混合式 + 多重雲端的 Azure 內建角色
本文列出混合式 + 多重雲端類別中的 Azure 內建角色。
Azure 資源橋接器部署角色
Azure 資源橋接器部署角色
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/roleassignments/read | 取得關於角色指派的資訊。 |
| Microsoft.AzureStackHCI/Register/Action | 註冊 Azure Stack HCI 資源提供者的訂用帳戶,並啟用 Azure Stack HCI 資源的建立。 |
| Microsoft.ResourceConnector/register/action | 註冊設備資源提供者的訂用帳戶,並啟用設備建立。 |
| Microsoft.ResourceConnector/appliance/read | 取得設備資源 |
| Microsoft.ResourceConnector/appliance/write | 建立或更新設備資源 |
| Microsoft.ResourceConnector/appliance/delete | 刪除設備資源 |
| Microsoft.ResourceConnector/locations/operationresults/read | 取得設備作業的結果 |
| Microsoft.ResourceConnector/locations/operationsstatus/read | 取得設備作業的結果 |
| Microsoft.ResourceConnector/appliance/listClusterUserCredential/action | 取得設備叢集用戶認證 |
| Microsoft.ResourceConnector/appliance/listKeys/action | 取得設備叢集客戶用戶金鑰 |
| Microsoft.ResourceConnector/appliance/upgradeGraphs/read | 取得設備叢集的升級圖表 |
| Microsoft.ResourceConnector/telemetryconfig/read | 取得設備 CLI 所使用的設備遙測設定 |
| Microsoft.ResourceConnector/operations/read | 取得設備可用的作業清單 |
| Microsoft.ExtendedLocation/register/action | 註冊自定義位置資源提供者的訂用帳戶,並啟用自定義位置的建立。 |
| Microsoft.ExtendedLocation/customLocations/deploy/action | 將權限部署至自訂位置資源 |
| Microsoft.ExtendedLocation/customLocations/read | 取得自定義位置資源 |
| Microsoft.ExtendedLocation/customLocations/write | 建立或更新自定義位置資源 |
| Microsoft.ExtendedLocation/customLocations/delete | 刪除自訂位置資源 |
| Microsoft.HybridConnectivity/register/action | 註冊 Microsoft.HybridConnectivity 的訂用帳戶 |
| Microsoft.Kubernetes/register/action | 向 Microsoft.Kubernetes 資源提供者註冊訂用帳戶 |
| Microsoft.KubernetesConfiguration/register/action | 向 Microsoft.KubernetesConfiguration 資源提供者註冊訂用帳戶。 |
| Microsoft.KubernetesConfiguration/extensions/write | 建立或更新延伸模組資源。 |
| Microsoft.KubernetesConfiguration/extensions/read | 取得擴充實例資源。 |
| Microsoft.KubernetesConfiguration/extensions/delete | 刪除擴充實例資源。 |
| Microsoft.KubernetesConfiguration/extensions/operations/read | 取得異步操作狀態。 |
| Microsoft.KubernetesConfiguration/namespaces/read | 取得Namespace資源 |
| Microsoft.KubernetesConfiguration/operations/read | 取得 Microsoft.KubernetesConfiguration 資源提供者的可用作業。 |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/read | 取得來賓設定指派。 |
| Microsoft.HybridContainerService/register/action | 註冊 Microsoft.HybridContainerService 的訂用帳戶 |
| Microsoft.HybridContainerService/kubernetesVersions/read | 列出基礎自定義位置支援的 kubernetes 版本 |
| Microsoft.HybridContainerService/kubernetesVersions/write | 放置 kubernetes 版本資源類型 |
| Microsoft.HybridContainerService/skus/read | 列出基礎自定義位置中支援的 VM SKU |
| Microsoft.HybridContainerService/skus/write | 放置 VM SKU 資源類型 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.AzureStackHCI/StorageContainers/Write | 建立/更新記憶體容器資源 |
| Microsoft.AzureStackHCI/StorageContainers/Read | 取得/列出記憶體容器資源 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Azure Resource Bridge Deployment Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7b1f81f9-4196-4058-8aae-762e593270df",
"name": "7b1f81f9-4196-4058-8aae-762e593270df",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleassignments/read",
"Microsoft.AzureStackHCI/Register/Action",
"Microsoft.ResourceConnector/register/action",
"Microsoft.ResourceConnector/appliances/read",
"Microsoft.ResourceConnector/appliances/write",
"Microsoft.ResourceConnector/appliances/delete",
"Microsoft.ResourceConnector/locations/operationresults/read",
"Microsoft.ResourceConnector/locations/operationsstatus/read",
"Microsoft.ResourceConnector/appliances/listClusterUserCredential/action",
"Microsoft.ResourceConnector/appliances/listKeys/action",
"Microsoft.ResourceConnector/appliances/upgradeGraphs/read",
"Microsoft.ResourceConnector/telemetryconfig/read",
"Microsoft.ResourceConnector/operations/read",
"Microsoft.ExtendedLocation/register/action",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.ExtendedLocation/customLocations/write",
"Microsoft.ExtendedLocation/customLocations/delete",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.Kubernetes/register/action",
"Microsoft.KubernetesConfiguration/register/action",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.KubernetesConfiguration/namespaces/read",
"Microsoft.KubernetesConfiguration/operations/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.HybridContainerService/register/action",
"Microsoft.HybridContainerService/kubernetesVersions/read",
"Microsoft.HybridContainerService/kubernetesVersions/write",
"Microsoft.HybridContainerService/skus/read",
"Microsoft.HybridContainerService/skus/write",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.AzureStackHCI/StorageContainers/Write",
"Microsoft.AzureStackHCI/StorageContainers/Read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Resource Bridge Deployment Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI 系統管理員
授與叢集及其資源的完整存取權,包括註冊 Azure Stack HCI 的能力,並將其他人指派為 Azure Arc HCI VM 參與者和/或 Azure Arc HCI VM 讀取器
| 動作 | 描述 |
|---|---|
| Microsoft.AzureStackHCI/register/action | 註冊 Azure Stack HCI 資源提供者的訂用帳戶,並啟用 Azure Stack HCI 資源的建立。 |
| Microsoft.AzureStackHCI/Unregister/Action | 取消註冊 Azure Stack HCI 資源提供者的訂用帳戶。 |
| Microsoft.AzureStackHCI/clusters/* | |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/Read | 取得/列出網路安全組資源 |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read | 取得/列出安全性規則資源 |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/Write | 建立/更新網路安全組資源 |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Write | 建立/更新安全性規則資源 |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/Delete | 刪除網路安全組資源 |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Delete | 刪除安全性規則資源 |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/join/action | 加入網路安全組資源 |
| Microsoft.HybridCompute/register/action | 註冊 Microsoft.HybridCompute 資源提供者的訂用帳戶 |
| Microsoft.GuestConfiguration/register/action | 註冊 Microsoft.GuestConfiguration 資源提供者的訂用帳戶。 |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/read | 取得來賓設定指派。 |
| Microsoft.Resources/subscriptions/resourceGroups/write | 建立或更新資源群組。 |
| Microsoft.Resources/subscriptions/resourceGroups/delete | 刪除資源群組及其所有資源。 |
| Microsoft.HybridConnectivity/register/action | 註冊 Microsoft.HybridConnectivity 的訂用帳戶 |
| Microsoft.Authorization/roleAssignments/write | 建立指定範圍的角色指派。 |
| Microsoft.Authorization/roleAssignments/delete | 刪除指定範圍內的角色指派。 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Management/managementGroups/read | 列出已驗證使用者的管理群組。 |
| Microsoft.Support/* | 建立和更新支援票證 |
| Microsoft.AzureStackHCI/* | |
| Microsoft.Insights/AlertRules/Write | 建立或更新傳統計量警示 |
| Microsoft.Insights/AlertRules/Delete | 刪除傳統計量警示 |
| Microsoft.Insights/AlertRules/Read | 讀取傳統計量警示 |
| Microsoft.Insights/AlertRules/Activated/Action | 已啟動傳統計量警示 |
| Microsoft.Insights/AlertRules/Resolved/Action | 已解決傳統計量警示 |
| Microsoft.Insights/AlertRules/Throttled/Action | 傳統計量警示規則已節流 |
| Microsoft.Insights/AlertRules/Incidents/Read | 讀取傳統計量警示事件 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | 取得或列出部署。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/write | 建立或更新部署。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | 取得或列出部署作業。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | 取得或列出部署作業狀態。 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
| Microsoft.HybridCompute/machines/read | 讀取任何 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/write | 寫入 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/delete | 刪除 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/UpgradeExtensions/action | 升級 Azure Arc 機器上的擴充功能 |
| Microsoft.HybridCompute/machines/assessPatches/action | 評估任何 Azure Arc 機器以取得遺漏的軟體修補程式 |
| Microsoft.HybridCompute/machines/installPatches/action | 在任何 Azure Arc 計算機上安裝修補程式 |
| Microsoft.HybridCompute/machines/extensions/read | 讀取任何 Azure Arc 延伸模組 |
| Microsoft.HybridCompute/machines/extensions/write | 安裝或更新 Azure Arc 擴充功能 |
| Microsoft.HybridCompute/machines/extensions/delete | 刪除 Azure Arc 擴充功能 |
| Microsoft.HybridCompute/operations/read | 讀取適用於伺服器的 Azure Arc 的所有作業 |
| Microsoft.HybridCompute/locations/operationresults/read | 讀取 Microsoft.HybridCompute 資源提供者上的作業狀態 |
| Microsoft.HybridCompute/locations/operationstatus/read | 讀取 Microsoft.HybridCompute 資源提供者上的作業狀態 |
| Microsoft.HybridCompute/machines/patchAssessmentResults/read | 讀取任何 Azure Arc patchAssessmentResults |
| Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | 讀取任何 Azure Arc patchAssessmentResults/softwarePatches |
| Microsoft.HybridCompute/machines/patchInstallationResults/read | 讀取任何 Azure Arc patchInstallationResults |
| Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | 讀取任何 Azure Arc patchInstallationResults/softwarePatches |
| Microsoft.HybridCompute/locations/updateCenterOperationResults/read | 讀取電腦上更新中心作業的狀態 |
| Microsoft.HybridCompute/machines/hybridIdentityMetadata/read | 讀取任何 Azure Arc 機器的混合式身分識別元數據 |
| Microsoft.HybridCompute/osType/agentVersions/read | 讀取所有可用的 Azure 連線機器代理程式版本 |
| Microsoft.HybridCompute/osType/agentVersions/latest/read | 閱讀最新的 Azure 連線機器代理程式版本 |
| Microsoft.HybridCompute/machines/runcommands/read | 讀取任何 Azure Arc Runcommands |
| Microsoft.HybridCompute/machines/runcommands/write | 安裝或更新 Azure Arc Runcommands |
| Microsoft.HybridCompute/machines/runcommands/delete | 刪除 Azure Arc Runcommands |
| Microsoft.HybridCompute/machines/licenseProfiles/read | 讀取任何 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/machines/licenseProfiles/write | 安裝或更新 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/machines/licenseProfiles/delete | 刪除 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/licenses/read | 讀取任何 Azure Arc 授權 |
| Microsoft.HybridCompute/licenses/write | 安裝或更新 Azure Arc 授權 |
| Microsoft.HybridCompute/licenses/delete | 刪除 Azure Arc 授權 |
| Microsoft.ResourceConnector/register/action | 註冊設備資源提供者的訂用帳戶,並啟用設備建立。 |
| Microsoft.ResourceConnector/appliance/read | 取得設備資源 |
| Microsoft.ResourceConnector/appliance/write | 建立或更新設備資源 |
| Microsoft.ResourceConnector/appliance/delete | 刪除設備資源 |
| Microsoft.ResourceConnector/locations/operationresults/read | 取得設備作業的結果 |
| Microsoft.ResourceConnector/locations/operationsstatus/read | 取得設備作業的結果 |
| Microsoft.ResourceConnector/appliance/listClusterUserCredential/action | 取得設備叢集用戶認證 |
| Microsoft.ResourceConnector/appliance/listKeys/action | 取得設備叢集客戶用戶金鑰 |
| Microsoft.ResourceConnector/operations/read | 取得設備可用的作業清單 |
| Microsoft.ExtendedLocation/register/action | 註冊自定義位置資源提供者的訂用帳戶,並啟用自定義位置的建立。 |
| Microsoft.ExtendedLocation/customLocations/read | 取得自定義位置資源 |
| Microsoft.ExtendedLocation/customLocations/deploy/action | 將權限部署至自訂位置資源 |
| Microsoft.ExtendedLocation/customLocations/write | 建立或更新自定義位置資源 |
| Microsoft.ExtendedLocation/customLocations/delete | 刪除自訂位置資源 |
| Microsoft.EdgeMarketplace/offers/read | 取得供應專案 |
| Microsoft.EdgeMarketplace/publishers/read | 取得發行者 |
| Microsoft.Kubernetes/register/action | 向 Microsoft.Kubernetes 資源提供者註冊訂用帳戶 |
| Microsoft.KubernetesConfiguration/register/action | 向 Microsoft.KubernetesConfiguration 資源提供者註冊訂用帳戶。 |
| Microsoft.KubernetesConfiguration/extensions/write | 建立或更新延伸模組資源。 |
| Microsoft.KubernetesConfiguration/extensions/read | 取得擴充實例資源。 |
| Microsoft.KubernetesConfiguration/extensions/delete | 刪除擴充實例資源。 |
| Microsoft.KubernetesConfiguration/extensions/operations/read | 取得異步操作狀態。 |
| Microsoft.KubernetesConfiguration/namespaces/read | 取得Namespace資源 |
| Microsoft.KubernetesConfiguration/operations/read | 取得 Microsoft.KubernetesConfiguration 資源提供者的可用作業。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.AzureStackHCI/StorageContainers/Write | 建立/更新記憶體容器資源 |
| Microsoft.AzureStackHCI/StorageContainers/Read | 取得/列出記憶體容器資源 |
| Microsoft.HybridContainerService/register/action | 註冊 Microsoft.HybridContainerService 的訂用帳戶 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none | |
| Condition | |
| ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'}))OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6})) | 新增或移除下列角色的角色指派: Azure Connected Machine Resource Manager Azure Connected Machine 資源管理員 Azure Connected Machine 上線 Azure Stack HCI VM 讀取器 Azure Stack HCI VM 參與者 Azure Stack HCI 裝置管理 角色 Azure 資源橋接器部署角色 Key Vault 祕密使用者 |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to the cluster and its resources, including the ability to register Azure Stack HCI and assign others as Azure Arc HCI VM Contributor and/or Azure Arc HCI VM Reader",
"id": "/providers/Microsoft.Authorization/roleDefinitions/bda0d508-adf1-4af0-9c28-88919fc3ae06",
"name": "bda0d508-adf1-4af0-9c28-88919fc3ae06",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/register/action",
"Microsoft.AzureStackHCI/Unregister/Action",
"Microsoft.AzureStackHCI/clusters/*",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Write",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Write",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Delete",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Delete",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/join/action",
"Microsoft.HybridCompute/register/action",
"Microsoft.GuestConfiguration/register/action",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourceGroups/delete",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Support/*",
"Microsoft.AzureStackHCI/*",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/assessPatches/action",
"Microsoft.HybridCompute/machines/installPatches/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/operations/read",
"Microsoft.HybridCompute/locations/operationresults/read",
"Microsoft.HybridCompute/locations/operationstatus/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
"Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
"Microsoft.HybridCompute/osType/agentVersions/read",
"Microsoft.HybridCompute/osType/agentVersions/latest/read",
"Microsoft.HybridCompute/machines/runcommands/read",
"Microsoft.HybridCompute/machines/runcommands/write",
"Microsoft.HybridCompute/machines/runcommands/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.ResourceConnector/register/action",
"Microsoft.ResourceConnector/appliances/read",
"Microsoft.ResourceConnector/appliances/write",
"Microsoft.ResourceConnector/appliances/delete",
"Microsoft.ResourceConnector/locations/operationresults/read",
"Microsoft.ResourceConnector/locations/operationsstatus/read",
"Microsoft.ResourceConnector/appliances/listClusterUserCredential/action",
"Microsoft.ResourceConnector/appliances/listKeys/action",
"Microsoft.ResourceConnector/operations/read",
"Microsoft.ExtendedLocation/register/action",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.ExtendedLocation/customLocations/write",
"Microsoft.ExtendedLocation/customLocations/delete",
"Microsoft.EdgeMarketplace/offers/read",
"Microsoft.EdgeMarketplace/publishers/read",
"Microsoft.Kubernetes/register/action",
"Microsoft.KubernetesConfiguration/register/action",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.KubernetesConfiguration/namespaces/read",
"Microsoft.KubernetesConfiguration/operations/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.AzureStackHCI/StorageContainers/Write",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.HybridContainerService/register/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"conditionVersion": "2.0",
"condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6}))"
}
],
"roleName": "Azure Stack HCI Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI 裝置管理 角色
Microsoft.AzureStackHCI 裝置管理 角色
| 動作 | 描述 |
|---|---|
| Microsoft.AzureStackHCI/Clusters/* | |
| Microsoft.AzureStackHCI/EdgeDevices/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Microsoft.AzureStackHCI Device Management Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/865ae368-6a45-4bd1-8fbf-0d5151f56fc1",
"name": "865ae368-6a45-4bd1-8fbf-0d5151f56fc1",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/Clusters/*",
"Microsoft.AzureStackHCI/EdgeDevices/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI Device Management Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI VM 參與者
授與執行所有 VM 動作的許可權
| 動作 | 描述 |
|---|---|
| Microsoft.AzureStackHCI/VirtualMachines/* | |
| Microsoft.AzureStackHCI/virtualMachineInstances/* | |
| Microsoft.AzureStackHCI/NetworkInterfaces/* | |
| Microsoft.AzureStackHCI/VirtualHardDisks/* | |
| Microsoft.AzureStackHCI/VirtualNetworks/Read | 取得/列出虛擬網路資源 |
| Microsoft.AzureStackHCI/VirtualNetworks/join/action | 聯結虛擬網路資源 |
| Microsoft.AzureStackHCI/LogicalNetworks/Read | 取得/列出邏輯網路資源 |
| Microsoft.AzureStackHCI/LogicalNetworks/join/action | 聯結邏輯網路資源 |
| Microsoft.AzureStackHCI/GalleryImages/Read | 取得/列出資源庫映像資源 |
| Microsoft.AzureStackHCI/GalleryImages/deploy/action | 部署資源庫映像資源 |
| Microsoft.AzureStackHCI/StorageContainers/Read | 取得/列出記憶體容器資源 |
| Microsoft.AzureStackHCI/StorageContainers/deploy/action | 部署記憶體容器資源 |
| Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read | 取得/列出市場位置資源庫映射資源 |
| Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action | 部署市場位置資源庫映像資源 |
| Microsoft.AzureStackHCI/Clusters/Read | 取得叢集 |
| Microsoft.AzureStackHCI/Clusters/ArcSettings/Read | 取得 HCI 叢集的弧線資源 |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/Read | 取得/列出網路安全組資源 |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read | 取得/列出安全性規則資源 |
| Microsoft.Insights/AlertRules/Write | 建立或更新傳統計量警示 |
| Microsoft.Insights/AlertRules/Delete | 刪除傳統計量警示 |
| Microsoft.Insights/AlertRules/Read | 讀取傳統計量警示 |
| Microsoft.Insights/AlertRules/Activated/Action | 已啟動傳統計量警示 |
| Microsoft.Insights/AlertRules/Resolved/Action | 已解決傳統計量警示 |
| Microsoft.Insights/AlertRules/Throttled/Action | 傳統計量警示規則已節流 |
| Microsoft.Insights/AlertRules/Incidents/Read | 讀取傳統計量警示事件 |
| Microsoft.Resources/deployments/read | 取得或列出部署。 |
| Microsoft.Resources/deployments/write | 建立或更新部署。 |
| Microsoft.Resources/deployments/delete | 刪除部署。 |
| Microsoft.Resources/deployments/cancel/action | 取消部署。 |
| Microsoft.Resources/deployments/validate/action | 驗證部署。 |
| Microsoft.Resources/deployments/whatIf/action | 預測範本部署變更。 |
| Microsoft.Resources/deployments/exportTemplate/action | 匯出部署的範本 |
| Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
| Microsoft.Resources/deployments/operationstatuses/read | 取得或列出部署作業狀態。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | 取得或列出部署。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/write | 建立或更新部署。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | 取得或列出部署作業。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | 取得或列出部署作業狀態。 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
| Microsoft.HybridCompute/machines/read | 讀取任何 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/write | 寫入 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/delete | 刪除 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/UpgradeExtensions/action | 升級 Azure Arc 機器上的擴充功能 |
| Microsoft.HybridCompute/machines/assessPatches/action | 評估任何 Azure Arc 機器以取得遺漏的軟體修補程式 |
| Microsoft.HybridCompute/machines/installPatches/action | 在任何 Azure Arc 計算機上安裝修補程式 |
| Microsoft.HybridCompute/machines/extensions/read | 讀取任何 Azure Arc 延伸模組 |
| Microsoft.HybridCompute/machines/extensions/write | 安裝或更新 Azure Arc 擴充功能 |
| Microsoft.HybridCompute/machines/extensions/delete | 刪除 Azure Arc 擴充功能 |
| Microsoft.HybridCompute/operations/read | 讀取適用於伺服器的 Azure Arc 的所有作業 |
| Microsoft.HybridCompute/locations/operationresults/read | 讀取 Microsoft.HybridCompute 資源提供者上的作業狀態 |
| Microsoft.HybridCompute/locations/operationstatus/read | 讀取 Microsoft.HybridCompute 資源提供者上的作業狀態 |
| Microsoft.HybridCompute/machines/patchAssessmentResults/read | 讀取任何 Azure Arc patchAssessmentResults |
| Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | 讀取任何 Azure Arc patchAssessmentResults/softwarePatches |
| Microsoft.HybridCompute/machines/patchInstallationResults/read | 讀取任何 Azure Arc patchInstallationResults |
| Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | 讀取任何 Azure Arc patchInstallationResults/softwarePatches |
| Microsoft.HybridCompute/locations/updateCenterOperationResults/read | 讀取電腦上更新中心作業的狀態 |
| Microsoft.HybridCompute/machines/hybridIdentityMetadata/read | 讀取任何 Azure Arc 機器的混合式身分識別元數據 |
| Microsoft.HybridCompute/osType/agentVersions/read | 讀取所有可用的 Azure 連線機器代理程式版本 |
| Microsoft.HybridCompute/osType/agentVersions/latest/read | 閱讀最新的 Azure 連線機器代理程式版本 |
| Microsoft.HybridCompute/machines/runcommands/read | 讀取任何 Azure Arc Runcommands |
| Microsoft.HybridCompute/machines/runcommands/write | 安裝或更新 Azure Arc Runcommands |
| Microsoft.HybridCompute/machines/runcommands/delete | 刪除 Azure Arc Runcommands |
| Microsoft.HybridCompute/machines/licenseProfiles/read | 讀取任何 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/machines/licenseProfiles/write | 安裝或更新 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/machines/licenseProfiles/delete | 刪除 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/licenses/read | 讀取任何 Azure Arc 授權 |
| Microsoft.HybridCompute/licenses/write | 安裝或更新 Azure Arc 授權 |
| Microsoft.HybridCompute/licenses/delete | 刪除 Azure Arc 授權 |
| Microsoft.ExtendedLocation/customLocations/Read | 取得自定義位置資源 |
| Microsoft.ExtendedLocation/customLocations/deploy/action | 將權限部署至自訂位置資源 |
| Microsoft.KubernetesConfiguration/extensions/read | 取得擴充實例資源。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Grants permissions to perform all VM actions",
"id": "/providers/Microsoft.Authorization/roleDefinitions/874d1c73-6003-4e60-a13a-cb31ea190a85",
"name": "874d1c73-6003-4e60-a13a-cb31ea190a85",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/VirtualMachines/*",
"Microsoft.AzureStackHCI/virtualMachineInstances/*",
"Microsoft.AzureStackHCI/NetworkInterfaces/*",
"Microsoft.AzureStackHCI/VirtualHardDisks/*",
"Microsoft.AzureStackHCI/VirtualNetworks/Read",
"Microsoft.AzureStackHCI/VirtualNetworks/join/action",
"Microsoft.AzureStackHCI/LogicalNetworks/Read",
"Microsoft.AzureStackHCI/LogicalNetworks/join/action",
"Microsoft.AzureStackHCI/GalleryImages/Read",
"Microsoft.AzureStackHCI/GalleryImages/deploy/action",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.AzureStackHCI/StorageContainers/deploy/action",
"Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",
"Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action",
"Microsoft.AzureStackHCI/Clusters/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/delete",
"Microsoft.Resources/deployments/cancel/action",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/whatIf/action",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/assessPatches/action",
"Microsoft.HybridCompute/machines/installPatches/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/operations/read",
"Microsoft.HybridCompute/locations/operationresults/read",
"Microsoft.HybridCompute/locations/operationstatus/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
"Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
"Microsoft.HybridCompute/osType/agentVersions/read",
"Microsoft.HybridCompute/osType/agentVersions/latest/read",
"Microsoft.HybridCompute/machines/runcommands/read",
"Microsoft.HybridCompute/machines/runcommands/write",
"Microsoft.HybridCompute/machines/runcommands/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.ExtendedLocation/customLocations/Read",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.KubernetesConfiguration/extensions/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI VM Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI VM 讀取器
授與檢視 VM 的許可權
| 動作 | 描述 |
|---|---|
| Microsoft.AzureStackHCI/VirtualMachines/Read | 取得/列出虛擬機資源 |
| Microsoft.AzureStackHCI/virtualMachineInstances/Read | 取得/列出虛擬機實例資源 |
| Microsoft.AzureStackHCI/VirtualMachines/Extensions/Read | 取得/列出虛擬機擴充功能資源 |
| Microsoft.AzureStackHCI/VirtualNetworks/Read | 取得/列出虛擬網路資源 |
| Microsoft.AzureStackHCI/LogicalNetworks/Read | 取得/列出邏輯網路資源 |
| Microsoft.AzureStackHCI/NetworkInterfaces/Read | 取得/列出網路介面資源 |
| Microsoft.AzureStackHCI/VirtualHardDisks/Read | 取得/列出虛擬硬碟資源 |
| Microsoft.AzureStackHCI/StorageContainers/Read | 取得/列出記憶體容器資源 |
| Microsoft.AzureStackHCI/GalleryImages/Read | 取得/列出資源庫映像資源 |
| Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read | 取得/列出市場位置資源庫映射資源 |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/Read | 取得/列出網路安全組資源 |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read | 取得/列出安全性規則資源 |
| Microsoft.HybridCompute/licenses/read | 讀取任何 Azure Arc 授權 |
| Microsoft.HybridCompute/machines/extensions/read | 讀取任何 Azure Arc 延伸模組 |
| Microsoft.HybridCompute/machines/licenseProfiles/read | 讀取任何 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/machines/patchAssessmentResults/read | 讀取任何 Azure Arc patchAssessmentResults |
| Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | 讀取任何 Azure Arc patchAssessmentResults/softwarePatches |
| Microsoft.HybridCompute/machines/patchInstallationResults/read | 讀取任何 Azure Arc patchInstallationResults |
| Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | 讀取任何 Azure Arc patchInstallationResults/softwarePatches |
| Microsoft.HybridCompute/machines/read | 讀取任何 Azure Arc 機器 |
| Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations/read | 讀取任何 Azure Arc networkSecurityPerimeterConfigurations |
| Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/read | 讀取任何 Azure Arc privateEndpointConnections |
| Microsoft.HybridCompute/privateLinkScopes/read | 讀取任何 Azure Arc privateLinkScopes |
| Microsoft.Insights/AlertRules/Write | 建立或更新傳統計量警示 |
| Microsoft.Insights/AlertRules/Delete | 刪除傳統計量警示 |
| Microsoft.Insights/AlertRules/Read | 讀取傳統計量警示 |
| Microsoft.Insights/AlertRules/Activated/Action | 已啟動傳統計量警示 |
| Microsoft.Insights/AlertRules/Resolved/Action | 已解決傳統計量警示 |
| Microsoft.Insights/AlertRules/Throttled/Action | 傳統計量警示規則已節流 |
| Microsoft.Insights/AlertRules/Incidents/Read | 讀取傳統計量警示事件 |
| Microsoft.Resources/deployments/read | 取得或列出部署。 |
| Microsoft.Resources/deployments/exportTemplate/action | 匯出部署的範本 |
| Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
| Microsoft.Resources/deployments/operationstatuses/read | 取得或列出部署作業狀態。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | 取得或列出部署。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | 取得或列出部署作業。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | 取得或列出部署作業狀態。 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Grants permissions to view VMs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4b3fe76c-f777-4d24-a2d7-b027b0f7b273",
"name": "4b3fe76c-f777-4d24-a2d7-b027b0f7b273",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/VirtualMachines/Read",
"Microsoft.AzureStackHCI/virtualMachineInstances/Read",
"Microsoft.AzureStackHCI/VirtualMachines/Extensions/Read",
"Microsoft.AzureStackHCI/VirtualNetworks/Read",
"Microsoft.AzureStackHCI/LogicalNetworks/Read",
"Microsoft.AzureStackHCI/NetworkInterfaces/Read",
"Microsoft.AzureStackHCI/VirtualHardDisks/Read",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.AzureStackHCI/GalleryImages/Read",
"Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations/read",
"Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/read",
"Microsoft.HybridCompute/privateLinkScopes/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI VM Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack 註冊擁有者
可讓您管理 Azure Stack 註冊。
| 動作 | 描述 |
|---|---|
| Microsoft.AzureStack/edgeSubscriptions/read | |
| Microsoft.AzureStack/registrations/products/*/action | |
| Microsoft.AzureStack/registrations/products/read | 取得 Azure Stack Marketplace 產品的屬性 |
| Microsoft.AzureStack/registrations/read | 取得 Azure Stack 註冊的屬性 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Stack registrations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"permissions": [
{
"actions": [
"Microsoft.AzureStack/edgeSubscriptions/read",
"Microsoft.AzureStack/registrations/products/*/action",
"Microsoft.AzureStack/registrations/products/read",
"Microsoft.AzureStack/registrations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack Registration Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
混合式伺服器資源管理員
可以讀取、寫入、刪除和重新將混合式伺服器上線至混合式資源提供者。
| 動作 | 描述 |
|---|---|
| Microsoft.HybridCompute/machines/* | |
| Microsoft.HybridCompute/*/read | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read, write, delete, and re-onboard Hybrid servers to the Hybrid Resource Provider.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/48b40c6e-82e0-4eb3-90d5-19e40f49b624",
"name": "48b40c6e-82e0-4eb3-90d5-19e40f49b624",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/*",
"Microsoft.HybridCompute/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Hybrid Server Resource Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}