管理與治理的 Azure 內建角色
本文列出管理與治理類別中的 Azure 內建角色。
Advisor 建議參與者 (評量和檢閱)
檢視評估建議、接受的檢閱建議,以及管理建議生命週期(將建議標示為已完成、延後或已關閉、進行中或未啟動)。
| 動作 | 描述 |
|---|---|
| Microsoft.Advisor/recommendations/read | 讀取建議 |
| Microsoft.Advisor/recommendations/write | 寫入建議 |
| Microsoft.Advisor/recommendations/available/action | Microsoft Advisor 中提供新的建議 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "View assessment recommendations, accepted review recommendations, and manage the recommendations lifecycle (mark recommendations as completed, postponed or dismissed, in progress, or not started).",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6b534d80-e337-47c4-864f-140f5c7f593d",
"name": "6b534d80-e337-47c4-864f-140f5c7f593d",
"permissions": [
{
"actions": [
"Microsoft.Advisor/recommendations/read",
"Microsoft.Advisor/recommendations/write",
"Microsoft.Advisor/recommendations/available/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Advisor Recommendations Contributor (Assessments and Reviews)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Advisor 檢閱參與者
檢視工作負載的檢閱,並分級與其鏈接的建議。
| 動作 | 描述 |
|---|---|
| Microsoft.Advisor/resiliencyReviews/read | 讀取 resiliencyReviews |
| Microsoft.Advisor/triageRecommendations/read | 讀取 triageRecommendations |
| Microsoft.Advisor/triageRecommendations/approve/action | 核准分級Recommendations |
| Microsoft.Advisor/triageRecommendations/reject/action | 拒絕 triageRecommendations |
| Microsoft.Advisor/triageRecommendations/reset/action | 重設分級Recommendations |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "View reviews for a workload and triage recommendations linked to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8aac15f0-d885-4138-8afa-bfb5872f7d13",
"name": "8aac15f0-d885-4138-8afa-bfb5872f7d13",
"permissions": [
{
"actions": [
"Microsoft.Advisor/resiliencyReviews/read",
"Microsoft.Advisor/triageRecommendations/read",
"Microsoft.Advisor/triageRecommendations/approve/action",
"Microsoft.Advisor/triageRecommendations/reject/action",
"Microsoft.Advisor/triageRecommendations/reset/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Advisor Reviews Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Advisor 檢閱讀者
檢視與工作負載連結之建議的檢閱。
| 動作 | 描述 |
|---|---|
| Microsoft.Advisor/resiliencyReviews/read | 讀取 resiliencyReviews |
| Microsoft.Advisor/triageRecommendations/read | 讀取 triageRecommendations |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "View reviews for a workload and recommendations linked to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c64499e0-74c3-47ad-921c-13865957895c",
"name": "c64499e0-74c3-47ad-921c-13865957895c",
"permissions": [
{
"actions": [
"Microsoft.Advisor/resiliencyReviews/read",
"Microsoft.Advisor/triageRecommendations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Advisor Reviews Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
自動化參與者
使用 Azure 自動化管理 Azure 自動化資源和其他資源。
| 動作 | 描述 |
|---|---|
| Microsoft.Automation/automationAccounts/* | |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立和更新支援票證 |
| Microsoft.Insights/ActionGroups/* | |
| Microsoft.Insights/ActivityLogAlerts/* | |
| Microsoft.Insights/MetricAlerts/* | |
| Microsoft.Insights/ScheduledQueryRules/* | |
| Microsoft.Insights/diagnosticSettings/* | 建立、更新或讀取 Analysis Server 的診斷設定 |
| Microsoft.OperationalInsights/workspaces/sharedKeys/action | 擷取工作區的共用金鑰。 這些密鑰可用來將 operational Insights 代理程式Microsoft連線到工作區。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Manage azure automation resources and other resources using azure automation.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f353d9bd-d4a6-484e-a77a-8050b599b867",
"name": "f353d9bd-d4a6-484e-a77a-8050b599b867",
"permissions": [
{
"actions": [
"Microsoft.Automation/automationAccounts/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/ActionGroups/*",
"Microsoft.Insights/ActivityLogAlerts/*",
"Microsoft.Insights/MetricAlerts/*",
"Microsoft.Insights/ScheduledQueryRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/workspaces/sharedKeys/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
自動化作業操作員
使用自動化 Runbook 建立及管理作業。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read | 讀取混合式 Runbook 背景工作角色群組 |
| Microsoft.Automation/automationAccounts/jobs/read | 取得 Azure 自動化作業 |
| Microsoft.Automation/automationAccounts/jobs/resume/action | 繼續 Azure 自動化 作業 |
| Microsoft.Automation/automationAccounts/jobs/stop/action | 停止 Azure 自動化 作業 |
| Microsoft.Automation/automationAccounts/jobs/streams/read | 取得 Azure 自動化 作業數據流 |
| Microsoft.Automation/automationAccounts/jobs/suspend/action | 暫停 Azure 自動化作業 |
| Microsoft.Automation/automationAccounts/jobs/write | 建立 Azure 自動化 作業 |
| Microsoft.Automation/automationAccounts/jobs/output/read | 取得作業的輸出 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Create and Manage Jobs using Automation Runbooks.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f",
"name": "4fe576fe-1146-4730-92eb-48519fa6bf9f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Job Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
自動化操作員
自動化操作員可啟動、停止、暫止及繼續作業
{
"assignableScopes": [
"/"
],
"description": "Automation Operators are able to start, stop, suspend, and resume jobs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404",
"name": "d3881f73-407a-4167-8283-e981cbba0404",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobSchedules/read",
"Microsoft.Automation/automationAccounts/jobSchedules/write",
"Microsoft.Automation/automationAccounts/linkedWorkspace/read",
"Microsoft.Automation/automationAccounts/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Automation/automationAccounts/schedules/read",
"Microsoft.Automation/automationAccounts/schedules/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
自動化 Runbook 操作員
讀取 Runbook 屬性 - 能夠建立 Runbook 的作業。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Automation/automationAccounts/runbooks/read | 取得 Azure 自動化 Runbook |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read Runbook properties - to be able to create Jobs of the runbook.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"name": "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Runbook Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure SAP 解決方案中心管理員
此角色提供 Azure Center for SAP 解決方案之所有功能的讀取和寫入存取權。
| 動作 | 描述 |
|---|---|
| Microsoft.Advisor/configurations/read | 取得組態 |
| Microsoft.Advisor/recommendations/read | 讀取建議 |
| Microsoft.Workloads/sapvirtualInstances/*/read | |
| Microsoft.Workloads/sapVirtualInstances/*/write | |
| Microsoft.Workloads/sapVirtualInstances/*/delete | |
| Microsoft.Workloads/Locations/*/action | |
| Microsoft.Workloads/Locations/*/read | |
| Microsoft.Workloads/sapVirtualInstances/*/start/action | |
| Microsoft.Workloads/sapVirtualInstances/*/stop/action | |
| Microsoft.Workloads/connectors/*/read | |
| Microsoft.Workloads/connectors/*/write | |
| Microsoft.Workloads/connectors/*/delete | |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Insights/metrics/read | 讀取計量 |
| Microsoft.Insights/metricDefinitions/read | 讀取計量定義 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Resources/subscriptions/resourceGroups/write | 建立或更新資源群組。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
| Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read | 取得 PingMesh 的可用計量 |
| Microsoft.Network/virtualNetworks/subnets/read | 取得虛擬網路子網路定義 |
| Microsoft.Network/virtualNetworks/subnets/write | 建立虛擬網路子網路,或更新現有的虛擬網路子網路 |
| Microsoft.Network/virtualNetworks/subnets/virtualMachines/read | 取得虛擬網路子網路中所有虛擬機器的參考 |
| Microsoft.Network/networkInterfaces/read | 取得網路介面定義。 |
| Microsoft.Network/networkInterfaces/ipconfigurations/read | 取得網路介面IP組態定義。 |
| Microsoft.Network/networkInterfaces/loadBalancers/read | 取得網路介面所屬的所有負載平衡器 |
| Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read | 取得網路介面的可用計量 |
| Microsoft.Network/loadBalancers/read | 取得負載平衡器定義 |
| Microsoft.Network/loadBalancers/backendAddressPools/read | 取得負載平衡器後端位址池定義 |
| Microsoft.Network/loadBalancers/frontendIPConfigurations/read | 取得負載平衡器前端IP組態定義 |
| Microsoft.Network/loadBalancers/loadBalancingRules/read | 取得負載平衡器負載平衡規則定義 |
| Microsoft.Network/loadBalancers/inboundNatRules/read | 取得負載平衡器輸入 nat 規則定義 |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read | 取得 Load Balancer 的事件 |
| Microsoft.Network/loadBalancers/networkInterfaces/read | 取得負載平衡器下所有網路介面的參考 |
| Microsoft.Network/loadBalancers/outboundRules/read | 取得負載平衡器輸出規則定義 |
| Microsoft.Network/loadBalancers/virtualMachines/read | 取得負載平衡器下所有虛擬機的參考 |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read | 取得 Load Balancer 的可用計量 |
| Microsoft.Network/privateEndpoints/read | 取得私人端點資源。 |
| Microsoft.Network/networkSecurityGroups/join/action | 加入網路安全性群組。 不可警示。 |
| Microsoft.Network/routeTables/join/action | 加入路由表。 不可警示。 |
| Microsoft.Storage/storageAccounts/read | 傳回儲存體帳戶的清單,或取得指定之儲存體帳戶的屬性。 |
| Microsoft.Storage/storageAccounts/blobServices/read | 傳回 Blob 服務屬性或統計數據 |
| Microsoft.Storage/storageAccounts/blobServices/containers/read | 傳回容器清單 |
| Microsoft.Storage/storageAccounts/fileServices/read | 取得檔案服務屬性 |
| Microsoft.Storage/storageAccounts/fileServices/shares/read | 列出檔案共用 |
| Microsoft.Compute/virtualMachines/read | 取得虛擬機器的屬性 |
| Microsoft.Compute/availabilitySets/read | 取得可用性設定組的屬性 |
| Microsoft.Compute/sshPublicKeys/read | 取得 SSH 公鑰的屬性 |
| Microsoft.Compute/sshPublicKeys/write | 建立新的 SSH 公鑰或更新現有的 SSH 公鑰 |
| Microsoft.Compute/sshPublicKeys/*/generateKeyPair/action | |
| Microsoft.Compute/virtualMachines/extensions/read | 取得虛擬機擴充功能的屬性 |
| Microsoft.Compute/virtualMachines/extensions/delete | 刪除虛擬機擴充功能 |
| Microsoft.Compute/disks/read | 取得磁碟的屬性 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read | 傳回 Blob 或 Blob 清單 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "This role provides read and write access to all capabilities of Azure Center for SAP solutions.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7",
"name": "7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7",
"permissions": [
{
"actions": [
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Workloads/sapvirtualInstances/*/read",
"Microsoft.Workloads/sapVirtualInstances/*/write",
"Microsoft.Workloads/sapVirtualInstances/*/delete",
"Microsoft.Workloads/Locations/*/action",
"Microsoft.Workloads/Locations/*/read",
"Microsoft.Workloads/sapVirtualInstances/*/start/action",
"Microsoft.Workloads/sapVirtualInstances/*/stop/action",
"Microsoft.Workloads/connectors/*/read",
"Microsoft.Workloads/connectors/*/write",
"Microsoft.Workloads/connectors/*/delete",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/write",
"Microsoft.Network/virtualNetworks/subnets/virtualMachines/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/ipconfigurations/read",
"Microsoft.Network/networkInterfaces/loadBalancers/read",
"Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/loadBalancers/backendAddressPools/read",
"Microsoft.Network/loadBalancers/frontendIPConfigurations/read",
"Microsoft.Network/loadBalancers/loadBalancingRules/read",
"Microsoft.Network/loadBalancers/inboundNatRules/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read",
"Microsoft.Network/loadBalancers/networkInterfaces/read",
"Microsoft.Network/loadBalancers/outboundRules/read",
"Microsoft.Network/loadBalancers/virtualMachines/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/privateEndpoints/read",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/routeTables/join/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/fileServices/read",
"Microsoft.Storage/storageAccounts/fileServices/shares/read",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/sshPublicKeys/read",
"Microsoft.Compute/sshPublicKeys/write",
"Microsoft.Compute/sshPublicKeys/*/generateKeyPair/action",
"Microsoft.Compute/virtualMachines/extensions/read",
"Microsoft.Compute/virtualMachines/extensions/delete",
"Microsoft.Compute/disks/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
],
"notDataActions": []
}
],
"roleName": "Azure Center for SAP solutions administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
適用於 SAP 解決方案的 Azure 中心讀者
此角色提供 Azure Center for SAP 解決方案之所有功能的讀取存取權。
| 動作 | 描述 |
|---|---|
| Microsoft.Advisor/configurations/read | 取得組態 |
| Microsoft.Advisor/recommendations/read | 讀取建議 |
| Microsoft.Workloads/sapvirtualInstances/*/read | |
| Microsoft.Workloads/Locations/*/read | |
| Microsoft.Workloads/Operations/read | 讀取作業 |
| Microsoft.Workloads/Locations/OperationStatuses/read | read OperationStatuses |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Insights/alertRules/read | 讀取傳統計量警示 |
| Microsoft.Insights/metrics/read | 讀取計量 |
| Microsoft.Insights/metricDefinitions/read | 讀取計量定義 |
| Microsoft.Resources/deployments/read | 取得或列出部署。 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | 取得或列出部署。 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
| Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read | 取得 PingMesh 的可用計量 |
| Microsoft.Network/virtualNetworks/subnets/read | 取得虛擬網路子網路定義 |
| Microsoft.Network/virtualNetworks/subnets/virtualMachines/read | 取得虛擬網路子網路中所有虛擬機器的參考 |
| Microsoft.Network/networkInterfaces/read | 取得網路介面定義。 |
| Microsoft.Network/networkInterfaces/ipconfigurations/read | 取得網路介面IP組態定義。 |
| Microsoft.Network/networkInterfaces/loadBalancers/read | 取得網路介面所屬的所有負載平衡器 |
| Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read | 取得網路介面的可用計量 |
| Microsoft.Network/loadBalancers/read | 取得負載平衡器定義 |
| Microsoft.Network/loadBalancers/backendAddressPools/read | 取得負載平衡器後端位址池定義 |
| Microsoft.Network/loadBalancers/frontendIPConfigurations/read | 取得負載平衡器前端IP組態定義 |
| Microsoft.Network/loadBalancers/loadBalancingRules/read | 取得負載平衡器負載平衡規則定義 |
| Microsoft.Network/loadBalancers/inboundNatRules/read | 取得負載平衡器輸入 nat 規則定義 |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read | 取得 Load Balancer 的事件 |
| Microsoft.Network/loadBalancers/networkInterfaces/read | 取得負載平衡器下所有網路介面的參考 |
| Microsoft.Network/loadBalancers/outboundRules/read | 取得負載平衡器輸出規則定義 |
| Microsoft.Network/loadBalancers/virtualMachines/read | 取得負載平衡器下所有虛擬機的參考 |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read | 取得 Load Balancer 的可用計量 |
| Microsoft.Network/privateEndpoints/read | 取得私人端點資源。 |
| Microsoft.Storage/storageAccounts/read | 傳回儲存體帳戶的清單,或取得指定之儲存體帳戶的屬性。 |
| Microsoft.Storage/storageAccounts/blobServices/read | 傳回 Blob 服務屬性或統計數據 |
| Microsoft.Storage/storageAccounts/blobServices/containers/read | 傳回容器清單 |
| Microsoft.Storage/storageAccounts/fileServices/read | 取得檔案服務屬性 |
| Microsoft.Storage/storageAccounts/fileServices/shares/read | 列出檔案共用 |
| Microsoft.Compute/virtualMachines/read | 取得虛擬機器的屬性 |
| Microsoft.Compute/availabilitySets/read | 取得可用性設定組的屬性 |
| Microsoft.Compute/virtualMachines/extensions/read | 取得虛擬機擴充功能的屬性 |
| Microsoft.Compute/disks/read | 取得磁碟的屬性 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "This role provides read access to all capabilities of Azure Center for SAP solutions.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/05352d14-a920-4328-a0de-4cbe7430e26b",
"name": "05352d14-a920-4328-a0de-4cbe7430e26b",
"permissions": [
{
"actions": [
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Workloads/sapvirtualInstances/*/read",
"Microsoft.Workloads/Locations/*/read",
"Microsoft.Workloads/Operations/read",
"Microsoft.Workloads/Locations/OperationStatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/read",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/virtualMachines/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/ipconfigurations/read",
"Microsoft.Network/networkInterfaces/loadBalancers/read",
"Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/loadBalancers/backendAddressPools/read",
"Microsoft.Network/loadBalancers/frontendIPConfigurations/read",
"Microsoft.Network/loadBalancers/loadBalancingRules/read",
"Microsoft.Network/loadBalancers/inboundNatRules/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read",
"Microsoft.Network/loadBalancers/networkInterfaces/read",
"Microsoft.Network/loadBalancers/outboundRules/read",
"Microsoft.Network/loadBalancers/virtualMachines/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/privateEndpoints/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/fileServices/read",
"Microsoft.Storage/storageAccounts/fileServices/shares/read",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/virtualMachines/extensions/read",
"Microsoft.Compute/disks/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Center for SAP solutions reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure SAP 解決方案中心服務角色
適用於 SAP 解決方案的 Azure 中心服務角色 - 此角色旨在用來提供使用者指派受控識別的許可權。 適用於 SAP 解決方案的 Azure 中心會使用此身分識別來部署和管理 SAP 系統。
| 動作 | 描述 |
|---|---|
| Microsoft.Resources/subscriptions/resourceGroups/write | 建立或更新資源群組。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.Network/loadBalancers/read | 取得負載平衡器定義 |
| Microsoft.Network/loadBalancers/write | 建立負載平衡器,或更新現有的負載平衡器 |
| Microsoft.Network/loadBalancers/backendAddressPools/read | 取得負載平衡器後端位址池定義 |
| Microsoft.Network/loadBalancers/backendAddressPools/write | 建立負載平衡器後端位址池,或更新現有的負載平衡器後端位址池 |
| Microsoft.Network/loadBalancers/frontendIPConfigurations/read | 取得負載平衡器前端IP組態定義 |
| Microsoft.Network/loadBalancers/loadBalancingRules/read | 取得負載平衡器負載平衡規則定義 |
| Microsoft.Network/loadBalancers/inboundNatRules/read | 取得負載平衡器輸入 nat 規則定義 |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read | 取得 Load Balancer 的事件 |
| Microsoft.Network/loadBalancers/networkInterfaces/read | 取得負載平衡器下所有網路介面的參考 |
| Microsoft.Network/loadBalancers/outboundRules/read | 取得負載平衡器輸出規則定義 |
| Microsoft.Network/loadBalancers/virtualMachines/read | 取得負載平衡器下所有虛擬機的參考 |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read | 取得 Load Balancer 的可用計量 |
| Microsoft.Network/networkInterfaces/read | 取得網路介面定義。 |
| Microsoft.Network/networkInterfaces/write | 建立網路介面或更新現有的網路介面。 |
| Microsoft.Network/networkInterfaces/ipconfigurations/read | 取得網路介面IP組態定義。 |
| Microsoft.Network/networkInterfaces/loadBalancers/read | 取得網路介面所屬的所有負載平衡器 |
| Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
| Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read | 檢查指定的虛擬網路是否有可用的IP位址 |
| Microsoft.Network/virtualNetworks/subnets/read | 取得虛擬網路子網路定義 |
| Microsoft.Network/virtualNetworks/subnets/virtualMachines/read | 取得虛擬網路子網路中所有虛擬機器的參考 |
| Microsoft.Network/virtualNetworks/virtualMachines/read | 取得虛擬網路中所有虛擬機器的參考 |
| Microsoft.Network/networkInterfaces/ipconfigurations/join/action | 加入網路介面IP組態。 不可警示。 |
| Microsoft.Network/privateEndpoints/read | 取得私人端點資源。 |
| Microsoft.Network/privateEndpoints/write | 建立新的私人端點,或更新現有的私人端點。 |
| Microsoft.Network/networkInterfaces/join/action | 將虛擬機加入網路介面。 不可警示。 |
| Microsoft.Network/loadBalancers/backendAddressPools/join/action | 加入負載平衡器後端位址池。 不可警示。 |
| Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action | 聯結 Load Balancer 前端 IP 組態。 不可警示。 |
| Microsoft.Network/virtualNetworks/subnets/join/action | 加入虛擬網路。 不可警示。 |
| Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action | 將負載平衡器加入虛擬網路子網 |
| Microsoft.Storage/storageAccounts/read | 傳回儲存體帳戶的清單,或取得指定之儲存體帳戶的屬性。 |
| Microsoft.Storage/storageAccounts/write | 使用指定參數來建立儲存體帳戶、更新指定儲存體帳戶的屬性或標記,或新增指定儲存體帳戶的自訂網域。 |
| Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action | 核准私人端點連線 |
| Microsoft.Storage/storageAccounts/blobServices/read | 傳回 Blob 服務屬性或統計數據 |
| Microsoft.Storage/storageAccounts/blobServices/containers/read | 傳回容器清單 |
| Microsoft.Storage/storageAccounts/fileServices/read | 取得檔案服務屬性 |
| Microsoft.Storage/storageAccounts/fileServices/write | 放置檔案服務屬性 |
| Microsoft.Storage/storageAccounts/fileServices/shares/read | 列出檔案共用 |
| Microsoft.Storage/storageAccounts/fileServices/shares/write | 建立或更新檔案共用 |
| Microsoft.Compute/virtualMachines/read | 取得虛擬機器的屬性 |
| Microsoft.Compute/virtualMachines/write | 建立新的虛擬機或更新現有的虛擬機 |
| Microsoft.Compute/virtualMachines/instanceView/read | 取得虛擬機及其資源的詳細運行時間狀態 |
| Microsoft.Compute/availabilitySets/read | 取得可用性設定組的屬性 |
| Microsoft.Compute/availabilitySets/write | 建立新的可用性設定組或更新現有的可用性設定組 |
| Microsoft.Compute/skus/read | 取得訂用帳戶可用的 Microsoft.Compute SKU 清單 |
| Microsoft.Compute/sshPublicKeys/read | 取得 SSH 公鑰的屬性 |
| Microsoft.Compute/virtualMachines/extensions/read | 取得虛擬機擴充功能的屬性 |
| Microsoft.Compute/virtualMachines/extensions/write | 建立新的虛擬機擴充功能或更新現有的虛擬機擴充功能 |
| Microsoft.Compute/virtualMachines/extensions/delete | 刪除虛擬機擴充功能 |
| Microsoft.Compute/disks/read | 取得磁碟的屬性 |
| Microsoft.Compute/disks/write | 建立新的磁碟或更新現有的磁碟 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Azure Center for SAP solutions service role - This role is intended to be used for providing the permissions to user assigned managed identity. Azure Center for SAP solutions will use this identity to deploy and manage SAP systems.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/aabbc5dd-1af0-458b-a942-81af88f9c138",
"name": "aabbc5dd-1af0-458b-a942-81af88f9c138",
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/loadBalancers/write",
"Microsoft.Network/loadBalancers/backendAddressPools/read",
"Microsoft.Network/loadBalancers/backendAddressPools/write",
"Microsoft.Network/loadBalancers/frontendIPConfigurations/read",
"Microsoft.Network/loadBalancers/loadBalancingRules/read",
"Microsoft.Network/loadBalancers/inboundNatRules/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read",
"Microsoft.Network/loadBalancers/networkInterfaces/read",
"Microsoft.Network/loadBalancers/outboundRules/read",
"Microsoft.Network/loadBalancers/virtualMachines/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/networkInterfaces/ipconfigurations/read",
"Microsoft.Network/networkInterfaces/loadBalancers/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/virtualMachines/read",
"Microsoft.Network/virtualNetworks/virtualMachines/read",
"Microsoft.Network/networkInterfaces/ipconfigurations/join/action",
"Microsoft.Network/privateEndpoints/read",
"Microsoft.Network/privateEndpoints/write",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/write",
"Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/fileServices/read",
"Microsoft.Storage/storageAccounts/fileServices/write",
"Microsoft.Storage/storageAccounts/fileServices/shares/read",
"Microsoft.Storage/storageAccounts/fileServices/shares/write",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/write",
"Microsoft.Compute/virtualMachines/instanceView/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/availabilitySets/write",
"Microsoft.Compute/skus/read",
"Microsoft.Compute/sshPublicKeys/read",
"Microsoft.Compute/virtualMachines/extensions/read",
"Microsoft.Compute/virtualMachines/extensions/write",
"Microsoft.Compute/virtualMachines/extensions/delete",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Center for SAP solutions service role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Connected Machine 上線
可以將 Azure Connected Machine 上線。
| 動作 | 描述 |
|---|---|
| Microsoft.HybridCompute/machines/read | 讀取任何 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/write | 寫入 Azure Arc 機器 |
| Microsoft.HybridCompute/privateLinkScopes/read | 讀取任何 Azure Arc privateLinkScopes |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/read | 取得來賓設定指派。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can onboard Azure Connected Machines.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"name": "b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/privateLinkScopes/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Onboarding",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Connected Machine 資源管理員
可以讀取、寫入、刪除 Azure Connected Machine 及將之重新上線。
| 動作 | 描述 |
|---|---|
| Microsoft.HybridCompute/machines/* | |
| Microsoft.HybridCompute/machines/extensions/* | |
| Microsoft.HybridCompute/machines/licenseProfiles/* | |
| Microsoft.HybridCompute/machines/runCommands/* | |
| Microsoft.HybridCompute/machines/UpgradeExtensions/action | 升級 Azure Arc 機器上的擴充功能 |
| Microsoft.HybridCompute/privateLinkScopes/* | |
| Microsoft.HybridCompute/licenses/* | |
| Microsoft.HybridCompute/locations/* | |
| Microsoft.HybridCompute/*/read | |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read, write, delete and re-onboard Azure Connected Machines.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302",
"name": "cd570a14-e51a-42ad-bac8-bafd67325302",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/*",
"Microsoft.HybridCompute/machines/extensions/*",
"Microsoft.HybridCompute/machines/licenseProfiles/*",
"Microsoft.HybridCompute/machines/runCommands/*",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/privateLinkScopes/*",
"Microsoft.HybridCompute/licenses/*",
"Microsoft.HybridCompute/locations/*",
"Microsoft.HybridCompute/*/read",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Resource Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Connected Machine Resource Manager
AzureStackHCI RP 的自訂角色,以管理資源群組中的混合式計算機器和混合式連線端點
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read | |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/read | 取得來賓設定指派。 |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/write | 建立新的來賓設定指派。 |
| Microsoft.HybridCompute/machines/read | 讀取任何 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/extensions/read | 讀取任何 Azure Arc 延伸模組 |
| Microsoft.HybridCompute/*/read | |
| Microsoft.HybridCompute/machines/delete | 刪除 Azure Arc 機器 |
| Microsoft.HybridCompute/machines/extensions/delete | 刪除 Azure Arc 擴充功能 |
| Microsoft.HybridCompute/machines/extensions/write | 安裝或更新 Azure Arc 擴充功能 |
| Microsoft.HybridCompute/machines/licenseProfiles/delete | 刪除 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/machines/licenseProfiles/read | 讀取任何 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/machines/licenseProfiles/write | 安裝或更新 Azure Arc licenseProfiles |
| Microsoft.HybridCompute/machines/UpgradeExtensions/action | 升級 Azure Arc 機器上的擴充功能 |
| Microsoft.HybridCompute/machines/write | 寫入 Azure Arc 機器 |
| Microsoft.HybridConnectivity/endpoints/read | 取得或列出目標資源的端點。 |
| Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read | 取得或列出端點資源的 serviceConfigurations。 |
| Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write | 建立或更新 serviceConfigurations 至端點資源。 |
| Microsoft.HybridConnectivity/endpoints/write | 建立或更新目標資源的端點。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.EdgeMarketplace/locations/operationStatuses/read | read operationStatuses |
| Microsoft.EdgeMarketPlace/offers/getAccessToken/action | 取得存取令牌。 |
| Microsoft.EdgeMarketPlace/offers/generateAccessToken/action | 長時間執行的資源動作。 |
| Microsoft.EdgeMarketplace/publishers/read | 取得發行者 |
| Microsoft.EdgeMarketplace/offers/read | 取得供應專案 |
| Microsoft.ExtendedLocation/customLocations/read | 取得自定義位置資源 |
| Microsoft.Attestation/attestationProviders/write | 新增證明服務。 |
| Microsoft.Attestation/attestationProviders/read | 取得證明服務狀態。 |
| Microsoft.Attestation/attestationProviders/delete | 拿掉證明服務。 |
| Microsoft.Attestation/attestationProviders/attestation/read | 取得證明服務狀態。 |
| Microsoft.Attestation/attestationProviders/attestation/write | 新增證明服務。 |
| Microsoft.Attestation/attestationProviders/attestation/delete | 拿掉證明服務。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f5819b54-e033-4d82-ac66-4fec3cbf3f4c",
"name": "f5819b54-e033-4d82-ac66-4fec3cbf3f4c",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/write",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/*/read",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridConnectivity/endpoints/read",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write",
"Microsoft.HybridConnectivity/endpoints/write",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.EdgeMarketplace/locations/operationStatuses/read",
"Microsoft.EdgeMarketPlace/offers/getAccessToken/action",
"Microsoft.EdgeMarketPlace/offers/generateAccessToken/action",
"Microsoft.EdgeMarketplace/publishers/read",
"Microsoft.EdgeMarketplace/offers/read",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.Attestation/attestationProviders/write",
"Microsoft.Attestation/attestationProviders/read",
"Microsoft.Attestation/attestationProviders/delete",
"Microsoft.Attestation/attestationProviders/attestation/read",
"Microsoft.Attestation/attestationProviders/attestation/write",
"Microsoft.Attestation/attestationProviders/attestation/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Resource Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
適用於訂用帳戶的 Azure 客戶加密箱核准者
當訂用帳戶所在的租用戶上啟用適用於 Microsoft Azure 的客戶加密箱時,可以核准Microsoft支援要求,以存取訂用帳戶內所包含的特定資源或訂用帳戶本身。
| 動作 | 描述 |
|---|---|
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.CustomerLockbox/requests/UpdateApproval/action | 更新核准Microsoft.CustomerLockbox |
| Microsoft.CustomerLockbox/requests/read | 讀取加密箱要求 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Insights/eventtypes/values/read | 讀取活動記錄事件 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can approve Microsoft support requests to access specific resources contained within a subscription, or the subscription itself, when Customer Lockbox for Microsoft Azure is enabled on the tenant where the subscription resides.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4dae6930-7baf-46f5-909e-0383bc931c46",
"name": "4dae6930-7baf-46f5-909e-0383bc931c46",
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/read",
"Microsoft.CustomerLockbox/requests/UpdateApproval/action",
"Microsoft.CustomerLockbox/requests/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/eventtypes/values/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Customer Lockbox Approver for Subscription",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
帳單讀取器
允許對計費資料進行讀取存取
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Billing/*/read | 閱讀帳單資訊 |
| Microsoft.Commerce/*/read | |
| Microsoft.Consumption/*/read | |
| Microsoft.Management/managementGroups/read | 列出已驗證使用者的管理群組。 |
| Microsoft.CostManagement/*/read | |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to billing data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"name": "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Billing/*/read",
"Microsoft.Commerce/*/read",
"Microsoft.Consumption/*/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Billing Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
藍圖參與者
可以管理藍圖定義,但無法加以指派。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Blueprint/blueprints/* | 建立和管理藍圖定義或藍圖成品。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can manage blueprint definitions, but not assign them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4",
"name": "41077137-e803-4205-871c-5a86e6a753b4",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprints/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
藍圖操作員
可以指派現有的已發佈藍圖,但無法建立新的藍圖。 請注意,只有當指派是透過使用者指派的受控識別完成時,這才能運作。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Blueprint/blueprintAssignments/* | 建立和管理藍圖指派。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090",
"name": "437d2ced-4a38-4302-8479-ed2bcb43d090",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprintAssignments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
碳優化讀取器
允許對 Azure 碳優化數據的讀取存取
| 動作 | 描述 |
|---|---|
| Microsoft.Carbon/carbonEmissionReports/action | 適用於碳排放報告的 API |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allow read access to Azure Carbon Optimization data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa0d39e6-28e5-40cf-8521-1eb320653a4c",
"name": "fa0d39e6-28e5-40cf-8521-1eb320653a4c",
"permissions": [
{
"actions": [
"Microsoft.Carbon/carbonEmissionReports/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Carbon Optimization Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
成本管理參與者
可以檢視成本及管理成本設定 (例如: 預算、匯出)
| 動作 | 描述 |
|---|---|
| Microsoft.Consumption/* | |
| Microsoft.CostManagement/* | |
| Microsoft.Billing/billingPeriods/read | |
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立和更新支援票證 |
| Microsoft.Advisor/configurations/read | 取得組態 |
| Microsoft.Advisor/recommendations/read | 讀取建議 |
| Microsoft.Management/managementGroups/read | 列出已驗證使用者的管理群組。 |
| Microsoft.Billing/billingProperty/read | 取得訂用帳戶的計費屬性 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can view costs and manage cost configuration (e.g. budgets, exports)",
"id": "/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430",
"name": "434105ed-43f6-45c7-a02f-909b2ba83430",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*",
"Microsoft.CostManagement/*",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Billing/billingProperty/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
成本管理讀者
可以檢視成本資料及設定 (例如: 預算、匯出)
| 動作 | 描述 |
|---|---|
| Microsoft.Consumption/*/read | |
| Microsoft.CostManagement/*/read | |
| Microsoft.Billing/billingPeriods/read | |
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立和更新支援票證 |
| Microsoft.Advisor/configurations/read | 取得組態 |
| Microsoft.Advisor/recommendations/read | 讀取建議 |
| Microsoft.Management/managementGroups/read | 列出已驗證使用者的管理群組。 |
| Microsoft.Billing/billingProperty/read | 取得訂用帳戶的計費屬性 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can view cost data and configuration (e.g. budgets, exports)",
"id": "/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3",
"name": "72fafb9e-0641-4937-9268-a91bfd8191a3",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Billing/billingProperty/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
階層設定系統管理員
允許使用者編輯和刪除階層設定
| 動作 | 描述 |
|---|---|
| Microsoft.Management/managementGroups/settings/write | 建立或更新管理群組階層設定。 |
| Microsoft.Management/managementGroups/settings/delete | 刪除管理群組階層設定。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows users to edit and delete Hierarchy Settings",
"id": "/providers/Microsoft.Authorization/roleDefinitions/350f8d15-c687-4448-8ae1-157740a3936d",
"name": "350f8d15-c687-4448-8ae1-157740a3936d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/settings/write",
"Microsoft.Management/managementGroups/settings/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Hierarchy Settings Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
受控應用程式參與者角色
允許建立受控應用程式資源。
| 動作 | 描述 |
|---|---|
| */read | 讀取除了秘密以外的所有類型的資源。 |
| Microsoft.Solutions/applications/* | |
| Microsoft.Solutions/register/action | 註冊 Microsoft.Solutions 的訂用帳戶 |
| Microsoft.Resources/subscriptions/resourceGroups/* | |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows for creating managed application resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e",
"name": "641177b8-a67a-45b9-a033-47bc880bb21e",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/*",
"Microsoft.Solutions/register/action",
"Microsoft.Resources/subscriptions/resourceGroups/*",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Contributor Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
受控應用程式操作員角色
可讓您在受控應用程式資源上讀取及執行動作
| 動作 | 描述 |
|---|---|
| */read | 讀取除了秘密以外的所有類型的資源。 |
| Microsoft.Solutions/applications/read | 列出訂用帳戶中的所有應用程式。 |
| Microsoft.Solutions/*/action | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and perform actions on Managed Application resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae",
"name": "c7393b34-138c-406f-901b-d8cf2b17e6ae",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/read",
"Microsoft.Solutions/*/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
受控應用程式讀者
可讓您讀取受控應用程式中的資源及要求 JIT 存取權。
| 動作 | 描述 |
|---|---|
| */read | 讀取除了秘密以外的所有類型的資源。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Solutions/jitRequests/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read resources in a managed app and request JIT access.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44",
"name": "b9331d33-8a36-4f8c-b097-4f54124fdb44",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Solutions/jitRequests/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Applications Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
受控服務註冊指派刪除角色
受控服務註冊指派刪除角色可讓管理租用戶使用者刪除指派給其租用戶的註冊指派。
| 動作 | 描述 |
|---|---|
| Microsoft.ManagedServices/registrationAssignments/read | 擷取受控服務註冊指派的清單。 |
| Microsoft.ManagedServices/registrationAssignments/delete | 拿掉受控服務註冊指派。 |
| Microsoft.ManagedServices/operationStatuses/read | 讀取資源的作業狀態。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46",
"name": "91c1777a-f3dc-4fae-b103-61d183457e46",
"permissions": [
{
"actions": [
"Microsoft.ManagedServices/registrationAssignments/read",
"Microsoft.ManagedServices/registrationAssignments/delete",
"Microsoft.ManagedServices/operationStatuses/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Services Registration assignment Delete Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
管理群組參與者
管理群組參與者角色
| 動作 | 描述 |
|---|---|
| Microsoft.Management/managementGroups/delete | 刪除管理群組。 |
| Microsoft.Management/managementGroups/read | 列出已驗證使用者的管理群組。 |
| Microsoft.Management/managementGroups/subscriptions/delete | 從管理群組取消關聯訂用帳戶。 |
| Microsoft.Management/managementGroups/subscriptions/write | 將現有的訂用帳戶與管理群組產生關聯。 |
| Microsoft.Management/managementGroups/write | 建立或更新管理群組。 |
| Microsoft.Management/managementGroups/subscriptions/read | 列出指定管理群組下的訂用帳戶。 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Management Group Contributor Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"name": "5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/delete",
"Microsoft.Management/managementGroups/read",
"Microsoft.Management/managementGroups/subscriptions/delete",
"Microsoft.Management/managementGroups/subscriptions/write",
"Microsoft.Management/managementGroups/write",
"Microsoft.Management/managementGroups/subscriptions/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
管理群組讀取者
管理群組讀取者角色
| 動作 | 描述 |
|---|---|
| Microsoft.Management/managementGroups/read | 列出已驗證使用者的管理群組。 |
| Microsoft.Management/managementGroups/subscriptions/read | 列出指定管理群組下的訂用帳戶。 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Management Group Reader Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d",
"name": "ac63b705-f282-497d-ac71-919bf39d939d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/read",
"Microsoft.Management/managementGroups/subscriptions/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
New Relic APM 帳戶參與者
可讓您管理 New Relic Application Performance Management 帳戶及應用程式,但無法加以存取。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NewRelic.APM/accounts/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237",
"name": "5d28c62d-5b37-4476-8438-e587778df237",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"NewRelic.APM/accounts/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "New Relic APM Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
原則深入解析資料寫入者 (預覽)
允許資源原則的讀取存取及資源元件原則事件的寫入存取。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/policyassignments/read | 取得原則指派的相關信息。 |
| Microsoft.Authorization/policydefinitions/read | 取得原則定義的相關信息。 |
| Microsoft.Authorization/policyexemptions/read | 取得原則豁免的相關信息。 |
| Microsoft.Authorization/policysetdefinitions/read | 取得原則集定義的相關信息。 |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.PolicyInsights/checkDataPolicyCompliance/action | 根據數據原則檢查指定元件的合規性狀態。 |
| Microsoft.PolicyInsights/policyEvents/logDataEvents/action | 記錄資源元件原則事件。 |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to resource policies and write access to resource component policy events.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84",
"name": "66bb4e9e-b016-4a94-8249-4c0511c2be84",
"permissions": [
{
"actions": [
"Microsoft.Authorization/policyassignments/read",
"Microsoft.Authorization/policydefinitions/read",
"Microsoft.Authorization/policyexemptions/read",
"Microsoft.Authorization/policysetdefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.PolicyInsights/checkDataPolicyCompliance/action",
"Microsoft.PolicyInsights/policyEvents/logDataEvents/action"
],
"notDataActions": []
}
],
"roleName": "Policy Insights Data Writer (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
配額要求操作員
讀取和建立配額要求、取得配額要求狀態,並建立支援票證。
| 動作 | 描述 |
|---|---|
| Microsoft.Capacity/resourceProviders/locations/serviceLimits/read | 取得指定資源和位置的目前服務限制或配額 |
| Microsoft.Capacity/resourceProviders/locations/serviceLimits/write | 為指定的資源和位置建立服務限制或配額 |
| Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read | 取得指定資源和位置的任何服務限制要求 |
| Microsoft.Capacity/register/action | 註冊容量資源提供者,並啟用容量資源的建立。 |
| Microsoft.Quota/usages/read | 取得資源提供者的使用方式 |
| Microsoft.Quota/quotas/read | 取得指定資源的目前服務限制或配額 |
| Microsoft.Quota/quotas/write | 建立指定資源的服務限制或配額要求 |
| Microsoft.Quota/quotaRequests/read | 取得指定資源的任何服務限制要求 |
| Microsoft.Quota/register/action | 向 Microsoft.Quota Resource Provider 註冊訂用帳戶 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read and create quota requests, get quota request status, and create support tickets.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0e5f05e5-9ab9-446b-b98d-1e2157c94125",
"name": "0e5f05e5-9ab9-446b-b98d-1e2157c94125",
"permissions": [
{
"actions": [
"Microsoft.Capacity/resourceProviders/locations/serviceLimits/read",
"Microsoft.Capacity/resourceProviders/locations/serviceLimits/write",
"Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read",
"Microsoft.Capacity/register/action",
"Microsoft.Quota/usages/read",
"Microsoft.Quota/quotas/read",
"Microsoft.Quota/quotas/write",
"Microsoft.Quota/quotaRequests/read",
"Microsoft.Quota/register/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Quota Request Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
保留購買者
可讓您購買保留
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/roleAssignments/read | 取得關於角色指派的資訊。 |
| Microsoft.Capacity/catalogs/read | 讀取保留目錄 |
| Microsoft.Capacity/register/action | 註冊容量資源提供者,並啟用容量資源的建立。 |
| Microsoft.Compute/register/action | 向 Microsoft.Compute 資源提供者註冊訂用帳戶 |
| Microsoft.Consumption/register/action | 註冊至取用 RP |
| Microsoft.Consumption/reservationRecommendationDetails/read | 列出保留建議詳細數據 |
| Microsoft.Consumption/reservationRecommendations/read | 列出訂用帳戶保留實例的單一或共享建議。 |
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.SQL/register/action | 註冊Microsoft SQL 資料庫 資源提供者的訂用帳戶,並啟用建立Microsoft SQL 資料庫。 |
| Microsoft.Support/supporttickets/write | 允許建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you purchase reservations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f7b75c60-3036-4b75-91c3-6b41c27c1689",
"name": "f7b75c60-3036-4b75-91c3-6b41c27c1689",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Capacity/catalogs/read",
"Microsoft.Capacity/register/action",
"Microsoft.Compute/register/action",
"Microsoft.Consumption/register/action",
"Microsoft.Consumption/reservationRecommendationDetails/read",
"Microsoft.Consumption/reservationRecommendations/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SQL/register/action",
"Microsoft.Support/supporttickets/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservation Purchaser",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
保留讀取者
可讓人員讀取租用戶中的所有保留
| 動作 | 描述 |
|---|---|
| Microsoft.Capacity/*/read | |
| Microsoft.Authorization/roleAssignments/read | 取得關於角色指派的資訊。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/providers/Microsoft.Capacity"
],
"description": "Lets one read all the reservations in a tenant",
"id": "/providers/Microsoft.Authorization/roleDefinitions/582fc458-8989-419f-a480-75249bc5db7e",
"name": "582fc458-8989-419f-a480-75249bc5db7e",
"permissions": [
{
"actions": [
"Microsoft.Capacity/*/read",
"Microsoft.Authorization/roleAssignments/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservations Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
資源原則參與者
有權建立/修改資源原則、建立支援票證及讀取資源/階層的使用者。
| 動作 | 描述 |
|---|---|
| */read | 讀取除了秘密以外的所有類型的資源。 |
| Microsoft.Authorization/policyassignments/* | 建立和管理原則指派 |
| Microsoft.Authorization/policydefinitions/* | 建立和管理原則定義 |
| Microsoft.Authorization/policyexemptions/* | 建立和管理原則豁免 |
| Microsoft.Authorization/policysetdefinitions/* | 建立和管理原則集 |
| Microsoft.PolicyInsights/* | |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608",
"name": "36243c78-bf99-498c-9df9-86d9f8d28608",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/policyassignments/*",
"Microsoft.Authorization/policydefinitions/*",
"Microsoft.Authorization/policyexemptions/*",
"Microsoft.Authorization/policysetdefinitions/*",
"Microsoft.PolicyInsights/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Resource Policy Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
節省方案購買者
可讓您購買儲蓄方案
| 動作 | 描述 |
|---|---|
| Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Capacity/register/action | 註冊容量資源提供者,並啟用容量資源的建立。 |
| Microsoft.Capacity/catalogs/read | 讀取保留目錄 |
| Microsoft.Authorization/roleAssignments/read | 取得關於角色指派的資訊。 |
| Microsoft.BillingBenefits/savingsPlanOrders/write | 建立節省方案訂單 |
| Microsoft.BIllingBenefits/register/action | 註冊 BillingBenefits 資源提供者,並啟用 BillingBenefits 資源的建立。 |
| Microsoft.Support/supporttickets/write | 允許建立和更新支援票證 |
| Microsoft.Billing/billingProperty/read | 取得訂用帳戶的計費屬性 |
| Microsoft.CostManagement/benefitRecommendations/read | 列出Microsoft權益的單一或共享建議。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you purchase savings plans",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3d24a3a0-c154-4f6f-a5ed-adc8e01ddb74",
"name": "3d24a3a0-c154-4f6f-a5ed-adc8e01ddb74",
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Capacity/register/action",
"Microsoft.Capacity/catalogs/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.BillingBenefits/savingsPlanOrders/write",
"Microsoft.BIllingBenefits/register/action",
"Microsoft.Support/supporttickets/write",
"Microsoft.Billing/billingProperty/read",
"Microsoft.CostManagement/benefitRecommendations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Savings plan Purchaser",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
排程修補參與者
使用維護範圍 InGuestPatch 和對應的組態指派,提供管理維護設定的存取權
| 動作 | 描述 |
|---|---|
| Microsoft.Maintenance/maintenanceConfigurations/read | 讀取維護設定。 |
| Microsoft.Maintenance/maintenanceConfigurations/write | 建立或更新維護設定。 |
| Microsoft.Maintenance/maintenanceConfigurations/delete | 刪除維護設定。 |
| Microsoft.Maintenance/configurationAssignments/read | 讀取維護設定指派。 |
| Microsoft.Maintenance/configurationAssignments/write | 建立或更新維護組態指派。 |
| Microsoft.Maintenance/configurationAssignments/delete | 刪除維護組態指派。 |
| Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/read | 讀取 InGuestPatch 維護範圍的維護設定指派。 |
| Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/write | 建立或更新 InGuestPatch 維護範圍的維護組態指派。 |
| Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/delete | 刪除 InGuestPatch 維護範圍的維護組態指派。 |
| Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/read | 讀取 InGuestPatch 維護範圍的維護設定。 |
| Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/write | 建立或更新 InGuestPatch 維護範圍的維護組態。 |
| Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/delete | 刪除 InGuestPatch 維護範圍的維護設定。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cd08ab90-6b14-449c-ad9a-8f8e549482c6",
"name": "cd08ab90-6b14-449c-ad9a-8f8e549482c6",
"permissions": [
{
"actions": [
"Microsoft.Maintenance/maintenanceConfigurations/read",
"Microsoft.Maintenance/maintenanceConfigurations/write",
"Microsoft.Maintenance/maintenanceConfigurations/delete",
"Microsoft.Maintenance/configurationAssignments/read",
"Microsoft.Maintenance/configurationAssignments/write",
"Microsoft.Maintenance/configurationAssignments/delete",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/read",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/write",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/delete",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/read",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/write",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Scheduled Patching Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery 參與者
可讓您管理 Site Recovery 服務,但保存庫建立與角色指派除外
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
| Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp 是服務所使用的內部作業 |
| Microsoft.RecoveryServices/locations/allocateStamp/action | AllocateStamp 是服務所使用的內部作業 |
| Microsoft.RecoveryServices/Vaults/certificates/write | 更新資源憑證作業會更新資源/保存庫認證憑證。 |
| Microsoft.RecoveryServices/Vaults/extendedInformation/* | 建立和管理與保存庫相關的擴充資訊 |
| Microsoft.RecoveryServices/Vaults/read | Get Vault 作業會取得代表 『vault』 類型的 Azure 資源的物件 |
| Microsoft.RecoveryServices/Vaults/refreshContainers/read | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/* | 建立和管理已註冊的身分識別 |
| Microsoft.RecoveryServices/vaults/replicationAlertSettings/* | 建立或更新復寫警示設定 |
| Microsoft.RecoveryServices/vaults/replicationEvents/read | 讀取任何事件 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/* | 建立和管理複寫網狀架構 |
| Microsoft.RecoveryServices/vaults/replicationJobs/* | 建立和管理複寫作業 |
| Microsoft.RecoveryServices/vaults/replicationPolicies/* | 建立和管理複製策略 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/* | 建立和管理復原方案 |
| Microsoft.RecoveryServices/vaults/replicationVaultSettings/* | |
| Microsoft.RecoveryServices/Vaults/storageConfig/* | 建立和管理復原服務保存庫的記憶體組態 |
| Microsoft.RecoveryServices/Vaults/tokenInfo/read | |
| Microsoft.RecoveryServices/Vaults/usages/read | 傳回復原服務保存庫的使用詳細數據。 |
| Microsoft.RecoveryServices/Vaults/vaultTokens/read | 保存庫令牌作業可用來取得保存庫層級後端作業的保存庫令牌。 |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | 讀取復原服務保存庫的警示 |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Storage/storageAccounts/read | 傳回儲存體帳戶的清單,或取得指定之儲存體帳戶的屬性。 |
| Microsoft.RecoveryServices/vaults/replicationOperationStatus/read | 讀取任何保存庫複寫作業狀態 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Site Recovery service except vault creation and role assignment",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"name": "6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/*",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/*",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/*",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/*",
"Microsoft.RecoveryServices/Vaults/storageConfig/*",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/vaults/replicationOperationStatus/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery 操作員
可讓您容錯移轉及容錯回復,但無法執行其他 Site Recovery 管理作業
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
| Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp 是服務所使用的內部作業 |
| Microsoft.RecoveryServices/locations/allocateStamp/action | AllocateStamp 是服務所使用的內部作業 |
| Microsoft.RecoveryServices/Vaults/extendedInformation/read | 取得擴充資訊作業會取得對象的擴充資訊,代表類型為 ?vault 的 Azure 資源? |
| Microsoft.RecoveryServices/Vaults/read | Get Vault 作業會取得代表 『vault』 類型的 Azure 資源的物件 |
| Microsoft.RecoveryServices/Vaults/refreshContainers/read | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | 取得作業結果作業可用來取得異步送出作業的作業狀態和結果 |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/read | 您可以使用取得容器作業來取得為資源註冊的容器。 |
| Microsoft.RecoveryServices/vaults/replicationAlertSettings/read | 讀取任何警示設定 |
| Microsoft.RecoveryServices/vaults/replicationEvents/read | 讀取任何事件 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action | 檢查網狀架構的一致性 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/read | 讀取任何網狀架構 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action | 重新關聯閘道 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action | 更新網狀架構的憑證 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read | 讀取任何網路 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read | 讀取任何網路對應 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read | 讀取任何保護容器 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read | 讀取任何可保護的專案 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action | 套用恢復點 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action | 故障轉移認可 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action | 規劃的容錯移轉 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read | 讀取任何受保護的專案 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read | 讀取任何復寫恢復點 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action | 修復複寫 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action | 重新保護受保護的專案 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action | 交換器保護容器 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action | 測試容錯移轉 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action | 測試故障轉移清除 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action | 容錯移轉 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action | 更新行動服務 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read | 讀取任何保護容器對應 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read | 讀取任何復原服務提供者 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action | 重新整理提供者 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read | 讀取任何記憶體分類 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read | 讀取任何記憶體分類對應 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read | 讀取任何 vCenters |
| Microsoft.RecoveryServices/vaults/replicationJobs/* | 建立和管理複寫作業 |
| Microsoft.RecoveryServices/vaults/replicationPolicies/read | 讀取任何原則 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action | 故障轉移認可復原方案 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action | 計劃性故障轉移復原方案 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read | 讀取任何復原方案 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action | 重新保護復原方案 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action | 測試故障轉移復原方案 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action | 測試故障轉移清除復原方案 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action | 故障轉移復原方案 |
| Microsoft.RecoveryServices/vaults/replicationVaultSettings/read | 讀取任何 |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | 讀取復原服務保存庫的警示 |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
| Microsoft.RecoveryServices/Vaults/storageConfig/read | |
| Microsoft.RecoveryServices/Vaults/tokenInfo/read | |
| Microsoft.RecoveryServices/Vaults/usages/read | 傳回復原服務保存庫的使用詳細數據。 |
| Microsoft.RecoveryServices/Vaults/vaultTokens/read | 保存庫令牌作業可用來取得保存庫層級後端作業的保存庫令牌。 |
| Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Storage/storageAccounts/read | 傳回儲存體帳戶的清單,或取得指定之儲存體帳戶的屬性。 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you failover and failback but not perform other Site Recovery management operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca",
"name": "494ae006-db33-4328-bf46-533a6560a3ca",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery 讀者
可讓您檢視 Site Recovery 狀態,但無法執行其他管理作業
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp 是服務所使用的內部作業 |
| Microsoft.RecoveryServices/Vaults/extendedInformation/read | 取得擴充資訊作業會取得對象的擴充資訊,代表類型為 ?vault 的 Azure 資源? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/read | 取得復原服務保存庫的警示。 |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
| Microsoft.RecoveryServices/Vaults/read | Get Vault 作業會取得代表 『vault』 類型的 Azure 資源的物件 |
| Microsoft.RecoveryServices/Vaults/refreshContainers/read | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | 取得作業結果作業可用來取得異步送出作業的作業狀態和結果 |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/read | 您可以使用取得容器作業來取得為資源註冊的容器。 |
| Microsoft.RecoveryServices/vaults/replicationAlertSettings/read | 讀取任何警示設定 |
| Microsoft.RecoveryServices/vaults/replicationEvents/read | 讀取任何事件 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/read | 讀取任何網狀架構 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read | 讀取任何網路 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read | 讀取任何網路對應 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read | 讀取任何保護容器 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read | 讀取任何可保護的專案 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read | 讀取任何受保護的專案 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read | 讀取任何復寫恢復點 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read | 讀取任何保護容器對應 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read | 讀取任何復原服務提供者 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read | 讀取任何記憶體分類 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read | 讀取任何記憶體分類對應 |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read | 讀取任何 vCenters |
| Microsoft.RecoveryServices/vaults/replicationJobs/read | 讀取任何作業 |
| Microsoft.RecoveryServices/vaults/replicationPolicies/read | 讀取任何原則 |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read | 讀取任何復原方案 |
| Microsoft.RecoveryServices/vaults/replicationVaultSettings/read | 讀取任何 |
| Microsoft.RecoveryServices/Vaults/storageConfig/read | |
| Microsoft.RecoveryServices/Vaults/tokenInfo/read | |
| Microsoft.RecoveryServices/Vaults/usages/read | 傳回復原服務保存庫的使用詳細數據。 |
| Microsoft.RecoveryServices/Vaults/vaultTokens/read | 保存庫令牌作業可用來取得保存庫層級後端作業的保存庫令牌。 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you view Site Recovery status but not perform other management operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/dbaa88c4-0c30-4179-9fb3-46319faa6149",
"name": "dbaa88c4-0c30-4179-9fb3-46319faa6149",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/read",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
支援要求參與者
可讓您建立及管理支援要求
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Support/* | 建立和更新支援票證 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you create and manage Support requests",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"name": "cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Support Request Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
標記參與者
可讓您管理實體上的標籤,而無需提供實體本身的存取權。
| 動作 | 描述 |
|---|---|
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| Microsoft.Resources/subscriptions/resourceGroups/resources/read | 取得資源群組的資源。 |
| Microsoft.Resources/subscriptions/resources/read | 取得訂用帳戶的資源。 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
| Microsoft.Support/* | 建立和更新支援票證 |
| Microsoft.Resources/tags/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage tags on entities, without providing access to the entities themselves.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f",
"name": "4a9ae827-6dc8-4573-8ac7-8239d42aa03f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/resources/read",
"Microsoft.Resources/subscriptions/resources/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*",
"Microsoft.Resources/tags/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Tag Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
範本規格參與者
允許在指派的範圍內對範本規格作業的完整存取權。
| 動作 | 描述 |
|---|---|
| Microsoft.Resources/templateSpecs/* | 建立和管理範本規格和範本規格版本 |
| Microsoft.Authorization/*/read | 讀取角色和角色指派 |
| Microsoft.Resources/deployments/* | 建立和管理部署 |
| Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows full access to Template Spec operations at the assigned scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1c9b6475-caf0-4164-b5a1-2142a7116f4b",
"name": "1c9b6475-caf0-4164-b5a1-2142a7116f4b",
"permissions": [
{
"actions": [
"Microsoft.Resources/templateSpecs/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Template Spec Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
範本規格讀取者
允許在指派的範圍內對範本規格的讀取存取。
| 動作 | 描述 |
|---|---|
| Microsoft.Resources/templateSpecs/*/read | 取得或列出範本規格和範本規格版本 |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to Template Specs at the assigned scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/392ae280-861d-42bd-9ea5-08ee6d83b80e",
"name": "392ae280-861d-42bd-9ea5-08ee6d83b80e",
"permissions": [
{
"actions": [
"Microsoft.Resources/templateSpecs/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Template Spec Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}