Azure built-in roles for Analytics
This article lists the Azure built-in roles in the Analytics category.
Azure Event Hubs Data Owner
Allows for full access to Azure Event Hubs resources.
| Actions | Description |
|---|---|
| Microsoft.EventHub/* | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/* | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
"name": "f526a384-b230-433a-b45c-95f59c4a2dec",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Event Hubs Data Receiver
Allows receive access to Azure Event Hubs resources.
| Actions | Description |
|---|---|
| Microsoft.EventHub/*/eventhubs/consumergroups/read | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/*/receive/action | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows receive access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/consumergroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Event Hubs Data Sender
Allows send access to Azure Event Hubs resources.
| Actions | Description |
|---|---|
| Microsoft.EventHub/*/eventhubs/read | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/*/send/action | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Allows send access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
"name": "2b629674-e913-4c01-ae53-ef4638d8f975",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Factory Contributor
Create and manage data factories, as well as child resources within them.
| Actions | Description |
|---|---|
| Microsoft.Authorization/*/read | Read roles and role assignments |
| Microsoft.DataFactory/dataFactories/* | Create and manage data factories, and child resources within them. |
| Microsoft.DataFactory/factories/* | Create and manage data factories, and child resources within them. |
| Microsoft.Insights/alertRules/* | Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/* | Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/read | Gets or lists resource groups. |
| Microsoft.Support/* | Create and update a support ticket |
| Microsoft.EventGrid/eventSubscriptions/write | Create or update an eventSubscription |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Create and manage data factories, as well as child resources within them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
"name": "673868aa-7521-48a0-acc6-0f60742d39f5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DataFactory/dataFactories/*",
"Microsoft.DataFactory/factories/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.EventGrid/eventSubscriptions/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Factory Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Purger
Delete private data from a Log Analytics workspace.
| Actions | Description |
|---|---|
| Microsoft.Insights/components/*/read | |
| Microsoft.Insights/components/purge/action | Purging data from Application Insights |
| Microsoft.OperationalInsights/workspaces/*/read | View log analytics data |
| Microsoft.OperationalInsights/workspaces/purge/action | Delete specified data by query from workspace. |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can purge analytics data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"permissions": [
{
"actions": [
"Microsoft.Insights/components/*/read",
"Microsoft.Insights/components/purge/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/purge/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Purger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight Cluster Operator
Lets you read and modify HDInsight cluster configurations.
| Actions | Description |
|---|---|
| Microsoft.HDInsight/*/read | |
| Microsoft.HDInsight/clusters/getGatewaySettings/action | Get gateway settings for HDInsight Cluster |
| Microsoft.HDInsight/clusters/updateGatewaySettings/action | Update gateway settings for HDInsight Cluster |
| Microsoft.HDInsight/clusters/configurations/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | Gets or lists resource groups. |
| Microsoft.Resources/deployments/operations/read | Gets or lists deployment operations. |
| Microsoft.Insights/alertRules/* | Create and manage a classic metric alert |
| Microsoft.Authorization/*/read | Read roles and role assignments |
| Microsoft.Support/* | Create and update a support ticket |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and modify HDInsight cluster configurations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
"name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
"permissions": [
{
"actions": [
"Microsoft.HDInsight/*/read",
"Microsoft.HDInsight/clusters/getGatewaySettings/action",
"Microsoft.HDInsight/clusters/updateGatewaySettings/action",
"Microsoft.HDInsight/clusters/configurations/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Cluster Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight Domain Services Contributor
Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package
| Actions | Description |
|---|---|
| Microsoft.AAD/*/read | |
| Microsoft.AAD/domainServices/*/read | |
| Microsoft.AAD/domainServices/oucontainer/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
"name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
"permissions": [
{
"actions": [
"Microsoft.AAD/*/read",
"Microsoft.AAD/domainServices/*/read",
"Microsoft.AAD/domainServices/oucontainer/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Domain Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight on AKS Cluster Admin
Grants a user/group the ability to create, delete and manage clusters within a given cluster pool. Cluster Admin can also run workloads, monitor, and manage all user activity on these clusters.
| Actions | Description |
|---|---|
| Microsoft.Authorization/*/read | Read roles and role assignments |
| Microsoft.HDInsight/clusterPools/clusters/read | Get details about HDInsight on AKS Cluster |
| Microsoft.HDInsight/clusterPools/clusters/write | Create or Update HDInsight on AKS Cluster |
| Microsoft.HDInsight/clusterPools/clusters/delete | Delete a HDInsight on AKS cluster |
| Microsoft.HDInsight/clusterPools/clusters/resize/action | Resize a HDInsight on AKS Cluster |
| Microsoft.HDInsight/clusterpools/clusters/instanceviews/read | Get details about HDInsight on AKS Cluster Instance View |
| Microsoft.HDInsight/clusterPools/clusters/jobs/read | List HDInsight on AKS Cluster Jobs |
| Microsoft.HDInsight/clusterPools/clusters/runjob/action | Run HDInsight on AKS Cluster Job |
| Microsoft.HDInsight/clusterpools/clusters/serviceconfigs/read | Get details about HDInsight on AKS Cluster Service Configurations |
| Microsoft.HDInsight/clusterPools/clusters/availableupgrades/read | Get Avaliable Upgrades for HDInsight on AKS Cluster |
| Microsoft.HDInsight/clusterPools/clusters/upgrade/action | Upgrade HDInsight on AKS Cluster |
| Microsoft.HDInsight/clusterPools/clusters/rollback/action | Rollback HDInsight on AKS Cluster Upgrade |
| Microsoft.HDInsight/clusterPools/clusters/upgradehistories/read | Read HDInsight on AKS Cluster Upgrade Histories |
| Microsoft.HDInsight/clusterPools/clusters/libraries/read | Read HDInsight on AKS Cluster Libaries |
| Microsoft.HDInsight/clusterPools/clusters/managelibraries/action | Manage HDInsight on AKS Cluster Libaries |
| Microsoft.ResourceHealth/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/operations/read | Gets or lists deployment operations. |
| Microsoft.Resources/deployments/*/read | |
| Microsoft.Resources/deployments/read | Gets or lists deployments. |
| Microsoft.Resources/deployments/validate/action | Validates an deployment. |
| Microsoft.Resources/deployments/write | Creates or updates an deployment. |
| Microsoft.Resources/deployments/exportTemplate/action | Export template for a deployment |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Gets or lists deployment operations. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Gets or lists deployments. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Gets or lists resource groups. |
| Microsoft.Resources/subscriptions/operationresults/read | Get the subscription operation results. |
| Microsoft.Insights/AlertRules/Write | Create or update a classic metric alert |
| Microsoft.Insights/AlertRules/Delete | Delete a classic metric alert |
| Microsoft.Insights/AlertRules/Read | Read a classic metric alert |
| Microsoft.Insights/AlertRules/Activated/Action | Classic metric alert activated |
| Microsoft.Insights/AlertRules/Resolved/Action | Classic metric alert resolved |
| Microsoft.Insights/AlertRules/Throttled/Action | Classic metric alert rule throttled |
| Microsoft.Insights/AlertRules/Incidents/Read | Read a classic metric alert incident |
| Microsoft.Insights/metrics/read | Read metrics |
| Microsoft.Insights/logs/read | Reading data from all your logs |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Grants a user/group the ability to create, delete and manage clusters within a given cluster pool. Cluster Admin can also run workloads, monitor, and manage all user activity on these clusters.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fd036e6b-1266-47a0-b0bb-a05d04831731",
"name": "fd036e6b-1266-47a0-b0bb-a05d04831731",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.HDInsight/clusterPools/clusters/read",
"Microsoft.HDInsight/clusterPools/clusters/write",
"Microsoft.HDInsight/clusterPools/clusters/delete",
"Microsoft.HDInsight/clusterPools/clusters/resize/action",
"Microsoft.HDInsight/clusterpools/clusters/instanceviews/read",
"Microsoft.HDInsight/clusterPools/clusters/jobs/read",
"Microsoft.HDInsight/clusterPools/clusters/runjob/action",
"Microsoft.HDInsight/clusterpools/clusters/serviceconfigs/read",
"Microsoft.HDInsight/clusterPools/clusters/availableupgrades/read",
"Microsoft.HDInsight/clusterPools/clusters/upgrade/action",
"Microsoft.HDInsight/clusterPools/clusters/rollback/action",
"Microsoft.HDInsight/clusterPools/clusters/upgradehistories/read",
"Microsoft.HDInsight/clusterPools/clusters/libraries/read",
"Microsoft.HDInsight/clusterPools/clusters/managelibraries/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/*/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/logs/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight on AKS Cluster Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight on AKS Cluster Pool Admin
Can read, create, modify and delete HDInsight on AKS cluster pools and create clusters
| Actions | Description |
|---|---|
| Microsoft.Authorization/*/read | Read roles and role assignments |
| Microsoft.HDInsight/clusterPools/clusters/read | Get details about HDInsight on AKS Cluster |
| Microsoft.HDInsight/clusterPools/clusters/write | Create or Update HDInsight on AKS Cluster |
| Microsoft.HDInsight/clusterPools/delete | Delete a HDInsight on AKS Cluster Pool |
| Microsoft.HDInsight/clusterPools/read | Get details about HDInsight on AKS Cluster Pool |
| Microsoft.HDInsight/clusterPools/write | Create or Update HDInsight on AKS Cluster Pool |
| Microsoft.HDInsight/clusterpools/availableupgrades/read | Get Avaliable Upgrades for HDInsight on AKS Cluster Pool |
| Microsoft.HDInsight/clusterpools/upgrade/action | Upgrade HDInsight on AKS Cluster Pool |
| Microsoft.HDInsight/clusterPools/upgradehistories/read | Read HDInsight on AKS Cluster Pool Upgrade Histories |
| Microsoft.ResourceHealth/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/operations/read | Gets or lists deployment operations. |
| Microsoft.Resources/deployments/validate/action | Validates an deployment. |
| Microsoft.Resources/deployments/*/read | |
| Microsoft.Resources/deployments/read | Gets or lists deployments. |
| Microsoft.Resources/deployments/write | Creates or updates an deployment. |
| Microsoft.Resources/deployments/exportTemplate/action | Export template for a deployment |
| Microsoft.Resources/deployments/validate/action | Validates an deployment. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Gets or lists deployment operations. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Gets or lists deployments. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Gets or lists resource groups. |
| Microsoft.Resources/subscriptions/operationresults/read | Get the subscription operation results. |
| Microsoft.Insights/AlertRules/Write | Create or update a classic metric alert |
| Microsoft.Insights/AlertRules/Delete | Delete a classic metric alert |
| Microsoft.Insights/AlertRules/Read | Read a classic metric alert |
| Microsoft.Insights/AlertRules/Activated/Action | Classic metric alert activated |
| Microsoft.Insights/AlertRules/Resolved/Action | Classic metric alert resolved |
| Microsoft.Insights/AlertRules/Throttled/Action | Classic metric alert rule throttled |
| Microsoft.Insights/AlertRules/Incidents/Read | Read a classic metric alert incident |
| Microsoft.Insights/metrics/read | Read metrics |
| Microsoft.Insights/logs/read | Reading data from all your logs |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read, create, modify and delete HDInsight on AKS cluster pools and create clusters",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7656b436-37d4-490a-a4ab-d39f838f0042",
"name": "7656b436-37d4-490a-a4ab-d39f838f0042",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.HDInsight/clusterPools/clusters/read",
"Microsoft.HDInsight/clusterPools/clusters/write",
"Microsoft.HDInsight/clusterPools/delete",
"Microsoft.HDInsight/clusterPools/read",
"Microsoft.HDInsight/clusterPools/write",
"Microsoft.HDInsight/clusterpools/availableupgrades/read",
"Microsoft.HDInsight/clusterpools/upgrade/action",
"Microsoft.HDInsight/clusterPools/upgradehistories/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/*/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/logs/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight on AKS Cluster Pool Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Log Analytics Contributor
Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources.
| Actions | Description |
|---|---|
| */read | Read resources of all types, except secrets. |
| Microsoft.ClassicCompute/virtualMachines/extensions/* | |
| Microsoft.ClassicStorage/storageAccounts/listKeys/action | Lists the access keys for the storage accounts. |
| Microsoft.Compute/virtualMachines/extensions/* | |
| Microsoft.HybridCompute/machines/extensions/write | Installs or Updates an Azure Arc extensions |
| Microsoft.Insights/alertRules/* | Create and manage a classic metric alert |
| Microsoft.Insights/diagnosticSettings/* | Creates, updates, or reads the diagnostic setting for Analysis Server |
| Microsoft.OperationalInsights/* | |
| Microsoft.OperationsManagement/* | |
| Microsoft.Resources/deployments/* | Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.Storage/storageAccounts/listKeys/action | Returns the access keys for the specified storage account. |
| Microsoft.Support/* | Create and update a support ticket |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.ClassicCompute/virtualMachines/extensions/*",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.Compute/virtualMachines/extensions/*",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/*",
"Microsoft.OperationsManagement/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Log Analytics Reader
Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.
| Actions | Description |
|---|---|
| */read | Read resources of all types, except secrets. |
| Microsoft.OperationalInsights/workspaces/analytics/query/action | Search using new engine. |
| Microsoft.OperationalInsights/workspaces/search/action | Executes a search query |
| Microsoft.Support/* | Create and update a support ticket |
| NotActions | |
| Microsoft.OperationalInsights/workspaces/sharedKeys/read | Retrieves the shared keys for the workspace. These keys are used to connect Microsoft Operational Insights agents to the workspace. |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
"name": "73c42c96-874c-492b-b04d-ab87d138a893",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.OperationalInsights/workspaces/sharedKeys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Schema Registry Contributor (Preview)
Read, write, and delete Schema Registry groups and schemas.
| Actions | Description |
|---|---|
| Microsoft.EventHub/namespaces/schemagroups/* | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/namespaces/schemas/* | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read, write, and delete Schema Registry groups and schemas.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
"name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/*"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Contributor (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Schema Registry Reader (Preview)
Read and list Schema Registry groups and schemas.
| Actions | Description |
|---|---|
| Microsoft.EventHub/namespaces/schemagroups/read | Get list of SchemaGroup Resource Descriptions |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.EventHub/namespaces/schemas/read | Retrieve schemas |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Read and list Schema Registry groups and schemas.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/read"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Stream Analytics Query Tester
Lets you perform query testing without creating a stream analytics job first
| Actions | Description |
|---|---|
| Microsoft.StreamAnalytics/locations/TestQuery/action | Test Query for Stream Analytics Resource Provider |
| Microsoft.StreamAnalytics/locations/OperationResults/read | Read Stream Analytics Operation Result |
| Microsoft.StreamAnalytics/locations/SampleInput/action | Sample Input for Stream Analytics Resource Provider |
| Microsoft.StreamAnalytics/locations/CompileQuery/action | Compile Query for Stream Analytics Resource Provider |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform query testing without creating a stream analytics job first",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf",
"name": "1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf",
"permissions": [
{
"actions": [
"Microsoft.StreamAnalytics/locations/TestQuery/action",
"Microsoft.StreamAnalytics/locations/OperationResults/read",
"Microsoft.StreamAnalytics/locations/SampleInput/action",
"Microsoft.StreamAnalytics/locations/CompileQuery/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Stream Analytics Query Tester",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}