Inbyggda Azure-roller för Hybrid + multicloud
I den här artikeln visas de inbyggda Azure-rollerna i kategorin Hybrid + multicloud.
Distributionsroll för Azure Resource Bridge
Distributionsroll för Azure Resource Bridge
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/roleassignments/read | Hämta information om en rolltilldelning. |
| Microsoft.AzureStackHCI/Register/Action | Registrerar prenumerationen för Azure Stack HCI-resursprovidern och gör det möjligt att skapa Azure Stack HCI-resurser. |
| Microsoft.ResourceConnector/register/action | Registrerar prenumerationen för resursprovidern Appliances och gör det möjligt att skapa installationen. |
| Microsoft.ResourceConnector/appliances/read | Hämtar en installationsresurs |
| Microsoft.ResourceConnector/appliances/write | Skapar eller uppdaterar installationsresurs |
| Microsoft.ResourceConnector/appliances/delete | Tar bort installationsresurs |
| Microsoft.ResourceConnector/locations/operationresults/read | Hämta resultatet av installationen |
| Microsoft.ResourceConnector/locations/operationsstatus/read | Hämta resultatet av installationen |
| Microsoft.ResourceConnector/appliances/listClusterUserCredential/action | Hämta autentiseringsuppgifter för en installationsklusteranvändare |
| Microsoft.ResourceConnector/appliances/listKeys/action | Hämta kundnycklar för ett installationskluster |
| Microsoft.ResourceConnector/appliances/upgradeGraphs/read | Hämtar uppgraderingsdiagrammet för installationsklustret |
| Microsoft.ResourceConnector/telemetryconfig/read | Get Appliances telemetry config utilized by Appliances CLI |
| Microsoft.ResourceConnector/operations/read | Hämtar lista över tillgängliga åtgärder för installationer |
| Microsoft.ExtendedLocation/register/action | Registrerar prenumerationen för resursprovidern anpassad plats och gör det möjligt att skapa en anpassad plats. |
| Microsoft.ExtendedLocation/customLocations/deploy/action | Distribuera behörigheter till en anpassad platsresurs |
| Microsoft.ExtendedLocation/customLocations/read | Hämtar en anpassad platsresurs |
| Microsoft.ExtendedLocation/customLocations/write | Skapar eller uppdaterar resurs för anpassad plats |
| Microsoft.ExtendedLocation/customLocations/delete | Tar bort resurs för anpassad plats |
| Microsoft.HybridConnectivity/register/action | Registrera prenumerationen för Microsoft.HybridConnectivity |
| Microsoft.Kubernetes/register/action | Registrerar prenumeration med Microsoft.Kubernetes-resursprovider |
| Microsoft.KubernetesConfiguration/register/action | Registrerar en prenumeration på Resursprovidern Microsoft.KubernetesConfiguration. |
| Microsoft.KubernetesConfiguration/extensions/write | Skapar eller uppdaterar tilläggsresursen. |
| Microsoft.KubernetesConfiguration/extensions/read | Hämtar tilläggsinstansresurs. |
| Microsoft.KubernetesConfiguration/extensions/delete | Tar bort tilläggsinstansresursen. |
| Microsoft.KubernetesConfiguration/extensions/operations/read | Hämtar status för asynkron åtgärd. |
| Microsoft.KubernetesConfiguration/namespaces/read | Hämta namnområdesresurs |
| Microsoft.KubernetesConfiguration/operations/read | Hämtar tillgängliga åtgärder för resursprovidern Microsoft.KubernetesConfiguration. |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/read | Hämta gästkonfigurationstilldelning. |
| Microsoft.HybridContainerService/register/action | Registrera prenumerationen för Microsoft.HybridContainerService |
| Microsoft.HybridContainerService/kubernetesVersions/read | Visar en lista över kubernetes-versioner som stöds från den underliggande anpassade platsen |
| Microsoft.HybridContainerService/kubernetesVersions/write | Placerar resurstypen kubernetes-version |
| Microsoft.HybridContainerService/skus/read | Visar en lista över vm-SKU:er som stöds från den underliggande anpassade platsen |
| Microsoft.HybridContainerService/skus/write | Placerar resurstypen VM-SKU:er |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.AzureStackHCI/StorageContainers/Write | Resurs för skapar/uppdaterar lagringscontainrar |
| Microsoft.AzureStackHCI/StorageContainers/Read | Hämtar/listar resurs för lagringscontainrar |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Azure Resource Bridge Deployment Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7b1f81f9-4196-4058-8aae-762e593270df",
"name": "7b1f81f9-4196-4058-8aae-762e593270df",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleassignments/read",
"Microsoft.AzureStackHCI/Register/Action",
"Microsoft.ResourceConnector/register/action",
"Microsoft.ResourceConnector/appliances/read",
"Microsoft.ResourceConnector/appliances/write",
"Microsoft.ResourceConnector/appliances/delete",
"Microsoft.ResourceConnector/locations/operationresults/read",
"Microsoft.ResourceConnector/locations/operationsstatus/read",
"Microsoft.ResourceConnector/appliances/listClusterUserCredential/action",
"Microsoft.ResourceConnector/appliances/listKeys/action",
"Microsoft.ResourceConnector/appliances/upgradeGraphs/read",
"Microsoft.ResourceConnector/telemetryconfig/read",
"Microsoft.ResourceConnector/operations/read",
"Microsoft.ExtendedLocation/register/action",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.ExtendedLocation/customLocations/write",
"Microsoft.ExtendedLocation/customLocations/delete",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.Kubernetes/register/action",
"Microsoft.KubernetesConfiguration/register/action",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.KubernetesConfiguration/namespaces/read",
"Microsoft.KubernetesConfiguration/operations/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.HybridContainerService/register/action",
"Microsoft.HybridContainerService/kubernetesVersions/read",
"Microsoft.HybridContainerService/kubernetesVersions/write",
"Microsoft.HybridContainerService/skus/read",
"Microsoft.HybridContainerService/skus/write",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.AzureStackHCI/StorageContainers/Write",
"Microsoft.AzureStackHCI/StorageContainers/Read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Resource Bridge Deployment Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI-administratör
Ger fullständig åtkomst till klustret och dess resurser, inklusive möjligheten att registrera Azure Stack HCI och tilldela andra som Azure Arc HCI VM-deltagare och/eller Azure Arc HCI VM Reader
| Åtgärder | beskrivning |
|---|---|
| Microsoft.AzureStackHCI/register/action | Registrerar prenumerationen för Azure Stack HCI-resursprovidern och gör det möjligt att skapa Azure Stack HCI-resurser. |
| Microsoft.AzureStackHCI/Avregistrera/åtgärd | Avregistrerar prenumerationen för Azure Stack HCI-resursprovidern. |
| Microsoft.AzureStackHCI/clusters/* | |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/Read | Hämtar/listar en resurs för nätverkssäkerhetsgrupp |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read | Hämtar/listar resurs för säkerhetsregler |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/Write | Skapar/uppdaterar en nätverkssäkerhetsgruppresurs |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Write | Skapar/uppdaterar resursen för säkerhetsregeln |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/Delete | Tar bort en resurs för nätverkssäkerhetsgrupp |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Delete | Tar bort en säkerhetsregelresurs |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/join/action | Ansluter nätverkssäkerhetsgruppresurs |
| Microsoft.HybridCompute/register/action | Registrerar prenumerationen för Microsoft.HybridCompute-resursprovidern |
| Microsoft.GuestConfiguration/register/action | Registrerar prenumerationen för resursprovidern Microsoft.GuestConfiguration. |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/read | Hämta gästkonfigurationstilldelning. |
| Microsoft.Resources/subscriptions/resourceGroups/write | Skapar eller uppdaterar en resursgrupp. |
| Microsoft.Resources/subscriptions/resourceGroups/delete | Tar bort en resursgrupp och alla dess resurser. |
| Microsoft.HybridConnectivity/register/action | Registrera prenumerationen för Microsoft.HybridConnectivity |
| Microsoft.Authorization/roleAssignments/write | Skapa en rolltilldelning i det angivna omfånget. |
| Microsoft.Authorization/roleAssignments/delete | Ta bort en rolltilldelning i det angivna omfånget. |
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Resources/subscriptions/read | Hämtar listan över prenumerationer. |
| Microsoft.Management/managementGroups/read | Lista hanteringsgrupper för den autentiserade användaren. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| Microsoft.AzureStackHCI/* | |
| Microsoft.Insights/AlertRules/Write | Skapa eller uppdatera en klassisk måttavisering |
| Microsoft.Insights/AlertRules/Delete | Ta bort en klassisk måttavisering |
| Microsoft.Insights/AlertRules/Read | Läsa en klassisk måttavisering |
| Microsoft.Insights/AlertRules/Activated/Action | Klassisk måttavisering aktiverad |
| Microsoft.Insights/AlertRules/Resolved/Action | Den klassiska måttaviseringen har lösts |
| Microsoft.Insights/AlertRules/Throttled/Action | Regelbegränsning för klassisk måttavisering |
| Microsoft.Insights/AlertRules/Incidents/Read | Läsa en klassisk måttaviseringsincident |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Hämtar eller listar distributioner. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/write | Skapar eller uppdaterar en distribution. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Hämtar eller listar distributionsåtgärder. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | Hämtar eller visar status för distributionsåtgärden. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Resources/subscriptions/read | Hämtar listan över prenumerationer. |
| Microsoft.Resources/subscriptions/operationresults/read | Hämta resultatet av prenumerationsåtgärden. |
| Microsoft.HybridCompute/machines/read | Läsa alla Azure Arc-datorer |
| Microsoft.HybridCompute/machines/write | Skriver en Azure Arc-dator |
| Microsoft.HybridCompute/machines/delete | Tar bort en Azure Arc-dator |
| Microsoft.HybridCompute/machines/UpgradeExtensions/action | Uppgraderar tillägg på Azure Arc-datorer |
| Microsoft.HybridCompute/machines/assessPatches/action | Utvärderar alla Azure Arc-datorer för att få saknade programkorrigeringar |
| Microsoft.HybridCompute/machines/installPatches/action | Installerar korrigeringar på alla Azure Arc-datorer |
| Microsoft.HybridCompute/machines/extensions/read | Läser alla Azure Arc-tillägg |
| Microsoft.HybridCompute/machines/extensions/write | Installerar eller uppdaterar ett Azure Arc-tillägg |
| Microsoft.HybridCompute/machines/extensions/delete | Tar bort ett Azure Arc-tillägg |
| Microsoft.HybridCompute/operations/read | Läs alla åtgärder för Azure Arc för servrar |
| Microsoft.HybridCompute/locations/operationresults/read | Läser status för en åtgärd på Microsoft.HybridCompute-resursprovidern |
| Microsoft.HybridCompute/locations/operationstatus/read | Läser status för en åtgärd på Microsoft.HybridCompute-resursprovidern |
| Microsoft.HybridCompute/machines/patchAssessmentResults/read | Läser alla Azure Arc-korrigeringarAssessmentResults |
| Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | Läser alla Azure Arc-korrigeringarAssessmentResults/softwarePatches |
| Microsoft.HybridCompute/machines/patchInstallationResults/read | Läser alla Azure Arc-korrigeringarInstallationResults |
| Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | Läser alla Azure Arc-korrigeringarInstallationResults/softwarePatches |
| Microsoft.HybridCompute/locations/updateCenterOperationResults/read | Läser status för en uppdateringscenteråtgärd på datorer |
| Microsoft.HybridCompute/machines/hybridIdentityMetadata/read | Läs alla Azure Arc-datorers hybrididentitetsmetadata |
| Microsoft.HybridCompute/osType/agentVersions/read | Läs alla tillgängliga Azure Connected Machine Agent-versioner |
| Microsoft.HybridCompute/osType/agentVersions/latest/read | Läs den senaste versionen av Azure Connected Machine Agent |
| Microsoft.HybridCompute/machines/runcommands/read | Läser alla Azure Arc-runcommands |
| Microsoft.HybridCompute/machines/runcommands/write | Installerar eller uppdaterar en Azure Arc-runcommands |
| Microsoft.HybridCompute/machines/runcommands/delete | Tar bort en Azure Arc-runcommands |
| Microsoft.HybridCompute/machines/licenseProfiles/read | Läser alla Azure Arc-licensprofiler |
| Microsoft.HybridCompute/machines/licenseProfiles/write | Installerar eller uppdaterar en Azure Arc-licensProfiler |
| Microsoft.HybridCompute/machines/licenseProfiles/delete | Tar bort en Azure Arc-licensProfiler |
| Microsoft.HybridCompute/licenses/read | Läser alla Azure Arc-licenser |
| Microsoft.HybridCompute/licenses/write | Installerar eller uppdaterar en Azure Arc-licens |
| Microsoft.HybridCompute/licenses/delete | Tar bort en Azure Arc-licens |
| Microsoft.ResourceConnector/register/action | Registrerar prenumerationen för resursprovidern Appliances och gör det möjligt att skapa installationen. |
| Microsoft.ResourceConnector/appliances/read | Hämtar en installationsresurs |
| Microsoft.ResourceConnector/appliances/write | Skapar eller uppdaterar installationsresurs |
| Microsoft.ResourceConnector/appliances/delete | Tar bort installationsresurs |
| Microsoft.ResourceConnector/locations/operationresults/read | Hämta resultatet av installationen |
| Microsoft.ResourceConnector/locations/operationsstatus/read | Hämta resultatet av installationen |
| Microsoft.ResourceConnector/appliances/listClusterUserCredential/action | Hämta autentiseringsuppgifter för en installationsklusteranvändare |
| Microsoft.ResourceConnector/appliances/listKeys/action | Hämta kundnycklar för ett installationskluster |
| Microsoft.ResourceConnector/operations/read | Hämtar lista över tillgängliga åtgärder för installationer |
| Microsoft.ExtendedLocation/register/action | Registrerar prenumerationen för resursprovidern anpassad plats och gör det möjligt att skapa en anpassad plats. |
| Microsoft.ExtendedLocation/customLocations/read | Hämtar en anpassad platsresurs |
| Microsoft.ExtendedLocation/customLocations/deploy/action | Distribuera behörigheter till en anpassad platsresurs |
| Microsoft.ExtendedLocation/customLocations/write | Skapar eller uppdaterar resurs för anpassad plats |
| Microsoft.ExtendedLocation/customLocations/delete | Tar bort resurs för anpassad plats |
| Microsoft.EdgeMarketplace/offers/read | Hämta ett erbjudande |
| Microsoft.EdgeMarketplace/publishers/read | Hämta en utgivare |
| Microsoft.Kubernetes/register/action | Registrerar prenumeration med Microsoft.Kubernetes-resursprovider |
| Microsoft.KubernetesConfiguration/register/action | Registrerar en prenumeration på Resursprovidern Microsoft.KubernetesConfiguration. |
| Microsoft.KubernetesConfiguration/extensions/write | Skapar eller uppdaterar tilläggsresursen. |
| Microsoft.KubernetesConfiguration/extensions/read | Hämtar tilläggsinstansresurs. |
| Microsoft.KubernetesConfiguration/extensions/delete | Tar bort tilläggsinstansresursen. |
| Microsoft.KubernetesConfiguration/extensions/operations/read | Hämtar status för asynkron åtgärd. |
| Microsoft.KubernetesConfiguration/namespaces/read | Hämta namnområdesresurs |
| Microsoft.KubernetesConfiguration/operations/read | Hämtar tillgängliga åtgärder för resursprovidern Microsoft.KubernetesConfiguration. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.AzureStackHCI/StorageContainers/Write | Resurs för skapar/uppdaterar lagringscontainrar |
| Microsoft.AzureStackHCI/StorageContainers/Read | Hämtar/listar resurs för lagringscontainrar |
| Microsoft.HybridContainerService/register/action | Registrera prenumerationen för Microsoft.HybridContainerService |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen | |
| Condition | |
| ((! (ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6})) AND ((!( ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df, 4633458b-17de-408a-b874-0445c86b69e6})) | Lägg till eller ta bort rolltilldelningar för följande roller: Azure Connected Machine Resource Manager Azure Connected Machine resursadministratör Azure Connected Machine Onboarding Azure Stack HCI VM Reader Azure Stack HCI VM-deltagare Azure Stack HCI-Enhetshantering roll Distributionsroll för Azure Resource Bridge Nyckelvalvshemlighetsanvändare |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to the cluster and its resources, including the ability to register Azure Stack HCI and assign others as Azure Arc HCI VM Contributor and/or Azure Arc HCI VM Reader",
"id": "/providers/Microsoft.Authorization/roleDefinitions/bda0d508-adf1-4af0-9c28-88919fc3ae06",
"name": "bda0d508-adf1-4af0-9c28-88919fc3ae06",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/register/action",
"Microsoft.AzureStackHCI/Unregister/Action",
"Microsoft.AzureStackHCI/clusters/*",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Write",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Write",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Delete",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Delete",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/join/action",
"Microsoft.HybridCompute/register/action",
"Microsoft.GuestConfiguration/register/action",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourceGroups/delete",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Support/*",
"Microsoft.AzureStackHCI/*",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/assessPatches/action",
"Microsoft.HybridCompute/machines/installPatches/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/operations/read",
"Microsoft.HybridCompute/locations/operationresults/read",
"Microsoft.HybridCompute/locations/operationstatus/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
"Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
"Microsoft.HybridCompute/osType/agentVersions/read",
"Microsoft.HybridCompute/osType/agentVersions/latest/read",
"Microsoft.HybridCompute/machines/runcommands/read",
"Microsoft.HybridCompute/machines/runcommands/write",
"Microsoft.HybridCompute/machines/runcommands/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.ResourceConnector/register/action",
"Microsoft.ResourceConnector/appliances/read",
"Microsoft.ResourceConnector/appliances/write",
"Microsoft.ResourceConnector/appliances/delete",
"Microsoft.ResourceConnector/locations/operationresults/read",
"Microsoft.ResourceConnector/locations/operationsstatus/read",
"Microsoft.ResourceConnector/appliances/listClusterUserCredential/action",
"Microsoft.ResourceConnector/appliances/listKeys/action",
"Microsoft.ResourceConnector/operations/read",
"Microsoft.ExtendedLocation/register/action",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.ExtendedLocation/customLocations/write",
"Microsoft.ExtendedLocation/customLocations/delete",
"Microsoft.EdgeMarketplace/offers/read",
"Microsoft.EdgeMarketplace/publishers/read",
"Microsoft.Kubernetes/register/action",
"Microsoft.KubernetesConfiguration/register/action",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.KubernetesConfiguration/namespaces/read",
"Microsoft.KubernetesConfiguration/operations/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.AzureStackHCI/StorageContainers/Write",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.HybridContainerService/register/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"conditionVersion": "2.0",
"condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6}))"
}
],
"roleName": "Azure Stack HCI Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI-Enhetshantering roll
Microsoft.AzureStackHCI Enhetshantering roll
| Åtgärder | beskrivning |
|---|---|
| Microsoft.AzureStackHCI/Clusters/* | |
| Microsoft.AzureStackHCI/EdgeDevices/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Microsoft.AzureStackHCI Device Management Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/865ae368-6a45-4bd1-8fbf-0d5151f56fc1",
"name": "865ae368-6a45-4bd1-8fbf-0d5151f56fc1",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/Clusters/*",
"Microsoft.AzureStackHCI/EdgeDevices/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI Device Management Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI VM-deltagare
Beviljar behörigheter för att utföra alla VM-åtgärder
| Åtgärder | beskrivning |
|---|---|
| Microsoft.AzureStackHCI/VirtualMachines/* | |
| Microsoft.AzureStackHCI/virtualMachineInstances/* | |
| Microsoft.AzureStackHCI/NetworkInterfaces/* | |
| Microsoft.AzureStackHCI/VirtualHardDisks/* | |
| Microsoft.AzureStackHCI/VirtualNetworks/Read | Hämtar/listar resurs för virtuella nätverk |
| Microsoft.AzureStackHCI/VirtualNetworks/join/action | Ansluter till resursen för virtuella nätverk |
| Microsoft.AzureStackHCI/LogicalNetworks/Read | Hämtar/listar resurs för logiska nätverk |
| Microsoft.AzureStackHCI/LogicalNetworks/join/action | Ansluter till en resurs för logiska nätverk |
| Microsoft.AzureStackHCI/GalleryImages/Read | Hämta/listar galleribildresurs |
| Microsoft.AzureStackHCI/GalleryImages/deploy/action | Distribuerar galleri avbildningsresurs |
| Microsoft.AzureStackHCI/StorageContainers/Read | Hämtar/listar resurs för lagringscontainrar |
| Microsoft.AzureStackHCI/StorageContainers/deploy/action | Distribuerar resurs för lagringscontainrar |
| Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read | Hämta/listar resurs för galleribilder för marknadsplatser |
| Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action | Distribuerar resurs för galleribilder för marknadsplatser |
| Microsoft.AzureStackHCI/Clusters/Read | Hämtar kluster |
| Microsoft.AzureStackHCI/Clusters/ArcSettings/Read | Hämtar arc-resurs för HCI-kluster |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/Read | Hämtar/listar en resurs för nätverkssäkerhetsgrupp |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read | Hämtar/listar resurs för säkerhetsregler |
| Microsoft.Insights/AlertRules/Write | Skapa eller uppdatera en klassisk måttavisering |
| Microsoft.Insights/AlertRules/Delete | Ta bort en klassisk måttavisering |
| Microsoft.Insights/AlertRules/Read | Läsa en klassisk måttavisering |
| Microsoft.Insights/AlertRules/Activated/Action | Klassisk måttavisering aktiverad |
| Microsoft.Insights/AlertRules/Resolved/Action | Den klassiska måttaviseringen har lösts |
| Microsoft.Insights/AlertRules/Throttled/Action | Regelbegränsning för klassisk måttavisering |
| Microsoft.Insights/AlertRules/Incidents/Read | Läsa en klassisk måttaviseringsincident |
| Microsoft.Resources/deployments/read | Hämtar eller listar distributioner. |
| Microsoft.Resources/deployments/write | Skapar eller uppdaterar en distribution. |
| Microsoft.Resources/deployments/delete | Tar bort en distribution. |
| Microsoft.Resources/deployments/cancel/action | Avbryter en distribution. |
| Microsoft.Resources/deployments/validate/action | Verifierar en distribution. |
| Microsoft.Resources/deployments/whatIf/action | Förutsäger ändringar i malldistributionen. |
| Microsoft.Resources/deployments/exportTemplate/action | Exportera mall för en distribution |
| Microsoft.Resources/deployments/operations/read | Hämtar eller listar distributionsåtgärder. |
| Microsoft.Resources/deployments/operationstatuses/read | Hämtar eller visar status för distributionsåtgärden. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Hämtar eller listar distributioner. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/write | Skapar eller uppdaterar en distribution. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Hämtar eller listar distributionsåtgärder. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | Hämtar eller visar status för distributionsåtgärden. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Resources/subscriptions/read | Hämtar listan över prenumerationer. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Resources/subscriptions/operationresults/read | Hämta resultatet av prenumerationsåtgärden. |
| Microsoft.HybridCompute/machines/read | Läsa alla Azure Arc-datorer |
| Microsoft.HybridCompute/machines/write | Skriver en Azure Arc-dator |
| Microsoft.HybridCompute/machines/delete | Tar bort en Azure Arc-dator |
| Microsoft.HybridCompute/machines/UpgradeExtensions/action | Uppgraderar tillägg på Azure Arc-datorer |
| Microsoft.HybridCompute/machines/assessPatches/action | Utvärderar alla Azure Arc-datorer för att få saknade programkorrigeringar |
| Microsoft.HybridCompute/machines/installPatches/action | Installerar korrigeringar på alla Azure Arc-datorer |
| Microsoft.HybridCompute/machines/extensions/read | Läser alla Azure Arc-tillägg |
| Microsoft.HybridCompute/machines/extensions/write | Installerar eller uppdaterar ett Azure Arc-tillägg |
| Microsoft.HybridCompute/machines/extensions/delete | Tar bort ett Azure Arc-tillägg |
| Microsoft.HybridCompute/operations/read | Läs alla åtgärder för Azure Arc för servrar |
| Microsoft.HybridCompute/locations/operationresults/read | Läser status för en åtgärd på Microsoft.HybridCompute-resursprovidern |
| Microsoft.HybridCompute/locations/operationstatus/read | Läser status för en åtgärd på Microsoft.HybridCompute-resursprovidern |
| Microsoft.HybridCompute/machines/patchAssessmentResults/read | Läser alla Azure Arc-korrigeringarAssessmentResults |
| Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | Läser alla Azure Arc-korrigeringarAssessmentResults/softwarePatches |
| Microsoft.HybridCompute/machines/patchInstallationResults/read | Läser alla Azure Arc-korrigeringarInstallationResults |
| Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | Läser alla Azure Arc-korrigeringarInstallationResults/softwarePatches |
| Microsoft.HybridCompute/locations/updateCenterOperationResults/read | Läser status för en uppdateringscenteråtgärd på datorer |
| Microsoft.HybridCompute/machines/hybridIdentityMetadata/read | Läs alla Azure Arc-datorers hybrididentitetsmetadata |
| Microsoft.HybridCompute/osType/agentVersions/read | Läs alla tillgängliga Azure Connected Machine Agent-versioner |
| Microsoft.HybridCompute/osType/agentVersions/latest/read | Läs den senaste versionen av Azure Connected Machine Agent |
| Microsoft.HybridCompute/machines/runcommands/read | Läser alla Azure Arc-runcommands |
| Microsoft.HybridCompute/machines/runcommands/write | Installerar eller uppdaterar en Azure Arc-runcommands |
| Microsoft.HybridCompute/machines/runcommands/delete | Tar bort en Azure Arc-runcommands |
| Microsoft.HybridCompute/machines/licenseProfiles/read | Läser alla Azure Arc-licensprofiler |
| Microsoft.HybridCompute/machines/licenseProfiles/write | Installerar eller uppdaterar en Azure Arc-licensProfiler |
| Microsoft.HybridCompute/machines/licenseProfiles/delete | Tar bort en Azure Arc-licensProfiler |
| Microsoft.HybridCompute/licenses/read | Läser alla Azure Arc-licenser |
| Microsoft.HybridCompute/licenses/write | Installerar eller uppdaterar en Azure Arc-licens |
| Microsoft.HybridCompute/licenses/delete | Tar bort en Azure Arc-licens |
| Microsoft.ExtendedLocation/customLocations/Read | Hämtar en anpassad platsresurs |
| Microsoft.ExtendedLocation/customLocations/deploy/action | Distribuera behörigheter till en anpassad platsresurs |
| Microsoft.KubernetesConfiguration/extensions/read | Hämtar tilläggsinstansresurs. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Grants permissions to perform all VM actions",
"id": "/providers/Microsoft.Authorization/roleDefinitions/874d1c73-6003-4e60-a13a-cb31ea190a85",
"name": "874d1c73-6003-4e60-a13a-cb31ea190a85",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/VirtualMachines/*",
"Microsoft.AzureStackHCI/virtualMachineInstances/*",
"Microsoft.AzureStackHCI/NetworkInterfaces/*",
"Microsoft.AzureStackHCI/VirtualHardDisks/*",
"Microsoft.AzureStackHCI/VirtualNetworks/Read",
"Microsoft.AzureStackHCI/VirtualNetworks/join/action",
"Microsoft.AzureStackHCI/LogicalNetworks/Read",
"Microsoft.AzureStackHCI/LogicalNetworks/join/action",
"Microsoft.AzureStackHCI/GalleryImages/Read",
"Microsoft.AzureStackHCI/GalleryImages/deploy/action",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.AzureStackHCI/StorageContainers/deploy/action",
"Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",
"Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action",
"Microsoft.AzureStackHCI/Clusters/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/delete",
"Microsoft.Resources/deployments/cancel/action",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/whatIf/action",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/assessPatches/action",
"Microsoft.HybridCompute/machines/installPatches/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/operations/read",
"Microsoft.HybridCompute/locations/operationresults/read",
"Microsoft.HybridCompute/locations/operationstatus/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
"Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
"Microsoft.HybridCompute/osType/agentVersions/read",
"Microsoft.HybridCompute/osType/agentVersions/latest/read",
"Microsoft.HybridCompute/machines/runcommands/read",
"Microsoft.HybridCompute/machines/runcommands/write",
"Microsoft.HybridCompute/machines/runcommands/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.ExtendedLocation/customLocations/Read",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.KubernetesConfiguration/extensions/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI VM Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI VM Reader
Beviljar behörighet att visa virtuella datorer
| Åtgärder | beskrivning |
|---|---|
| Microsoft.AzureStackHCI/VirtualMachines/Read | Hämtar/listar resurs för virtuella datorer |
| Microsoft.AzureStackHCI/virtualMachineInstances/Read | Hämtar/listar instansresurs för virtuella datorer |
| Microsoft.AzureStackHCI/VirtualMachines/Extensions/Read | Hämtar/listar resurs för tillägg för virtuella datorer |
| Microsoft.AzureStackHCI/VirtualNetworks/Read | Hämtar/listar resurs för virtuella nätverk |
| Microsoft.AzureStackHCI/LogicalNetworks/Read | Hämtar/listar resurs för logiska nätverk |
| Microsoft.AzureStackHCI/NetworkInterfaces/Read | Hämtar/listar nätverksgränssnittsresurs |
| Microsoft.AzureStackHCI/VirtualHardDisks/Read | Hämtar/listar virtuell hårddiskresurs |
| Microsoft.AzureStackHCI/StorageContainers/Read | Hämtar/listar resurs för lagringscontainrar |
| Microsoft.AzureStackHCI/GalleryImages/Read | Hämta/listar galleribildresurs |
| Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read | Hämta/listar resurs för galleribilder för marknadsplatser |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/Read | Hämtar/listar en resurs för nätverkssäkerhetsgrupp |
| Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read | Hämtar/listar resurs för säkerhetsregler |
| Microsoft.HybridCompute/licenses/read | Läser alla Azure Arc-licenser |
| Microsoft.HybridCompute/machines/extensions/read | Läser alla Azure Arc-tillägg |
| Microsoft.HybridCompute/machines/licenseProfiles/read | Läser alla Azure Arc-licensprofiler |
| Microsoft.HybridCompute/machines/patchAssessmentResults/read | Läser alla Azure Arc-korrigeringarAssessmentResults |
| Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | Läser alla Azure Arc-korrigeringarAssessmentResults/softwarePatches |
| Microsoft.HybridCompute/machines/patchInstallationResults/read | Läser alla Azure Arc-korrigeringarInstallationResults |
| Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | Läser alla Azure Arc-korrigeringarInstallationResults/softwarePatches |
| Microsoft.HybridCompute/machines/read | Läsa alla Azure Arc-datorer |
| Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations/read | Läser alla Azure Arc-nätverkSäkerhetPerimeterKonfigurationer |
| Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/read | Läs alla Azure Arc privateEndpointConnections |
| Microsoft.HybridCompute/privateLinkScopes/read | Läs alla Azure Arc privateLinkScopes |
| Microsoft.Insights/AlertRules/Write | Skapa eller uppdatera en klassisk måttavisering |
| Microsoft.Insights/AlertRules/Delete | Ta bort en klassisk måttavisering |
| Microsoft.Insights/AlertRules/Read | Läsa en klassisk måttavisering |
| Microsoft.Insights/AlertRules/Activated/Action | Klassisk måttavisering aktiverad |
| Microsoft.Insights/AlertRules/Resolved/Action | Den klassiska måttaviseringen har lösts |
| Microsoft.Insights/AlertRules/Throttled/Action | Regelbegränsning för klassisk måttavisering |
| Microsoft.Insights/AlertRules/Incidents/Read | Läsa en klassisk måttaviseringsincident |
| Microsoft.Resources/deployments/read | Hämtar eller listar distributioner. |
| Microsoft.Resources/deployments/exportTemplate/action | Exportera mall för en distribution |
| Microsoft.Resources/deployments/operations/read | Hämtar eller listar distributionsåtgärder. |
| Microsoft.Resources/deployments/operationstatuses/read | Hämtar eller visar status för distributionsåtgärden. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Hämtar eller listar distributioner. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Hämtar eller listar distributionsåtgärder. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | Hämtar eller visar status för distributionsåtgärden. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Resources/subscriptions/read | Hämtar listan över prenumerationer. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Resources/subscriptions/operationresults/read | Hämta resultatet av prenumerationsåtgärden. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Grants permissions to view VMs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4b3fe76c-f777-4d24-a2d7-b027b0f7b273",
"name": "4b3fe76c-f777-4d24-a2d7-b027b0f7b273",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/VirtualMachines/Read",
"Microsoft.AzureStackHCI/virtualMachineInstances/Read",
"Microsoft.AzureStackHCI/VirtualMachines/Extensions/Read",
"Microsoft.AzureStackHCI/VirtualNetworks/Read",
"Microsoft.AzureStackHCI/LogicalNetworks/Read",
"Microsoft.AzureStackHCI/NetworkInterfaces/Read",
"Microsoft.AzureStackHCI/VirtualHardDisks/Read",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.AzureStackHCI/GalleryImages/Read",
"Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/Read",
"Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations/read",
"Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/read",
"Microsoft.HybridCompute/privateLinkScopes/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI VM Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack-registreringsägare
Gör att du kan hantera Azure Stack-registreringar.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.AzureStack/edgeSubscriptions/read | |
| Microsoft.AzureStack/registrations/products/*/action | |
| Microsoft.AzureStack/registrations/products/read | Hämtar egenskaperna för en Azure Stack Marketplace-produkt |
| Microsoft.AzureStack/registrations/read | Hämtar egenskaperna för en Azure Stack-registrering |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Stack registrations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"permissions": [
{
"actions": [
"Microsoft.AzureStack/edgeSubscriptions/read",
"Microsoft.AzureStack/registrations/products/*/action",
"Microsoft.AzureStack/registrations/products/read",
"Microsoft.AzureStack/registrations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack Registration Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Hybrid Server-resursadministratör
Kan läsa, skriva, ta bort och återregistrera hybridservrar till hybridresursprovidern.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.HybridCompute/machines/* | |
| Microsoft.HybridCompute/*/read | |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Can read, write, delete, and re-onboard Hybrid servers to the Hybrid Resource Provider.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/48b40c6e-82e0-4eb3-90d5-19e40f49b624",
"name": "48b40c6e-82e0-4eb3-90d5-19e40f49b624",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/*",
"Microsoft.HybridCompute/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Hybrid Server Resource Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}