適用於整合的 Azure 內建角色
本文列出整合類別中的 Azure 內建角色。
API 管理開發人員入口網站內容編輯器
動作 | 描述 |
Microsoft.ApiManagement/service/portalRevisions/read | 列出開發人員入口網站修訂實體的集合。 或取得其標識碼所指定的開發人員入口網站修訂。 |
Microsoft.ApiManagement/service/portalRevisions/write | 建立新的開發人員入口網站修訂。 或 更新指定入口網站修訂的描述,或讓它成為最新狀態。 |
Microsoft.ApiManagement/service/contentTypes/read | 傳回內容類型清單或傳回內容類型 |
Microsoft.ApiManagement/service/contentTypes/delete | 拿掉內容類型。 |
Microsoft.ApiManagement/service/contentTypes/write | 建立新的內容類型 |
Microsoft.ApiManagement/service/contentTypes/contentItems/read | 傳回內容專案清單或傳回內容專案詳細數據 |
Microsoft.ApiManagement/service/contentTypes/contentItems/write | 建立新的內容專案或更新指定的內容專案 |
Microsoft.ApiManagement/service/contentTypes/contentItems/delete | 拿掉指定的內容專案。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Can customize the developer portal, edit its content, and publish it.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c031e6a8-4391-4de0-8d69-4706a7ed3729",
"name": "c031e6a8-4391-4de0-8d69-4706a7ed3729",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "API Management Developer Portal Content Editor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
API 管理服務參與者
可以管理服務和 API
動作 | 描述 |
Microsoft.ApiManagement/service/* | 建立和管理 API 管理 服務 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Can manage service and the APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c",
"name": "312a565d-c81f-4fd8-895a-4e21e48d571c",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "API Management Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
API 管理服務操作員角色
動作 | 描述 |
Microsoft.ApiManagement/service/*/read | 讀取 API 管理 服務實例 |
Microsoft.ApiManagement/service/backup/action | 將 API 管理 服務備份至使用者提供的記憶體帳戶中指定的容器 |
Microsoft.ApiManagement/service/delete | 刪除服務實例 API 管理 |
Microsoft.ApiManagement/service/managedeployments/action | 變更 SKU/單位、新增/移除 API 管理 服務的區域性部署 |
Microsoft.ApiManagement/service/read | 讀取 API 管理 服務實例的元數據 |
Microsoft.ApiManagement/service/restore/action | 從使用者提供的記憶體帳戶中指定的容器還原 API 管理 服務 |
Microsoft.ApiManagement/service/updatecertificate/action | 上傳 API 管理 服務的 TLS/SSL 憑證 |
Microsoft.ApiManagement/service/updatehostname/action | 設定、更新或移除 API 管理 服務的自定義功能變數名稱 |
Microsoft.ApiManagement/service/write | 建立或更新服務實例 API 管理 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
NotActions | |
Microsoft.ApiManagement/service/users/keys/read | 取得與使用者相關聯的金鑰 |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Can manage service but not the APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61",
"name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61",
"permissions": [
"actions": [
"notActions": [
"dataActions": [],
"notDataActions": []
"roleName": "API Management Service Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
API 管理服務讀取者角色
服務和 API 的唯讀存取權
動作 | 描述 |
Microsoft.ApiManagement/service/*/read | 讀取 API 管理 服務實例 |
Microsoft.ApiManagement/service/read | 讀取 API 管理 服務實例的元數據 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
NotActions | |
Microsoft.ApiManagement/service/users/keys/read | 取得與使用者相關聯的金鑰 |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Read-only access to service and APIs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d",
"name": "71522526-b88f-4d52-b57f-d31fc3546d0d",
"permissions": [
"actions": [
"notActions": [
"dataActions": [],
"notDataActions": []
"roleName": "API Management Service Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
APIM 服務工作區 API 開發人員
具有標籤和產品的讀取許可權,以及允許的寫入許可權:將 API 指派給產品、將標籤指派給產品和 API。 此角色應在服務範圍上指派。
動作 | 描述 |
Microsoft.ApiManagement/service/tags/read | 列出服務實例內定義的標記集合。 或取得其識別碼所指定標記的詳細數據。 |
Microsoft.ApiManagement/service/tags/apiLinks/* | |
Microsoft.ApiManagement/service/tags/operationLinks/* | |
Microsoft.ApiManagement/service/tags/productLinks/* | |
Microsoft.ApiManagement/service/products/read | 列出指定服務實例中的產品集合。 或取得其識別碼所指定產品的詳細數據。 |
Microsoft.ApiManagement/service/products/apiLinks/* | |
Microsoft.ApiManagement/service/read | 讀取 API 管理 服務實例的元數據 |
Microsoft.ApiManagement/service/authorizationServers/read | 列出服務實例內定義的授權伺服器集合。 或取得授權伺服器的詳細數據,而不需秘密。 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Has read access to tags and products and write access to allow: assigning APIs to products, assigning tags to products and APIs. This role should be assigned on the service scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/9565a273-41b9-4368-97d2-aeb0c976a9b3",
"name": "9565a273-41b9-4368-97d2-aeb0c976a9b3",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "API Management Service Workspace API Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
APIM 服務工作區 API 產品管理員
具備與 APIM 服務工作區 API 開發人員相同的存取權,以及使用者的讀取權限和寫入權限,以允許將使用者指派給群組。 此角色應在服務範圍上指派。
動作 | 描述 |
Microsoft.ApiManagement/service/users/read | 列出指定服務實例中已註冊用戶的集合。 或取得其識別碼所指定之用戶的詳細數據。 |
Microsoft.ApiManagement/service/tags/read | 列出服務實例內定義的標記集合。 或取得其識別碼所指定標記的詳細數據。 |
Microsoft.ApiManagement/service/tags/apiLinks/* | |
Microsoft.ApiManagement/service/tags/operationLinks/* | |
Microsoft.ApiManagement/service/tags/productLinks/* | |
Microsoft.ApiManagement/service/products/read | 列出指定服務實例中的產品集合。 或取得其識別碼所指定產品的詳細數據。 |
Microsoft.ApiManagement/service/products/apiLinks/* | |
Microsoft.ApiManagement/service/groups/read | 列出服務實例內定義的群組集合。 或取得其識別碼所指定群組的詳細數據。 |
Microsoft.ApiManagement/service/groups/users/* | |
Microsoft.ApiManagement/service/read | 讀取 API 管理 服務實例的元數據 |
Microsoft.ApiManagement/service/authorizationServers/read | 列出服務實例內定義的授權伺服器集合。 或取得授權伺服器的詳細數據,而不需秘密。 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da",
"name": "d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "API Management Service Workspace API Product Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
APIM 工作區 API 開發人員
具備工作區中實體的讀取權限,以及用於編輯 API 之實體的讀取和寫入權限。 此角色應在工作區範圍上指派。
動作 | 描述 |
Microsoft.ApiManagement/service/workspaces/*/read | |
Microsoft.ApiManagement/service/workspaces/apis/* | |
Microsoft.ApiManagement/service/workspaces/apiVersionSets/* | |
Microsoft.ApiManagement/service/workspaces/policies/* | |
Microsoft.ApiManagement/service/workspaces/schemas/* | |
Microsoft.ApiManagement/service/workspaces/products/* | |
Microsoft.ApiManagement/service/workspaces/policyFragments/* | |
Microsoft.ApiManagement/service/workspaces/namedValues/* | |
Microsoft.ApiManagement/service/workspaces/tags/* | |
Microsoft.ApiManagement/service/workspaces/backends/* | |
Microsoft.ApiManagement/service/workspaces/certificates/* | |
Microsoft.ApiManagement/service/workspaces/diagnostics/* | |
Microsoft.ApiManagement/service/workspaces/loggers/* | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Has read access to entities in the workspace and read and write access to entities for editing APIs. This role should be assigned on the workspace scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/56328988-075d-4c6a-8766-d93edd6725b6",
"name": "56328988-075d-4c6a-8766-d93edd6725b6",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "API Management Workspace API Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
APIM 工作區 API 產品管理員
具備工作區中實體的讀取權限,以及用於發佈 API 之實體的讀取和寫入權限。 此角色應在工作區範圍上指派。
動作 | 描述 |
Microsoft.ApiManagement/service/workspaces/*/read | |
Microsoft.ApiManagement/service/workspaces/products/* | |
Microsoft.ApiManagement/service/workspaces/subscriptions/* | |
Microsoft.ApiManagement/service/workspaces/groups/* | |
Microsoft.ApiManagement/service/workspaces/tags/* | |
Microsoft.ApiManagement/service/workspaces/notifications/* | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Has read access to entities in the workspace and read and write access to entities for publishing APIs. This role should be assigned on the workspace scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/73c2c328-d004-4c5e-938c-35c6f5679a1f",
"name": "73c2c328-d004-4c5e-938c-35c6f5679a1f",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "API Management Workspace API Product Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
APIM 工作區參與者
可以管理工作區和檢視,但無法修改其成員。 此角色應在工作區範圍上指派。
動作 | 描述 |
Microsoft.ApiManagement/service/workspaces/* | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Can manage the workspace and view, but not modify its members. This role should be assigned on the workspace scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0c34c906-8d99-4cb7-8bb7-33f5b0a1a799",
"name": "0c34c906-8d99-4cb7-8bb7-33f5b0a1a799",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "API Management Workspace Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
APIM 工作區讀者
具備工作區中實體的唯讀權限。 此角色應在工作區範圍上指派。
動作 | 描述 |
Microsoft.ApiManagement/service/workspaces/*/read | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Has read-only access to entities in the workspace. This role should be assigned on the workspace scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2",
"name": "ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "API Management Workspace Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
應用程式組態 參與者
針對 應用程式組態 資源授與所有管理作業的許可權,但清除除外。
動作 | 描述 |
Microsoft.AppConfiguration/* | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
NotActions | |
Microsoft.AppConfiguration/locations/deletedConfigurationStores/purge/action | 清除指定的已刪除組態存放區。 |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Grants permission for all management operations, except purge, for App Configuration resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fe86443c-f201-4fc4-9d2a-ac61149fbda0",
"name": "fe86443c-f201-4fc4-9d2a-ac61149fbda0",
"permissions": [
"actions": [
"notActions": [
"dataActions": [],
"notDataActions": []
"roleName": "App Configuration Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
允許完整存取 應用程式組態 數據。
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.AppConfiguration/configurationStores/*/read | |
Microsoft.AppConfiguration/configurationStores/*/write | |
Microsoft.AppConfiguration/configurationStores/*/delete | |
Microsoft.AppConfiguration/configurationStores/*/action | |
NotDataActions | |
Microsoft.AppConfiguration/configurationStores/useSasAuth/action | 針對組態存放區使用SAS驗證。 |
"assignableScopes": [
"description": "Allows full access to App Configuration data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
"name": "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": [
"roleName": "App Configuration Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.AppConfiguration/configurationStores/*/read | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Allows read access to App Configuration data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071",
"name": "516239f1-63e1-4d78-a4de-a74fb236a071",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "App Configuration Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
應用程式組態 讀取器
授與 應用程式組態 資源讀取作業的許可權。
動作 | 描述 |
Microsoft.AppConfiguration/*/read | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/read | 讀取傳統計量警示 |
Microsoft.Resources/deployments/read | 取得或列出部署。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Grants permission for read operations for App Configuration resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/175b81b9-6e0d-490a-85e4-0d422273c10c",
"name": "175b81b9-6e0d-490a-85e4-0d422273c10c",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "App Configuration Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Azure API 中心合規性管理員
允許在 Azure API 中心服務中管理 API 合規性。
動作 | 描述 |
Microsoft.ApiCenter/services/*/read | |
Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/updateAnalysisState/action | 更新指定 API 定義的分析結果。 |
Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action | 匯出 API 定義檔。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Allows managing API compliance in Azure API Center service.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ede9aaa3-4627-494e-be13-4aa7c256148d",
"name": "ede9aaa3-4627-494e-be13-4aa7c256148d",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "Azure API Center Compliance Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Azure API 中心數據讀取器
允許存取 Azure API 中心數據平面讀取作業。
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.ApiCenter/services/*/read | |
Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action | 匯出 API 定義檔。 |
NotDataActions | |
none |
"assignableScopes": [
"description": "Allows for access to Azure API Center data plane read operations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c7244dfb-f447-457d-b2ba-3999044d1706",
"name": "c7244dfb-f447-457d-b2ba-3999044d1706",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "Azure API Center Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Azure API 中心服務參與者
允許管理 Azure API 中心服務。
動作 | 描述 |
Microsoft.ApiCenter/services/* | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
NotActions | |
Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/updateAnalysisState/action | 更新指定 API 定義的分析結果。 |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Allows managing Azure API Center service.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/dd24193f-ef65-44e5-8a7e-6fa6e03f7713",
"name": "dd24193f-ef65-44e5-8a7e-6fa6e03f7713",
"permissions": [
"actions": [
"notActions": [
"dataActions": [],
"notDataActions": []
"roleName": "Azure API Center Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Azure API 中心服務讀取器
允許唯讀存取 Azure API 中心服務。
動作 | 描述 |
Microsoft.ApiCenter/services/*/read | |
Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action | 匯出 API 定義檔。 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Allows read-only access to Azure API Center service.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6cba8790-29c5-48e5-bab1-c7541b01cb04",
"name": "6cba8790-29c5-48e5-bab1-c7541b01cb04",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "Azure API Center Service Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Azure 轉送接聽程式
允許接聽 Azure 轉播資源的存取權。
動作 | 描述 |
Microsoft.Relay/*/wcfRelays/read | |
Microsoft.Relay/*/hybridConnections/read | |
NotActions | |
none | |
DataActions | |
Microsoft.Relay/*/listen/action | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Allows for listen access to Azure Relay resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/26e0b698-aa6d-4085-9386-aadae190014d",
"name": "26e0b698-aa6d-4085-9386-aadae190014d",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "Azure Relay Listener",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Azure 轉送擁有者
允許完整存取 Azure 轉播資源。
動作 | 描述 |
Microsoft.Relay/* | |
NotActions | |
none | |
DataActions | |
Microsoft.Relay/* | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Allows for full access to Azure Relay resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2787bf04-f1f5-4bfe-8383-c8a24483ee38",
"name": "2787bf04-f1f5-4bfe-8383-c8a24483ee38",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "Azure Relay Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Azure 轉送寄件者
允許傳送對 Azure 轉送資源的存取權。
動作 | 描述 |
Microsoft.Relay/*/wcfRelays/read | |
Microsoft.Relay/*/hybridConnections/read | |
NotActions | |
none | |
DataActions | |
Microsoft.Relay/*/send/action | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Allows for send access to Azure Relay resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/26baccc8-eea7-41f1-98f4-1762cc7f685d",
"name": "26baccc8-eea7-41f1-98f4-1762cc7f685d",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "Azure Relay Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Azure 資源通知系統主題訂閱者
可讓您針對目前和未來由 Azure 資源通知公開的所有系統主題建立系統主題和事件訂用帳戶
動作 | 描述 |
Microsoft.ResourceNotifications/systemTopics/subscribeToResources/action | 在資源系統主題上執行建立和事件訂用帳戶建立的許可權 |
Microsoft.ResourceNotifications/systemTopics/subscribeToHealthResources/action | 在 HealthResources 系統主題上執行建立和事件訂閱建立的許可權 |
Microsoft.ResourceNotifications/systemTopics/subscribeToMaintenanceResources/action | 在 MaintenanceResources 系統主題上執行建立和事件訂閱建立的許可權 |
Microsoft.ResourceNotifications/systemTopics/subscribeToComputeResources/action | 在 ComputeResources 系統主題上執行建立和事件訂閱建立的許可權 |
Microsoft.ResourceNotifications/systemTopics/subscribeToComputeScheduleResources/action | 在 ComputeScheduleResources 系統主題上執行建立和事件訂閱建立的許可權 |
Microsoft.ResourceNotifications/systemTopics/subscribeToContainerServiceEventResources/action | 在 ContainerServiceEventResources 系統主題上執行建立和事件訂閱建立的許可權 |
Microsoft.EventGrid/eventSubscriptions/write | 建立或更新 eventSubscription |
Microsoft.EventGrid/systemTopics/eventSubscriptions/write | 建立或更新 SystemTopic 事件Subscription |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Lets you create system topics and event subscriptions on all system topics exposed currently and in the future by Azure Resource Notifications",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0b962ed2-6d56-471c-bd5f-3477d83a7ba4",
"name": "0b962ed2-6d56-471c-bd5f-3477d83a7ba4",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "Azure Resource Notifications System Topics Subscriber",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Azure 服務匯流排資料擁有者
允許完整存取 Azure 服務匯流排 資源。
動作 | 描述 |
Microsoft.ServiceBus/* | |
NotActions | |
none | |
DataActions | |
Microsoft.ServiceBus/* | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Allows for full access to Azure Service Bus resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419",
"name": "090c5cfd-751d-490a-894a-3ce6f1109419",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "Azure Service Bus Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Azure 服務匯流排 數據接收器
允許接收 Azure 服務匯流排資源。
動作 | 描述 |
Microsoft.ServiceBus/*/queues/read | |
Microsoft.ServiceBus/*/topics/read | |
Microsoft.ServiceBus/*/topics/subscriptions/read | |
NotActions | |
none | |
DataActions | |
Microsoft.ServiceBus/*/receive/action | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Allows for receive access to Azure Service Bus resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
"name": "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "Azure Service Bus Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Azure 服務匯流排資料傳送者
允許傳送 Azure 服務匯流排資源。
動作 | 描述 |
Microsoft.ServiceBus/*/queues/read | |
Microsoft.ServiceBus/*/topics/read | |
Microsoft.ServiceBus/*/topics/subscriptions/read | |
NotActions | |
none | |
DataActions | |
Microsoft.ServiceBus/*/send/action | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Allows for send access to Azure Service Bus resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
"name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "Azure Service Bus Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
BizTalk 參與者
可讓您管理 BizTalk 服務,但無法存取它們。
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.BizTalkServices/BizTalk/* | 建立和管理 BizTalk 服務 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Lets you manage BizTalk services, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5e3c6656-6cfa-4708-81fe-0de47ac73342",
"name": "5e3c6656-6cfa-4708-81fe-0de47ac73342",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "BizTalk Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Chamber Admin
可讓您管理模型化和模擬 Workbench 室下的所有專案。
動作 | 描述 |
Microsoft.ModSimWorkbench/*/read | |
Microsoft.ModSimWorkbench/workbenches/chambers/* | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
NotActions | |
Microsoft.ModSimWorkbench/workbenches/chambers/fileRequests/manage/action | |
Microsoft.ModSimWorkbench/workbenches/chambers/connector/setCopyPaste/action | |
DataActions | |
Microsoft.ModSimWorkbench/workbenches/chambers/upload/action | |
Microsoft.ModSimWorkbench/workbenches/chambers/files/* | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Lets you manage everything under your Modeling and Simulation Workbench chamber.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4e9b8407-af2e-495b-ae54-bb60a55b1b5a",
"name": "4e9b8407-af2e-495b-ae54-bb60a55b1b5a",
"permissions": [
"actions": [
"notActions": [
"dataActions": [
"notDataActions": []
"roleName": "Chamber Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
可讓您檢視模型化和模擬 Workbench 室下的所有專案,但不會進行任何變更。
動作 | 描述 |
Microsoft.ModSimWorkbench/workbenches/chambers/*/read | |
Microsoft.ModSimWorkbench/workbenches/chambers/workloads/* | |
Microsoft.ModSimWorkbench/workbenches/chambers/getUploadUri/action | |
Microsoft.ModSimWorkbench/workbenches/chambers/fileRequests/getDownloadUri/action | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
NotActions | |
none | |
DataActions | |
Microsoft.ModSimWorkbench/workbenches/chambers/upload/action | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Lets you view everything under your Modeling and Simulation Workbench chamber, but not make any changes.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4447db05-44ed-4da3-ae60-6cbece780e32",
"name": "4447db05-44ed-4da3-ae60-6cbece780e32",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "Chamber User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
DeID 批次數據擁有者
建立和管理 DeID 批次作業。 此角色處於預覽狀態,且可能會變更。
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthDataAIServices/DeidServices/Batch/write | 建立批次 |
Microsoft.HealthDataAIServices/DeidServices/Batch/delete | 刪除批次 |
Microsoft.HealthDataAIServices/DeidServices/Batch/read | 讀取批次 |
NotDataActions | |
none |
"assignableScopes": [
"description": "Create and manage DeID batch jobs. This role is in preview and subject to change.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8a90fa6b-6997-4a07-8a95-30633a7c97b9",
"name": "8a90fa6b-6997-4a07-8a95-30633a7c97b9",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "DeID Batch Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
DeID 批次數據讀取器
讀取 DeID 批次作業。 此角色處於預覽狀態,且可能會變更。
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthDataAIServices/DeidServices/Batch/read | 讀取批次 |
NotDataActions | |
Microsoft.HealthDataAIServices/DeidServices/Batch/write | 建立批次 |
Microsoft.HealthDataAIServices/DeidServices/Batch/delete | 刪除批次 |
"assignableScopes": [
"description": "Read DeID batch jobs. This role is in preview and subject to change.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b73a14ee-91f5-41b7-bd81-920e12466be9",
"name": "b73a14ee-91f5-41b7-bd81-920e12466be9",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": [
"roleName": "DeID Batch Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
DeID 數據擁有者
DeID 數據的完整存取權。 此角色處於預覽狀態,可能會變更
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthDataAIServices/DeidServices/* | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Full access to DeID data. This role is in preview and subject to change",
"id": "/providers/Microsoft.Authorization/roleDefinitions/78e4b983-1a0b-472e-8b7d-8d770f7c5890",
"name": "78e4b983-1a0b-472e-8b7d-8d770f7c5890",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "DeID Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
DeID 實時數據使用者
對 DeID 即時端點執行要求。 此角色處於預覽狀態,且可能會變更。
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthDataAIServices/DeidServices/Realtime/action | 允許存取即時端點 |
NotDataActions | |
none |
"assignableScopes": [
"description": "Execute requests against DeID realtime endpoint. This role is in preview and subject to change.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/bb6577c4-ea0a-40b2-8962-ea18cb8ecd4e",
"name": "bb6577c4-ea0a-40b2-8962-ea18cb8ecd4e",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "DeID Realtime Data User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
DICOM 數據擁有者
DICOM 數據的完整存取權。
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthcareApis/workspaces/dicomservices/resources/* | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Full access to DICOM data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/58a3b984-7adf-4c20-983a-32417c86fbc8",
"name": "58a3b984-7adf-4c20-983a-32417c86fbc8",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "DICOM Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
DICOM 數據讀取器
讀取和搜尋 DICOM 數據。
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthcareApis/workspaces/dicomservices/resources/read | 讀取 DICOM 資源(包括搜尋和變更摘要)。 |
NotDataActions | |
none |
"assignableScopes": [
"description": "Read and search DICOM data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a",
"name": "e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "DICOM Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
EventGrid 參與者
可讓您管理 EventGrid 作業。
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.EventGrid/* | 建立和管理事件方格資源 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Lets you manage EventGrid operations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de",
"name": "1e241071-0855-49ea-94dc-649edcd759de",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "EventGrid Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
EventGrid 數據傳送者
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.EventGrid/topics/read | 閱讀主題 |
Microsoft.EventGrid/domains/read | 讀取網域 |
Microsoft.EventGrid/partnerNamespaces/read | 讀取夥伴命名空間 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.EventGrid/namespaces/read | 讀取命名空間 |
NotActions | |
none | |
DataActions | |
Microsoft.EventGrid/events/send/action | 將事件傳送至主題 |
NotDataActions | |
none |
"assignableScopes": [
"description": "Allows send access to event grid events.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d5a91429-5739-47e2-a06b-3470a27159e7",
"name": "d5a91429-5739-47e2-a06b-3470a27159e7",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "EventGrid Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
EventGrid EventSubscription 參與者
可讓您管理 EventGrid 事件訂用帳戶作業。
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.EventGrid/eventSubscriptions/* | 建立和管理區域事件訂用帳戶 |
Microsoft.EventGrid/topicTypes/eventSubscriptions/read | 依主題類型列出全域事件訂閱 |
Microsoft.EventGrid/locations/eventSubscriptions/read | 列出區域事件訂用帳戶 |
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read | 依 topictype 列出區域事件訂用帳戶 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Lets you manage EventGrid event subscription operations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
"name": "428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "EventGrid EventSubscription Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
EventGrid EventSubscription 讀取器
可讓您讀取 EventGrid 事件訂用帳戶。
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.EventGrid/eventSubscriptions/read | 讀取 eventSubscription |
Microsoft.EventGrid/topicTypes/eventSubscriptions/read | 依主題類型列出全域事件訂閱 |
Microsoft.EventGrid/locations/eventSubscriptions/read | 列出區域事件訂用帳戶 |
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read | 依 topictype 列出區域事件訂用帳戶 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Lets you read EventGrid event subscriptions.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405",
"name": "2414bbcf-6497-4faf-8c65-045460748405",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "EventGrid EventSubscription Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
EventGrid TopicSpaces Publisher
可讓您在 topicspaces 上發布訊息。
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.EventGrid/*/read | |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
NotActions | |
none | |
DataActions | |
Microsoft.EventGrid/topicSpaces/publish/action | 發佈至主題空間 |
NotDataActions | |
none |
"assignableScopes": [
"description": "Lets you publish messages on topicspaces.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a12b0b94-b317-4dcd-84a8-502ce99884c6",
"name": "a12b0b94-b317-4dcd-84a8-502ce99884c6",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "EventGrid TopicSpaces Publisher",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
EventGrid TopicSpaces 訂閱者
可讓您訂閱 topicspaces 上的訊息。
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.EventGrid/*/read | |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
NotActions | |
none | |
DataActions | |
Microsoft.EventGrid/topicSpaces/subscribe/action | 訂閱主題空間 |
NotDataActions | |
none |
"assignableScopes": [
"description": "Lets you subscribe messages on topicspaces.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4b0f2fd7-60b4-4eca-896f-4435034f8bf5",
"name": "4b0f2fd7-60b4-4eca-896f-4435034f8bf5",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "EventGrid TopicSpaces Subscriber",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
FHIR 數據參與者
角色可讓使用者或主體完整存取 FHIR 數據
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthcareApis/services/fhir/resources/* | |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/* | |
NotDataActions | |
Microsoft.HealthcareApis/services/fhir/resources/smart/action | 允許使用者根據SMART on FHIR規格存取FHIR服務。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/smart/action | 允許使用者根據SMART on FHIR規格存取FHIR服務。 |
"assignableScopes": [
"description": "Role allows user or principal full access to FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5a1fc7df-4bf1-4951-a576-89034ee01acd",
"name": "5a1fc7df-4bf1-4951-a576-89034ee01acd",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": [
"roleName": "FHIR Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
FHIR 資料轉換器
角色可讓使用者或主體將數據從舊版格式轉換成 FHIR
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthcareApis/services/fhir/resources/convertData/action | 資料轉換作業 ($convert-data) |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/convertData/action | 資料轉換作業 ($convert-data) |
NotDataActions | |
none |
"assignableScopes": [
"description": "Role allows user or principal to convert data from legacy format to FHIR",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
"name": "a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "FHIR Data Converter",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
FHIR 數據匯出工具
角色可讓使用者或主體讀取和導出 FHIR 數據
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthcareApis/services/fhir/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
Microsoft.HealthcareApis/services/fhir/resources/export/action | 匯出作業($export)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action | 匯出作業($export)。 |
NotDataActions | |
none |
"assignableScopes": [
"description": "Role allows user or principal to read and export FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3db33094-8700-4567-8da5-1501d4e7e843",
"name": "3db33094-8700-4567-8da5-1501d4e7e843",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "FHIR Data Exporter",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
FHIR 資料匯入工具
角色可讓使用者或主體讀取和匯入 FHIR 數據
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action | 以批次的方式匯入 FHIR 資源。 |
NotDataActions | |
none |
"assignableScopes": [
"description": "Role allows user or principal to read and import FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4465e953-8ced-4406-a58e-0f6e3f3b530b",
"name": "4465e953-8ced-4406-a58e-0f6e3f3b530b",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "FHIR Data Importer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
FHIR 數據讀取器
角色可讓使用者或主體讀取 FHIR 數據
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthcareApis/services/fhir/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
NotDataActions | |
none |
"assignableScopes": [
"description": "Role allows user or principal to read FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4c8d0bbc-75d3-4935-991f-5f3c56d81508",
"name": "4c8d0bbc-75d3-4935-991f-5f3c56d81508",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "FHIR Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
FHIR 數據寫入器
角色可讓使用者或主體讀取和寫入 FHIR 數據
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthcareApis/services/fhir/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
Microsoft.HealthcareApis/services/fhir/resources/write | 寫入 FHIR 資源(包括建立和更新)。 |
Microsoft.HealthcareApis/services/fhir/resources/delete | 刪除 FHIR 資源(虛刪除)。 |
Microsoft.HealthcareApis/services/fhir/resources/export/action | 匯出作業($export)。 |
Microsoft.HealthcareApis/services/fhir/resources/resourceValidate/action | 驗證作業 ($validate)。 |
Microsoft.HealthcareApis/services/fhir/resources/reindex/action | 允許使用者執行 Reindex 作業,以編製尚未編製索引的任何搜尋參數的索引。 |
Microsoft.HealthcareApis/services/fhir/resources/convertData/action | 資料轉換作業 ($convert-data) |
Microsoft.HealthcareApis/services/fhir/resources/editProfileDefinitions/action | 允許使用者在配置檔資源上執行建立更新刪除作業。 |
Microsoft.HealthcareApis/services/fhir/resources/import/action | 以批次的方式匯入 FHIR 資源。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/write | 寫入 FHIR 資源(包括建立和更新)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/delete | 刪除 FHIR 資源(虛刪除)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action | 匯出作業($export)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/resourceValidate/action | 驗證作業 ($validate)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/reindex/action | 允許使用者執行 Reindex 作業,以編製尚未編製索引的任何搜尋參數的索引。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/convertData/action | 資料轉換作業 ($convert-data) |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/editProfileDefinitions/action | 允許使用者在配置檔資源上執行建立更新刪除作業。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action | 以批次的方式匯入 FHIR 資源。 |
NotDataActions | |
none |
"assignableScopes": [
"description": "Role allows user or principal to read and write FHIR Data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3f88fce4-5892-4214-ae73-ba5294559913",
"name": "3f88fce4-5892-4214-ae73-ba5294559913",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "FHIR Data Writer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
角色可讓用戶根據SMART on FHIR規格存取FHIR服務
動作 | 描述 |
none | |
NotActions | |
none | |
DataActions | |
Microsoft.HealthcareApis/services/fhir/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | 讀取 FHIR 資源(包括搜尋和建立版本記錄)。 |
Microsoft.HealthcareApis/services/fhir/resources/smart/action | 允許使用者根據SMART on FHIR規格存取FHIR服務。 |
Microsoft.HealthcareApis/workspaces/fhirservices/resources/smart/action | 允許使用者根據SMART on FHIR規格存取FHIR服務。 |
NotDataActions | |
none |
"assignableScopes": [
"description": "Role allows user to access FHIR Service according to SMART on FHIR specification",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4ba50f17-9666-485c-a643-ff00808643f0",
"name": "4ba50f17-9666-485c-a643-ff00808643f0",
"permissions": [
"actions": [],
"notActions": [],
"dataActions": [
"notDataActions": []
"roleName": "FHIR SMART User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Integration Service 環境參與者
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Support/* | 建立和更新支援票證 |
Microsoft.Logic/integrationServiceEnvironments/* | |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Lets you manage integration service environments, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a41e2c5b-bd99-4a07-88f4-9bf657a760b8",
"name": "a41e2c5b-bd99-4a07-88f4-9bf657a760b8",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "Integration Service Environment Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Integration Service Environment Developer
可讓開發人員在整合服務環境中建立和更新工作流程、整合帳戶和 API 連線。
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Support/* | 建立和更新支援票證 |
Microsoft.Logic/integrationServiceEnvironments/read | 讀取整合服務環境。 |
Microsoft.Logic/integrationServiceEnvironments/*/join/action | |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Allows developers to create and update workflows, integration accounts and API connections in integration service environments.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c7aa55d3-1abb-444a-a5ca-5e51e485d6ec",
"name": "c7aa55d3-1abb-444a-a5ca-5e51e485d6ec",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "Integration Service Environment Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.IntelligentSystems/accounts/* | 建立和管理智慧型手機系統帳戶 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Lets you manage Intelligent Systems accounts, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e",
"name": "03a6d094-3444-4b3d-88af-7477090a9e5e",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "Intelligent Systems Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.ClassicStorage/storageAccounts/listKeys/action | 列出記憶體帳戶的存取金鑰。 |
Microsoft.ClassicStorage/storageAccounts/read | 傳回具有指定帳戶的記憶體帳戶。 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Insights/metricAlerts/* | |
Microsoft.Insights/diagnosticSettings/* | 建立、更新或讀取 Analysis Server 的診斷設定 |
Microsoft.Insights/logdefinitions/* | 需要透過入口網站存取活動記錄的使用者,需要此權限。 列出活動記錄中的記錄類別。 |
Microsoft.Insights/metricDefinitions/* | 讀取計量定義 (資源的可用指標類型清單)。 |
Microsoft.Logic/* | 管理 Logic Apps 資源。 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Storage/storageAccounts/listkeys/action | 傳回指定儲存體帳戶的存取金鑰。 |
Microsoft.Storage/storageAccounts/read | 傳回儲存體帳戶的清單,或取得指定之儲存體帳戶的屬性。 |
Microsoft.Support/* | 建立和更新支援票證 |
Microsoft.Web/connectionGateways/* | 建立和管理連線閘道。 |
Microsoft.Web/connections/* | 建立和管理連線。 |
Microsoft.Web/customApis/* | 建立和管理自定義 API。 |
Microsoft.Web/serverFarms/join/action | 加入 App Service 方案 |
Microsoft.Web/serverFarms/read | 取得 App Service 方案上的屬性 |
Microsoft.Web/sites/functions/listSecrets/action | 列出函式秘密。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Lets you manage logic app, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e",
"name": "87a39d53-fc1b-424a-814c-f7e04687dc9e",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "Logic App Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/*/read | 讀取深入解析警示規則 |
Microsoft.Insights/metricAlerts/*/read | |
Microsoft.Insights/diagnosticSettings/*/read | 取得 Logic Apps 的診斷設定 |
Microsoft.Insights/metricDefinitions/*/read | 取得 Logic Apps 的可用計量。 |
Microsoft.Logic/*/read | 讀取 Logic Apps 資源。 |
Microsoft.Logic/workflows/disable/action | 停用工作流程。 |
Microsoft.Logic/workflows/enable/action | 啟用工作流程。 |
Microsoft.Logic/workflows/validate/action | 驗證工作流程。 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
Microsoft.Web/connectionGateways/*/read | 讀取連線閘道。 |
Microsoft.Web/connections/*/read | 讀取連線。 |
Microsoft.Web/customApis/*/read | 讀取自定義 API。 |
Microsoft.Web/serverFarms/read | 取得 App Service 方案上的屬性 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Lets you read, enable and disable logic app.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
"name": "515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "Logic App Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Logic Apps 標準參與者 (預覽)
您可以管理標準邏輯應用程式和工作流程的所有層面。 您無法變更存取權或擁有權。
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
Microsoft.Web/*/read | |
Microsoft.Web/certificates/* | 建立和管理憑證。 |
Microsoft.Web/connectionGateways/* | 建立和管理連線閘道。 |
Microsoft.Web/connections/* | 建立和管理連線。 |
Microsoft.Web/customApis/* | 建立和管理自定義 API。 |
Microsoft.Web/serverFarms/* | 建立和管理 App Service 方案。 |
Microsoft.Web/sites/* | 建立和管理 Web 應用程式。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "You can manage all aspects of a Standard logic app and workflows. You can't change access or ownership.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ad710c24-b039-4e85-a019-deb4a06e8570",
"name": "ad710c24-b039-4e85-a019-deb4a06e8570",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "Logic Apps Standard Contributor (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Logic Apps 標準開發人員 (預覽)
您可以建立和編輯標準邏輯應用程式的工作流程、連線和設定。 您無法在工作流程範圍之外進行變更。
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
Microsoft.Web/*/read | |
Microsoft.Web/connections/* | 建立和管理連線。 |
Microsoft.Web/customApis/* | 建立和管理自定義 API。 |
Microsoft.Web/sites/config/list/Action | 列出 Web 應用程式的安全性機密設定,例如發佈認證、應用程式設定和連接字串 |
microsoft.web/sites/config/Write | 更新 Web 應用程式的組態設定 |
microsoft.web/sites/config/web/appsettings/delete | 刪除 Web Apps 應用程式設定 |
microsoft.web/sites/config/web/appsettings/write | 建立或更新 Web 應用程式單一應用程式設定 |
microsoft.web/sites/deployWorkflowArtifacts/action | 在邏輯應用程式中建立成品。 |
microsoft.web/sites/hostruntime/* | 取得或列出 Web 應用程式或函式應用程式的 hostruntime 成品。 |
microsoft.web/sites/listworkflowsconnections/action | 依邏輯應用程式中的標識碼列出邏輯應用程式的連線。 |
Microsoft.Web/sites/publish/Action | 發佈 Web 應用程式 |
microsoft.web/sites/slots/config/appsettings/write | 建立或更新 Web 應用程式位置的單一應用程式設定 |
Microsoft.Web/sites/slots/config/list/Action | 列出 Web 應用程式位置的安全性機密設定,例如發佈認證、應用程式設定和連接字串 |
microsoft.web/sites/slots/config/web/appsettings/delete | 刪除 Web 應用程式位置的應用程式設定 |
microsoft.web/sites/slots/deployWorkflowArtifacts/action | 在邏輯應用程式中的部署位置中建立成品。 |
microsoft.web/sites/slots/listworkflowsconnections/action | 依邏輯應用程式部署位置中的識別碼,列出邏輯應用程式的連線。 |
Microsoft.Web/sites/slots/publish/Action | 發佈 Web 應用程式位置 |
microsoft.web/sites/workflows/* | |
microsoft.web/sites/workflowsconfiguration/* | |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "You can create and edit workflows, connections, and settings for a Standard logic app. You can't make changes outside the workflow scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/523776ba-4eb2-4600-a3c8-f2dc93da4bdb",
"name": "523776ba-4eb2-4600-a3c8-f2dc93da4bdb",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "Logic Apps Standard Developer (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Logic Apps 標準操作員 (預覽)
您可以啟用和停用邏輯應用程式、重新提交工作流程執行,以及建立連線。 您無法編輯工作流程或設定。
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
Microsoft.Web/*/read | |
Microsoft.Web/sites/applySlotConfig/Action | 將 Web 應用程式位置設定從目標位置套用至目前的 Web 應用程式 |
microsoft.web/sites/hostruntime/* | 取得或列出 Web 應用程式或函式應用程式的 hostruntime 成品。 |
Microsoft.Web/sites/restart/Action | 重新啟動 Web 應用程式 |
Microsoft.Web/sites/slots/restart/Action | 重新啟動 Web 應用程式位置 |
Microsoft.Web/sites/slots/slotsswap/Action | 交換 Web 應用程式部署位置 |
Microsoft.Web/sites/slots/start/Action | 啟動 Web 應用程式位置 |
Microsoft.Web/sites/slots/stop/Action | 停止 Web 應用程式位置 |
Microsoft.Web/sites/slotsdiffs/Action | 取得 Web 應用程式和位置之間的設定差異 |
Microsoft.Web/sites/slotsswap/Action | 交換 Web 應用程式部署位置 |
Microsoft.Web/sites/start/Action | 啟動 Web 應用程式 |
Microsoft.Web/sites/stop/Action | 停止 Web 應用程式 |
Microsoft.Web/sites/write | 建立新的 Web 應用程式,或更新現有 Web 應用程式 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "You can enable and disable the logic app, resubmit workflow runs, as well as create connections. You can't edit workflows or settings.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b70c96e9-66fe-4c09-b6e7-c98e69c98555",
"name": "b70c96e9-66fe-4c09-b6e7-c98e69c98555",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "Logic Apps Standard Operator (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Logic Apps 標準讀取者 (預覽)
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
Microsoft.Web/*/read | |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "You have read-only access to all resources in a Standard logic app and workflows, including the workflow runs and their history.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4accf36b-2c05-432f-91c8-5c532dff4c73",
"name": "4accf36b-2c05-432f-91c8-5c532dff4c73",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "Logic Apps Standard Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Scheduler/jobcollections/* | 建立和管理作業集合 |
Microsoft.Support/* | 建立和更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Lets you manage Scheduler job collections, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/188a0f2f-5c9e-469b-ae67-2aa5ce574b94",
"name": "188a0f2f-5c9e-469b-ae67-2aa5ce574b94",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "Scheduler Job Collections Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
Services Hub作員
Services Hub作員可讓您執行與 Services Hub 連接器相關的所有讀取、寫入和刪除作業。
動作 | 描述 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.ServicesHub/connectors/write | 建立或更新 Services Hub 連接器 |
Microsoft.ServicesHub/connectors/read | 檢視或列出Services Hub 連接器 |
Microsoft.ServicesHub/connectors/delete | 刪除 Services Hub 連接器 |
Microsoft.ServicesHub/connectors/checkAssessmentEntitlement/action | 列出指定 Services Hub 工作區的評定權利 |
Microsoft.ServicesHub/supportOfferingEntitlement/read | 檢視給定 Services Hub 工作區的支持供應項目權利 |
Microsoft.ServicesHub/workspaces/read | 列出指定使用者的 Services Hub 工作區 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
"assignableScopes": [
"description": "Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/82200a5b-e217-47a5-b665-6d8765ee745b",
"name": "82200a5b-e217-47a5-b665-6d8765ee745b",
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []
"roleName": "Services Hub Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"