, edit, or delete folders; and edit or view playlists.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/a79a5197-3a5c-4973-a920-486035ffd60f",
  "name": "a79a5197-3a5c-4973-a920-486035ffd60f",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Grafana Editor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Grafana 受限查看者

看主页。

了解详细信息

操作 说明
不操作
DataActions
Microsoft.Dashboard/grafana/ActAsGrafanaLimitedViewer/action 担任 Grafana 有限观看者角色
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "View home page.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/41e04612-9dac-4699-a02b-c82ff2cc3fb5",
  "name": "41e04612-9dac-4699-a02b-c82ff2cc3fb5",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Dashboard/grafana/ActAsGrafanaLimitedViewer/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Grafana Limited Viewer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Grafana 查看者

查看仪表板、播放清单和查询资料来源。

了解详细信息

操作 说明
不操作
DataActions
Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action 充当 Grafana 查看者角色
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "View dashboards, playlists, and query data sources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/60921a7e-fef1-4a43-9b16-a26c52ad4769",
  "name": "60921a7e-fef1-4a43-9b16-a26c52ad4769",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Grafana Viewer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

监视参与者

可以读取所有监视数据和编辑监视设置。 另请参阅 Azure Monitor 的角色、权限和安全入门

了解详细信息

操作 说明
*/read 读取除密码外的所有类型的资源。
Microsoft.AlertsManagement/alerts/*
Microsoft.AlertsManagement/alertsSummary/*
Microsoft.Insights/actiongroups/*
Microsoft.Insights/activityLogAlerts/*
Microsoft.Insights/AlertRules/* 创建和管理经典指标警报
Microsoft.Insights/components/* 创建和管理 Insights 组件
Microsoft.Insights/createNotifications/*
Microsoft.Insights/dataCollectionEndpoints/*
Microsoft.Insights/dataCollectionRules/*
Microsoft.Insights/dataCollectionRuleAssociations/*
Microsoft.Insights/DiagnosticSettings/* 创建、更新或读取 Analysis Server 的诊断设置
Microsoft.Insights/eventtypes/* 列出订阅中的活动日志事件(管理事件)。 此权限适用于以编程方式和通过门户访问活动日志。
Microsoft.Insights/LogDefinitions/* 此权限对于需要通过门户访问活动日志的用户是必需的。 列出活动日志中的日志类别。
Microsoft.Insights/metricalerts/*
Microsoft.Insights/MetricDefinitions/* 读取指标定义(资源的可用指标类型的列表)。
Microsoft.Insights/Metrics/* 读取资源的指标。
Microsoft.Insights/notificationStatus/*
Microsoft.Insights/Register/Action 注册 Microsoft Insights 提供程序
Microsoft.Insights/scheduledqueryrules/*
Microsoft.Insights/webtests/* 创建和管理 Insights Web 测试
Microsoft.Insights/workbooks/*
Microsoft.Insights/workbooktemplates/*
Microsoft.Insights/privateLinkScopes/*
Microsoft.Insights/privateLinkScopeOperationStatuses/*
Microsoft.Monitor/accounts/*
Microsoft.OperationalInsights/workspaces/write 创建新的工作区,或者通过提供现有工作区中的客户 ID 链接到现有工作区。
Microsoft.OperationalInsights/workspaces/intelligencepacks/* 读取/写入/删除日志分析解决方案包。
Microsoft.OperationalInsights/workspaces/savedSearches/* 读取/写入/删除日志分析保存的搜索。
Microsoft.OperationalInsights/workspaces/search/action 执行搜索查询
Microsoft.OperationalInsights/workspaces/sharedKeys/action 检索工作区的共享密钥。 这些密钥用于将 Microsoft Operational Insights 代理连接到工作区。
Microsoft.OperationalInsights/workspaces/storageinsightconfigs/* 读取/写入/删除日志分析存储见解配置。
Microsoft.Support/* 创建和更新支持票证
Microsoft.AlertsManagement/smartDetectorAlertRules/*
Microsoft.AlertsManagement/actionRules/*
Microsoft.AlertsManagement/smartGroups/*
Microsoft.AlertsManagement/migrateFromSmartDetection/*
Microsoft.AlertsManagement/investigations/*
Microsoft.AlertsManagement/prometheusRuleGroups/*
Microsoft.Monitor/investigations/*
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read all monitoring data and update monitoring settings.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
  "name": "749f88d5-cbae-40b8-bcfc-e573ddc772fa",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.AlertsManagement/alerts/*",
        "Microsoft.AlertsManagement/alertsSummary/*",
        "Microsoft.Insights/actiongroups/*",
        "Microsoft.Insights/activityLogAlerts/*",
        "Microsoft.Insights/AlertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.Insights/createNotifications/*",
        "Microsoft.Insights/dataCollectionEndpoints/*",
        "Microsoft.Insights/dataCollectionRules/*",
        "Microsoft.Insights/dataCollectionRuleAssociations/*",
        "Microsoft.Insights/DiagnosticSettings/*",
        "Microsoft.Insights/eventtypes/*",
        "Microsoft.Insights/LogDefinitions/*",
        "Microsoft.Insights/metricalerts/*",
        "Microsoft.Insights/MetricDefinitions/*",
        "Microsoft.Insights/Metrics/*",
        "Microsoft.Insights/notificationStatus/*",
        "Microsoft.Insights/Register/Action",
        "Microsoft.Insights/scheduledqueryrules/*",
        "Microsoft.Insights/webtests/*",
        "Microsoft.Insights/workbooks/*",
        "Microsoft.Insights/workbooktemplates/*",
        "Microsoft.Insights/privateLinkScopes/*",
        "Microsoft.Insights/privateLinkScopeOperationStatuses/*",
        "Microsoft.Monitor/accounts/*",
        "Microsoft.OperationalInsights/workspaces/write",
        "Microsoft.OperationalInsights/workspaces/intelligencepacks/*",
        "Microsoft.OperationalInsights/workspaces/savedSearches/*",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.OperationalInsights/workspaces/sharedKeys/action",
        "Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*",
        "Microsoft.Support/*",
        "Microsoft.AlertsManagement/smartDetectorAlertRules/*",
        "Microsoft.AlertsManagement/actionRules/*",
        "Microsoft.AlertsManagement/smartGroups/*",
        "Microsoft.AlertsManagement/migrateFromSmartDetection/*",
        "Microsoft.AlertsManagement/investigations/*",
        "Microsoft.AlertsManagement/prometheusRuleGroups/*",
        "Microsoft.Monitor/investigations/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Monitoring Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

监视指标发布者

允许针对 Azure 资源发布指标

了解详细信息

操作 描述
Microsoft.Insights/Register/Action 注册 Microsoft Insights 提供程序
Microsoft.Support/* 创建和更新支持票证
Microsoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。
不操作
DataActions
Microsoft.Insights/Metrics/Write 写入指标
Microsoft.Insights/Telemetry/Write 写入遥测数据
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Enables publishing metrics against Azure resources",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb",
  "name": "3913510d-42f4-4e42-8a64-420c390055eb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/Register/Action",
        "Microsoft.Support/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Insights/Metrics/Write",
        "Microsoft.Insights/Telemetry/Write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Monitoring Metrics Publisher",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

监视查阅者

可以读取所有监视数据(指标、日志等)。 另请参阅 Azure Monitor 的角色、权限和安全入门

了解详细信息

操作 说明
*/read 读取除密码外的所有类型的资源。
Microsoft.OperationalInsights/workspaces/search/action 执行搜索查询
Microsoft.Support/* 创建和更新支持票证
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read all monitoring data.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05",
  "name": "43d0d8ad-25c7-4714-9337-8ba259a9fe05",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Monitoring Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

工作簿参与者

可以保存共享的工作簿。

了解详细信息

操作 描述
Microsoft.Insights/workbooks/write 创建或更新工作簿
Microsoft.Insights/workbooks/delete 删除工作簿
Microsoft.Insights/workbooks/read 读取工作簿
Microsoft.Insights/workbooks/revisions/read 获取工作簿修订版本
Microsoft.Insights/workbooktemplates/write 创建或更新工作簿模板
Microsoft.Insights/workbooktemplates/delete 删除工作簿模板
Microsoft.Insights/workbooktemplates/read 读取工作簿模板
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can save shared workbooks.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad",
  "name": "e8ddcd69-c73f-4f9f-9844-4100522f16ad",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/workbooks/write",
        "Microsoft.Insights/workbooks/delete",
        "Microsoft.Insights/workbooks/read",
        "Microsoft.Insights/workbooks/revisions/read",
        "Microsoft.Insights/workbooktemplates/write",
        "Microsoft.Insights/workbooktemplates/delete",
        "Microsoft.Insights/workbooktemplates/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Workbook Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

工作簿读者

可以读取工作簿。

了解详细信息

操作 描述
microsoft.insights/workbooks/read 读取工作簿
microsoft.insights/workbooks/revisions/read 获取工作簿修订版本
microsoft.insights/workbooktemplates/read 读取工作簿模板
不操作
DataActions
NotDataActions
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read workbooks.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d",
  "name": "b279062a-9be3-42a0-92ae-8b3cf002ec4d",
  "permissions": [
    {
      "actions": [
        "microsoft.insights/workbooks/read",
        "microsoft.insights/workbooks/revisions/read",
        "microsoft.insights/workbooktemplates/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Workbook Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

后续步骤