Inbyggda Azure-roller för hantering och styrning
I den här artikeln visas de inbyggda Azure-rollerna i kategorin Hantering och styrning.
Advisor Recommendations-deltagare (utvärderingar och granskningar)
Visa utvärderingsrekommendationer, godkända granskningsrekommendationer och hantera rekommendationers livscykel (markera rekommendationer som slutförda, uppskjutna eller avvisade, pågående eller inte startade).
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Advisor/recommendations/read | Läsrekommendationer |
| Microsoft.Advisor/recommendations/write | Skrivrekommendationer |
| Microsoft.Advisor/recommendations/available/action | Ny rekommendation finns i Microsoft Advisor |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "View assessment recommendations, accepted review recommendations, and manage the recommendations lifecycle (mark recommendations as completed, postponed or dismissed, in progress, or not started).",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6b534d80-e337-47c4-864f-140f5c7f593d",
"name": "6b534d80-e337-47c4-864f-140f5c7f593d",
"permissions": [
{
"actions": [
"Microsoft.Advisor/recommendations/read",
"Microsoft.Advisor/recommendations/write",
"Microsoft.Advisor/recommendations/available/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Advisor Recommendations Contributor (Assessments and Reviews)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Advisor Reviews-deltagare
Visa granskningar för en arbetsbelastning och sorteringsrekommendationer som är länkade till dem.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Advisor/resiliencyReviews/read | Läs återhämtningReviews |
| Microsoft.Advisor/triageRecommendations/read | Läs triageRecommendations |
| Microsoft.Advisor/triageRecommendations/approve/action | Godkänn triageRecommendations |
| Microsoft.Advisor/triageRecommendations/reject/action | Avvisa triageRecommendations |
| Microsoft.Advisor/triageRecommendations/reset/action | Återställ triageRecommendations |
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Insights/alertRules/* | Skapa och hantera en klassisk måttavisering |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "View reviews for a workload and triage recommendations linked to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8aac15f0-d885-4138-8afa-bfb5872f7d13",
"name": "8aac15f0-d885-4138-8afa-bfb5872f7d13",
"permissions": [
{
"actions": [
"Microsoft.Advisor/resiliencyReviews/read",
"Microsoft.Advisor/triageRecommendations/read",
"Microsoft.Advisor/triageRecommendations/approve/action",
"Microsoft.Advisor/triageRecommendations/reject/action",
"Microsoft.Advisor/triageRecommendations/reset/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Advisor Reviews Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Advisor Recensioner Läsare
Visa granskningar för en arbetsbelastning och rekommendationer som är länkade till dem.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Advisor/resiliencyReviews/read | Läs återhämtningReviews |
| Microsoft.Advisor/triageRecommendations/read | Läs triageRecommendations |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "View reviews for a workload and recommendations linked to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c64499e0-74c3-47ad-921c-13865957895c",
"name": "c64499e0-74c3-47ad-921c-13865957895c",
"permissions": [
{
"actions": [
"Microsoft.Advisor/resiliencyReviews/read",
"Microsoft.Advisor/triageRecommendations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Advisor Reviews Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Automation-deltagare
Hantera Azure Automation-resurser och andra resurser med hjälp av Azure Automation.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Automation/automationAccounts/* | |
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| Microsoft.Insights/ActionGroups/* | |
| Microsoft.Insights/ActivityLogAlerts/* | |
| Microsoft.Insights/MetricAlerts/* | |
| Microsoft.Insights/ScheduledQueryRules/* | |
| Microsoft.Insights/diagnosticSettings/* | Skapar, uppdaterar eller läser diagnostikinställningen för Analysis Server |
| Microsoft.OperationalInsights/workspaces/sharedKeys/action | Hämtar de delade nycklarna för arbetsytan. Dessa nycklar används för att ansluta Microsoft Operational Insights-agenter till arbetsytan. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Manage azure automation resources and other resources using azure automation.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f353d9bd-d4a6-484e-a77a-8050b599b867",
"name": "f353d9bd-d4a6-484e-a77a-8050b599b867",
"permissions": [
{
"actions": [
"Microsoft.Automation/automationAccounts/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/ActionGroups/*",
"Microsoft.Insights/ActivityLogAlerts/*",
"Microsoft.Insights/MetricAlerts/*",
"Microsoft.Insights/ScheduledQueryRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/workspaces/sharedKeys/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Automation Job Operator
Skapa och hantera jobb med Automation Runbooks.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read | Läser en Hybrid Runbook Worker-grupp |
| Microsoft.Automation/automationAccounts/jobs/read | Hämtar ett Azure Automation-jobb |
| Microsoft.Automation/automationAccounts/jobs/resume/action | Återupptar ett Azure Automation-jobb |
| Microsoft.Automation/automationAccounts/jobs/stop/action | Stoppar ett Azure Automation-jobb |
| Microsoft.Automation/automationAccounts/jobs/streams/read | Hämtar en Azure Automation-jobbström |
| Microsoft.Automation/automationAccounts/jobs/suspend/action | Pausar ett Azure Automation-jobb |
| Microsoft.Automation/automationAccounts/jobs/write | Skapar ett Azure Automation-jobb |
| Microsoft.Automation/automationAccounts/jobs/output/read | Hämtar utdata för ett jobb |
| Microsoft.Insights/alertRules/* | Skapa och hantera en klassisk måttavisering |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Create and Manage Jobs using Automation Runbooks.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f",
"name": "4fe576fe-1146-4730-92eb-48519fa6bf9f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Job Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Automation-operatör
Automation-operatörer kan starta, stoppa, pausa och återuppta jobb
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read | Läser en Hybrid Runbook Worker-grupp |
| Microsoft.Automation/automationAccounts/jobs/read | Hämtar ett Azure Automation-jobb |
| Microsoft.Automation/automationAccounts/jobs/resume/action | Återupptar ett Azure Automation-jobb |
| Microsoft.Automation/automationAccounts/jobs/stop/action | Stoppar ett Azure Automation-jobb |
| Microsoft.Automation/automationAccounts/jobs/streams/read | Hämtar en Azure Automation-jobbström |
| Microsoft.Automation/automationAccounts/jobs/suspend/action | Pausar ett Azure Automation-jobb |
| Microsoft.Automation/automationAccounts/jobs/write | Skapar ett Azure Automation-jobb |
| Microsoft.Automation/automationAccounts/jobSchedules/read | Hämtar ett Azure Automation-jobbschema |
| Microsoft.Automation/automationAccounts/jobSchedules/write | Skapar ett Azure Automation-jobbschema |
| Microsoft.Automation/automationAccounts/linkedWorkspace/read | Hämtar arbetsytan länkad till automationskontot |
| Microsoft.Automation/automationAccounts/read | Hämtar ett Azure Automation-konto |
| Microsoft.Automation/automationAccounts/runbooks/read | Hämtar en Azure Automation-runbook |
| Microsoft.Automation/automationAccounts/schedules/read | Hämtar en Azure Automation-schematillgång |
| Microsoft.Automation/automationAccounts/schedules/write | Skapar eller uppdaterar en Azure Automation-schematillgång |
| Microsoft.Insights/alertRules/* | Skapa och hantera en klassisk måttavisering |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Automation/automationAccounts/jobs/output/read | Hämtar utdata för ett jobb |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Automation Operators are able to start, stop, suspend, and resume jobs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404",
"name": "d3881f73-407a-4167-8283-e981cbba0404",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobSchedules/read",
"Microsoft.Automation/automationAccounts/jobSchedules/write",
"Microsoft.Automation/automationAccounts/linkedWorkspace/read",
"Microsoft.Automation/automationAccounts/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Automation/automationAccounts/schedules/read",
"Microsoft.Automation/automationAccounts/schedules/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Runbook-operatör för Automation
Läs Runbook-egenskaper – för att kunna skapa jobb för runbooken.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Automation/automationAccounts/runbooks/read | Hämtar en Azure Automation-runbook |
| Microsoft.Insights/alertRules/* | Skapa och hantera en klassisk måttavisering |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Read Runbook properties - to be able to create Jobs of the runbook.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"name": "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Runbook Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administratör för Azure Center for SAP solutions
Den här rollen ger läs- och skrivåtkomst till alla funktioner i Azure Center för SAP-lösningar.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Advisor/configurations/read | Hämta konfigurationer |
| Microsoft.Advisor/recommendations/read | Läsrekommendationer |
| Microsoft.Workloads/sapvirtualInstances/*/read | |
| Microsoft.Workloads/sapVirtualInstances/*/write | |
| Microsoft.Workloads/sapVirtualInstances/*/delete | |
| Microsoft.Workloads/Locations/*/action | |
| Microsoft.Workloads/Locations/*/read | |
| Microsoft.Workloads/sapVirtualInstances/*/start/action | |
| Microsoft.Workloads/sapVirtualInstances/*/stop/action | |
| Microsoft.Workloads/connectors/*/read | |
| Microsoft.Workloads/connectors/*/write | |
| Microsoft.Workloads/connectors/*/delete | |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Insights/alertRules/* | Skapa och hantera en klassisk måttavisering |
| Microsoft.Insights/metrics/read | Läsa mått |
| Microsoft.Insights/metricDefinitions/read | Läsa måttdefinitioner |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Resources/subscriptions/read | Hämtar listan över prenumerationer. |
| Microsoft.Resources/subscriptions/resourceGroups/write | Skapar eller uppdaterar en resursgrupp. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Network/virtualNetworks/read | Hämta definitionen för virtuellt nätverk |
| Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read | Hämtar tillgängliga mått för PingMesh |
| Microsoft.Network/virtualNetworks/subnets/read | Hämtar en undernätsdefinition för virtuellt nätverk |
| Microsoft.Network/virtualNetworks/subnets/write | Skapar ett virtuellt nätverksundernät eller uppdaterar ett befintligt virtuellt nätverksundernät |
| Microsoft.Network/virtualNetworks/subnets/virtualMachines/read | Hämtar referenser till alla virtuella datorer i ett virtuellt nätverksundernät |
| Microsoft.Network/networkInterfaces/read | Hämtar en nätverksgränssnittsdefinition. |
| Microsoft.Network/networkInterfaces/ipconfigurations/read | Hämtar en ip-konfigurationsdefinition för nätverksgränssnittet. |
| Microsoft.Network/networkInterfaces/loadBalancers/read | Hämtar alla lastbalanserare som nätverksgränssnittet ingår i |
| Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read | Hämtar tillgängliga mått för nätverksgränssnittet |
| Microsoft.Network/loadBalancers/read | Hämtar en definition för lastbalanserare |
| Microsoft.Network/loadBalancers/backendAddressPools/read | Hämtar en definition för lastbalanserarens serverdelsadresspool |
| Microsoft.Network/loadBalancers/frontendIPConfigurations/read | Hämtar en ip-konfigurationsdefinition för lastbalanserarens klientdel |
| Microsoft.Network/loadBalancers/loadBalancingRules/read | Hämtar en definition av lastbalanserarens belastningsutjämningsregel |
| Microsoft.Network/loadBalancers/inboundNatRules/read | Hämtar en definition av inkommande nat-regel för lastbalanserare |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read | Hämtar händelserna för Load Balancer |
| Microsoft.Network/loadBalancers/networkInterfaces/read | Hämtar referenser till alla nätverksgränssnitt under en lastbalanserare |
| Microsoft.Network/loadBalancers/outboundRules/read | Hämtar en regeldefinition för utgående lastbalanserare |
| Microsoft.Network/loadBalancers/virtualMachines/read | Hämtar referenser till alla virtuella datorer under en lastbalanserare |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read | Hämtar tillgängliga mått för Load Balancer |
| Microsoft.Network/privateEndpoints/read | Hämtar en privat slutpunktsresurs. |
| Microsoft.Network/networkSecurityGroups/join/action | Ansluter till en nätverkssäkerhetsgrupp. Inte aviseringsbar. |
| Microsoft.Network/routeTables/join/action | Ansluter till en routningstabell. Inte aviseringsbar. |
| Microsoft.Storage/storageAccounts/read | Returnerar listan över lagringskonton eller hämtar egenskaperna för det angivna lagringskontot. |
| Microsoft.Storage/storageAccounts/blobServices/read | Returnerar blobtjänstegenskaper eller statistik |
| Microsoft.Storage/storageAccounts/blobServices/containers/read | Returnerar lista över containrar |
| Microsoft.Storage/storageAccounts/fileServices/read | Hämta filtjänstegenskaper |
| Microsoft.Storage/storageAccounts/fileServices/shares/read | Lista filresurser |
| Microsoft.Compute/virtualMachines/read | Hämta egenskaperna för en virtuell dator |
| Microsoft.Compute/availabilitySets/read | Hämta egenskaperna för en tillgänglighetsuppsättning |
| Microsoft.Compute/sshPublicKeys/read | Hämta egenskaperna för en offentlig SSH-nyckel |
| Microsoft.Compute/sshPublicKeys/write | Skapar en ny offentlig SSH-nyckel eller uppdaterar en befintlig offentlig SSH-nyckel |
| Microsoft.Compute/sshPublicKeys/*/generateKeyPair/action | |
| Microsoft.Compute/virtualMachines/extensions/read | Hämta egenskaperna för ett tillägg för en virtuell dator |
| Microsoft.Compute/virtualMachines/extensions/delete | Tar bort tillägget för den virtuella datorn |
| Microsoft.Compute/disks/read | Hämta egenskaperna för en disk |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read | Returnerar en blob eller en lista över blobar |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "This role provides read and write access to all capabilities of Azure Center for SAP solutions.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7",
"name": "7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7",
"permissions": [
{
"actions": [
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Workloads/sapvirtualInstances/*/read",
"Microsoft.Workloads/sapVirtualInstances/*/write",
"Microsoft.Workloads/sapVirtualInstances/*/delete",
"Microsoft.Workloads/Locations/*/action",
"Microsoft.Workloads/Locations/*/read",
"Microsoft.Workloads/sapVirtualInstances/*/start/action",
"Microsoft.Workloads/sapVirtualInstances/*/stop/action",
"Microsoft.Workloads/connectors/*/read",
"Microsoft.Workloads/connectors/*/write",
"Microsoft.Workloads/connectors/*/delete",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/write",
"Microsoft.Network/virtualNetworks/subnets/virtualMachines/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/ipconfigurations/read",
"Microsoft.Network/networkInterfaces/loadBalancers/read",
"Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/loadBalancers/backendAddressPools/read",
"Microsoft.Network/loadBalancers/frontendIPConfigurations/read",
"Microsoft.Network/loadBalancers/loadBalancingRules/read",
"Microsoft.Network/loadBalancers/inboundNatRules/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read",
"Microsoft.Network/loadBalancers/networkInterfaces/read",
"Microsoft.Network/loadBalancers/outboundRules/read",
"Microsoft.Network/loadBalancers/virtualMachines/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/privateEndpoints/read",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/routeTables/join/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/fileServices/read",
"Microsoft.Storage/storageAccounts/fileServices/shares/read",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/sshPublicKeys/read",
"Microsoft.Compute/sshPublicKeys/write",
"Microsoft.Compute/sshPublicKeys/*/generateKeyPair/action",
"Microsoft.Compute/virtualMachines/extensions/read",
"Microsoft.Compute/virtualMachines/extensions/delete",
"Microsoft.Compute/disks/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
],
"notDataActions": []
}
],
"roleName": "Azure Center for SAP solutions administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Center for SAP-lösningsläsare
Den här rollen ger läsåtkomst till alla funktioner i Azure Center för SAP-lösningar.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Advisor/configurations/read | Hämta konfigurationer |
| Microsoft.Advisor/recommendations/read | Läsrekommendationer |
| Microsoft.Workloads/sapvirtualInstances/*/read | |
| Microsoft.Workloads/Locations/*/read | |
| Microsoft.Workloads/Operations/read | läsåtgärder |
| Microsoft.Workloads/Locations/OperationStatuses/read | läs OperationStatuses |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Insights/alertRules/read | Läsa en klassisk måttavisering |
| Microsoft.Insights/metrics/read | Läsa mått |
| Microsoft.Insights/metricDefinitions/read | Läsa måttdefinitioner |
| Microsoft.Resources/deployments/read | Hämtar eller listar distributioner. |
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Resources/subscriptions/read | Hämtar listan över prenumerationer. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Hämtar eller listar distributioner. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Network/virtualNetworks/read | Hämta definitionen för virtuellt nätverk |
| Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read | Hämtar tillgängliga mått för PingMesh |
| Microsoft.Network/virtualNetworks/subnets/read | Hämtar en undernätsdefinition för virtuellt nätverk |
| Microsoft.Network/virtualNetworks/subnets/virtualMachines/read | Hämtar referenser till alla virtuella datorer i ett virtuellt nätverksundernät |
| Microsoft.Network/networkInterfaces/read | Hämtar en nätverksgränssnittsdefinition. |
| Microsoft.Network/networkInterfaces/ipconfigurations/read | Hämtar en ip-konfigurationsdefinition för nätverksgränssnittet. |
| Microsoft.Network/networkInterfaces/loadBalancers/read | Hämtar alla lastbalanserare som nätverksgränssnittet ingår i |
| Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read | Hämtar tillgängliga mått för nätverksgränssnittet |
| Microsoft.Network/loadBalancers/read | Hämtar en definition för lastbalanserare |
| Microsoft.Network/loadBalancers/backendAddressPools/read | Hämtar en definition för lastbalanserarens serverdelsadresspool |
| Microsoft.Network/loadBalancers/frontendIPConfigurations/read | Hämtar en ip-konfigurationsdefinition för lastbalanserarens klientdel |
| Microsoft.Network/loadBalancers/loadBalancingRules/read | Hämtar en definition av lastbalanserarens belastningsutjämningsregel |
| Microsoft.Network/loadBalancers/inboundNatRules/read | Hämtar en definition av inkommande nat-regel för lastbalanserare |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read | Hämtar händelserna för Load Balancer |
| Microsoft.Network/loadBalancers/networkInterfaces/read | Hämtar referenser till alla nätverksgränssnitt under en lastbalanserare |
| Microsoft.Network/loadBalancers/outboundRules/read | Hämtar en regeldefinition för utgående lastbalanserare |
| Microsoft.Network/loadBalancers/virtualMachines/read | Hämtar referenser till alla virtuella datorer under en lastbalanserare |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read | Hämtar tillgängliga mått för Load Balancer |
| Microsoft.Network/privateEndpoints/read | Hämtar en privat slutpunktsresurs. |
| Microsoft.Storage/storageAccounts/read | Returnerar listan över lagringskonton eller hämtar egenskaperna för det angivna lagringskontot. |
| Microsoft.Storage/storageAccounts/blobServices/read | Returnerar blobtjänstegenskaper eller statistik |
| Microsoft.Storage/storageAccounts/blobServices/containers/read | Returnerar lista över containrar |
| Microsoft.Storage/storageAccounts/fileServices/read | Hämta filtjänstegenskaper |
| Microsoft.Storage/storageAccounts/fileServices/shares/read | Lista filresurser |
| Microsoft.Compute/virtualMachines/read | Hämta egenskaperna för en virtuell dator |
| Microsoft.Compute/availabilitySets/read | Hämta egenskaperna för en tillgänglighetsuppsättning |
| Microsoft.Compute/virtualMachines/extensions/read | Hämta egenskaperna för ett tillägg för en virtuell dator |
| Microsoft.Compute/disks/read | Hämta egenskaperna för en disk |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "This role provides read access to all capabilities of Azure Center for SAP solutions.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/05352d14-a920-4328-a0de-4cbe7430e26b",
"name": "05352d14-a920-4328-a0de-4cbe7430e26b",
"permissions": [
{
"actions": [
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Workloads/sapvirtualInstances/*/read",
"Microsoft.Workloads/Locations/*/read",
"Microsoft.Workloads/Operations/read",
"Microsoft.Workloads/Locations/OperationStatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/read",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/virtualMachines/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/ipconfigurations/read",
"Microsoft.Network/networkInterfaces/loadBalancers/read",
"Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/loadBalancers/backendAddressPools/read",
"Microsoft.Network/loadBalancers/frontendIPConfigurations/read",
"Microsoft.Network/loadBalancers/loadBalancingRules/read",
"Microsoft.Network/loadBalancers/inboundNatRules/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read",
"Microsoft.Network/loadBalancers/networkInterfaces/read",
"Microsoft.Network/loadBalancers/outboundRules/read",
"Microsoft.Network/loadBalancers/virtualMachines/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/privateEndpoints/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/fileServices/read",
"Microsoft.Storage/storageAccounts/fileServices/shares/read",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/virtualMachines/extensions/read",
"Microsoft.Compute/disks/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Center for SAP solutions reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Tjänstroll för Azure Center for SAP solutions
Tjänstroll för Azure Center for SAP-lösningar – Den här rollen är avsedd att användas för att ge behörighet till användartilldelad hanterad identitet. Azure Center for SAP-lösningar använder den här identiteten för att distribuera och hantera SAP-system.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Resources/subscriptions/resourceGroups/write | Skapar eller uppdaterar en resursgrupp. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/read | Hämtar listan över prenumerationer. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.Network/loadBalancers/read | Hämtar en definition för lastbalanserare |
| Microsoft.Network/loadBalancers/write | Skapar en lastbalanserare eller uppdaterar en befintlig lastbalanserare |
| Microsoft.Network/loadBalancers/backendAddressPools/read | Hämtar en definition för lastbalanserarens serverdelsadresspool |
| Microsoft.Network/loadBalancers/backendAddressPools/write | Skapar en lastbalanserares serverdelsadresspool eller uppdaterar en befintlig lastbalanserares serverdelsadresspool |
| Microsoft.Network/loadBalancers/frontendIPConfigurations/read | Hämtar en ip-konfigurationsdefinition för lastbalanserarens klientdel |
| Microsoft.Network/loadBalancers/loadBalancingRules/read | Hämtar en definition av lastbalanserarens belastningsutjämningsregel |
| Microsoft.Network/loadBalancers/inboundNatRules/read | Hämtar en definition av inkommande nat-regel för lastbalanserare |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read | Hämtar händelserna för Load Balancer |
| Microsoft.Network/loadBalancers/networkInterfaces/read | Hämtar referenser till alla nätverksgränssnitt under en lastbalanserare |
| Microsoft.Network/loadBalancers/outboundRules/read | Hämtar en regeldefinition för utgående lastbalanserare |
| Microsoft.Network/loadBalancers/virtualMachines/read | Hämtar referenser till alla virtuella datorer under en lastbalanserare |
| Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read | Hämtar tillgängliga mått för Load Balancer |
| Microsoft.Network/networkInterfaces/read | Hämtar en nätverksgränssnittsdefinition. |
| Microsoft.Network/networkInterfaces/write | Skapar ett nätverksgränssnitt eller uppdaterar ett befintligt nätverksgränssnitt. |
| Microsoft.Network/networkInterfaces/ipconfigurations/read | Hämtar en ip-konfigurationsdefinition för nätverksgränssnittet. |
| Microsoft.Network/networkInterfaces/loadBalancers/read | Hämtar alla lastbalanserare som nätverksgränssnittet ingår i |
| Microsoft.Network/virtualNetworks/read | Hämta definitionen för virtuellt nätverk |
| Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read | Kontrollera om IP-adressen är tillgänglig i det angivna virtuella nätverket |
| Microsoft.Network/virtualNetworks/subnets/read | Hämtar en undernätsdefinition för virtuellt nätverk |
| Microsoft.Network/virtualNetworks/subnets/virtualMachines/read | Hämtar referenser till alla virtuella datorer i ett virtuellt nätverksundernät |
| Microsoft.Network/virtualNetworks/virtualMachines/read | Hämtar referenser till alla virtuella datorer i ett virtuellt nätverk |
| Microsoft.Network/networkInterfaces/ipconfigurations/join/action | Ansluter till en IP-konfiguration för nätverksgränssnittet. Inte aviseringsbar. |
| Microsoft.Network/privateEndpoints/read | Hämtar en privat slutpunktsresurs. |
| Microsoft.Network/privateEndpoints/write | Skapar en ny privat slutpunkt eller uppdaterar en befintlig privat slutpunkt. |
| Microsoft.Network/networkInterfaces/join/action | Ansluter en virtuell dator till ett nätverksgränssnitt. Inte aviseringsbar. |
| Microsoft.Network/loadBalancers/backendAddressPools/join/action | Ansluter en lastbalanserares serverdelsadresspool. Inte aviseringsbar. |
| Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action | Ansluter till en IP-konfiguration för lastbalanserarens klientdel. Inte aviseringsbar. |
| Microsoft.Network/virtualNetworks/subnets/join/action | Ansluter till ett virtuellt nätverk. Inte aviseringsbar. |
| Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action | Ansluter en lastbalanserare till virtuella nätverksundernät |
| Microsoft.Storage/storageAccounts/read | Returnerar listan över lagringskonton eller hämtar egenskaperna för det angivna lagringskontot. |
| Microsoft.Storage/storageAccounts/write | Skapar ett lagringskonto med de angivna parametrarna eller uppdaterar egenskaperna eller taggarna eller lägger till en anpassad domän för det angivna lagringskontot. |
| Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action | Godkänna privata slutpunktsanslutningar |
| Microsoft.Storage/storageAccounts/blobServices/read | Returnerar blobtjänstegenskaper eller statistik |
| Microsoft.Storage/storageAccounts/blobServices/containers/read | Returnerar lista över containrar |
| Microsoft.Storage/storageAccounts/fileServices/read | Hämta filtjänstegenskaper |
| Microsoft.Storage/storageAccounts/fileServices/write | Placera filtjänstegenskaper |
| Microsoft.Storage/storageAccounts/fileServices/shares/read | Lista filresurser |
| Microsoft.Storage/storageAccounts/fileServices/shares/write | Skapa eller uppdatera filresurs |
| Microsoft.Compute/virtualMachines/read | Hämta egenskaperna för en virtuell dator |
| Microsoft.Compute/virtualMachines/write | Skapar en ny virtuell dator eller uppdaterar en befintlig virtuell dator |
| Microsoft.Compute/virtualMachines/instanceView/read | Hämtar detaljerad körningsstatus för den virtuella datorn och dess resurser |
| Microsoft.Compute/availabilitySets/read | Hämta egenskaperna för en tillgänglighetsuppsättning |
| Microsoft.Compute/availabilitySets/write | Skapar en ny tillgänglighetsuppsättning eller uppdaterar en befintlig |
| Microsoft.Compute/skus/read | Hämtar listan över Microsoft.Compute-SKU:er som är tillgängliga för din prenumeration |
| Microsoft.Compute/sshPublicKeys/read | Hämta egenskaperna för en offentlig SSH-nyckel |
| Microsoft.Compute/virtualMachines/extensions/read | Hämta egenskaperna för ett tillägg för en virtuell dator |
| Microsoft.Compute/virtualMachines/extensions/write | Skapar ett nytt tillägg för virtuell dator eller uppdaterar ett befintligt |
| Microsoft.Compute/virtualMachines/extensions/delete | Tar bort tillägget för den virtuella datorn |
| Microsoft.Compute/disks/read | Hämta egenskaperna för en disk |
| Microsoft.Compute/disks/write | Skapar en ny disk eller uppdaterar en befintlig |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Azure Center for SAP solutions service role - This role is intended to be used for providing the permissions to user assigned managed identity. Azure Center for SAP solutions will use this identity to deploy and manage SAP systems.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/aabbc5dd-1af0-458b-a942-81af88f9c138",
"name": "aabbc5dd-1af0-458b-a942-81af88f9c138",
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/loadBalancers/write",
"Microsoft.Network/loadBalancers/backendAddressPools/read",
"Microsoft.Network/loadBalancers/backendAddressPools/write",
"Microsoft.Network/loadBalancers/frontendIPConfigurations/read",
"Microsoft.Network/loadBalancers/loadBalancingRules/read",
"Microsoft.Network/loadBalancers/inboundNatRules/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read",
"Microsoft.Network/loadBalancers/networkInterfaces/read",
"Microsoft.Network/loadBalancers/outboundRules/read",
"Microsoft.Network/loadBalancers/virtualMachines/read",
"Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/networkInterfaces/ipconfigurations/read",
"Microsoft.Network/networkInterfaces/loadBalancers/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/virtualMachines/read",
"Microsoft.Network/virtualNetworks/virtualMachines/read",
"Microsoft.Network/networkInterfaces/ipconfigurations/join/action",
"Microsoft.Network/privateEndpoints/read",
"Microsoft.Network/privateEndpoints/write",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/write",
"Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/fileServices/read",
"Microsoft.Storage/storageAccounts/fileServices/write",
"Microsoft.Storage/storageAccounts/fileServices/shares/read",
"Microsoft.Storage/storageAccounts/fileServices/shares/write",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/write",
"Microsoft.Compute/virtualMachines/instanceView/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/availabilitySets/write",
"Microsoft.Compute/skus/read",
"Microsoft.Compute/sshPublicKeys/read",
"Microsoft.Compute/virtualMachines/extensions/read",
"Microsoft.Compute/virtualMachines/extensions/write",
"Microsoft.Compute/virtualMachines/extensions/delete",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Center for SAP solutions service role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Connected Machine Onboarding
Kan registrera Azure Connected Machines.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.HybridCompute/machines/read | Läsa alla Azure Arc-datorer |
| Microsoft.HybridCompute/machines/write | Skriver en Azure Arc-dator |
| Microsoft.HybridCompute/privateLinkScopes/read | Läs alla Azure Arc privateLinkScopes |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/read | Hämta gästkonfigurationstilldelning. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Can onboard Azure Connected Machines.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"name": "b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/privateLinkScopes/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Onboarding",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Connected Machine resursadministratör
Kan läsa, skriva, ta bort och återansluta Azure Connected Machines.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.HybridCompute/machines/* | |
| Microsoft.HybridCompute/machines/extensions/* | |
| Microsoft.HybridCompute/machines/licenseProfiles/* | |
| Microsoft.HybridCompute/machines/runCommands/* | |
| Microsoft.HybridCompute/machines/UpgradeExtensions/action | Uppgraderar tillägg på Azure Arc-datorer |
| Microsoft.HybridCompute/privateLinkScopes/* | |
| Microsoft.HybridCompute/licenses/* | |
| Microsoft.HybridCompute/locations/* | |
| Microsoft.HybridCompute/*/read | |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Can read, write, delete and re-onboard Azure Connected Machines.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302",
"name": "cd570a14-e51a-42ad-bac8-bafd67325302",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/*",
"Microsoft.HybridCompute/machines/extensions/*",
"Microsoft.HybridCompute/machines/licenseProfiles/*",
"Microsoft.HybridCompute/machines/runCommands/*",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/privateLinkScopes/*",
"Microsoft.HybridCompute/licenses/*",
"Microsoft.HybridCompute/locations/*",
"Microsoft.HybridCompute/*/read",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Resource Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Connected Machine Resource Manager
Anpassad roll för AzureStackHCI RP för att hantera hybriddatorer och hybridanslutningsslutpunkter i en resursgrupp
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read | |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/read | Hämta gästkonfigurationstilldelning. |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/write | Skapa ny gästkonfigurationstilldelning. |
| Microsoft.HybridCompute/machines/read | Läsa alla Azure Arc-datorer |
| Microsoft.HybridCompute/machines/extensions/read | Läser alla Azure Arc-tillägg |
| Microsoft.HybridCompute/*/read | |
| Microsoft.HybridCompute/machines/delete | Tar bort en Azure Arc-dator |
| Microsoft.HybridCompute/machines/extensions/delete | Tar bort ett Azure Arc-tillägg |
| Microsoft.HybridCompute/machines/extensions/write | Installerar eller uppdaterar ett Azure Arc-tillägg |
| Microsoft.HybridCompute/machines/licenseProfiles/delete | Tar bort en Azure Arc-licensProfiler |
| Microsoft.HybridCompute/machines/licenseProfiles/read | Läser alla Azure Arc-licensprofiler |
| Microsoft.HybridCompute/machines/licenseProfiles/write | Installerar eller uppdaterar en Azure Arc-licensProfiler |
| Microsoft.HybridCompute/machines/UpgradeExtensions/action | Uppgraderar tillägg på Azure Arc-datorer |
| Microsoft.HybridCompute/machines/write | Skriver en Azure Arc-dator |
| Microsoft.HybridConnectivity/endpoints/read | Hämta eller lista över slutpunkter till målresursen. |
| Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read | Hämta eller lista över serviceConfigurations till slutpunktsresursen. |
| Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write | Skapa eller uppdatera serviceConfigurations till slutpunktsresursen. |
| Microsoft.HybridConnectivity/endpoints/write | Skapa eller uppdatera slutpunkten till målresursen. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.EdgeMarketplace/locations/operationStatuses/read | read operationStatuses |
| Microsoft.EdgeMarketPlace/offers/getAccessToken/action | hämta åtkomsttoken. |
| Microsoft.EdgeMarketPlace/offers/generateAccessToken/action | En tidskrävande resursåtgärd. |
| Microsoft.EdgeMarketplace/publishers/read | Hämta en utgivare |
| Microsoft.EdgeMarketplace/offers/read | Hämta ett erbjudande |
| Microsoft.ExtendedLocation/customLocations/read | Hämtar en anpassad platsresurs |
| Microsoft.Attestation/attestationProviders/write | Lägger till attesteringstjänsten. |
| Microsoft.Attestation/attestationProviders/read | Hämtar status för attesteringstjänsten. |
| Microsoft.Attestation/attestationProviders/delete | Tar bort attesteringstjänsten. |
| Microsoft.Attestation/attestationProviders/attestation/read | Hämtar status för attesteringstjänsten. |
| Microsoft.Attestation/attestationProviders/attestation/write | Lägger till attesteringstjänsten. |
| Microsoft.Attestation/attestationProviders/attestation/delete | Tar bort attesteringstjänsten. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f5819b54-e033-4d82-ac66-4fec3cbf3f4c",
"name": "f5819b54-e033-4d82-ac66-4fec3cbf3f4c",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/write",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/*/read",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridConnectivity/endpoints/read",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write",
"Microsoft.HybridConnectivity/endpoints/write",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.EdgeMarketplace/locations/operationStatuses/read",
"Microsoft.EdgeMarketPlace/offers/getAccessToken/action",
"Microsoft.EdgeMarketPlace/offers/generateAccessToken/action",
"Microsoft.EdgeMarketplace/publishers/read",
"Microsoft.EdgeMarketplace/offers/read",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.Attestation/attestationProviders/write",
"Microsoft.Attestation/attestationProviders/read",
"Microsoft.Attestation/attestationProviders/delete",
"Microsoft.Attestation/attestationProviders/attestation/read",
"Microsoft.Attestation/attestationProviders/attestation/write",
"Microsoft.Attestation/attestationProviders/attestation/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Resource Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Customer Lockbox-godkännare för prenumeration
Kan godkänna Microsofts supportbegäranden om att få åtkomst till specifika resurser i en prenumeration, eller själva prenumerationen, när Customer Lockbox för Microsoft Azure är aktiverat på klientorganisationen där prenumerationen finns.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Resources/subscriptions/read | Hämtar listan över prenumerationer. |
| Microsoft.CustomerLockbox/requests/UpdateApproval/action | Uppdatera godkännande Microsoft.CustomerLockbox |
| Microsoft.CustomerLockbox/requests/read | Läs lockbox-begäran |
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Insights/eventtypes/values/read | Läsa aktivitetslogghändelser |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Can approve Microsoft support requests to access specific resources contained within a subscription, or the subscription itself, when Customer Lockbox for Microsoft Azure is enabled on the tenant where the subscription resides.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4dae6930-7baf-46f5-909e-0383bc931c46",
"name": "4dae6930-7baf-46f5-909e-0383bc931c46",
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/read",
"Microsoft.CustomerLockbox/requests/UpdateApproval/action",
"Microsoft.CustomerLockbox/requests/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/eventtypes/values/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Customer Lockbox Approver for Subscription",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Faktureringsläsare
Tillåter läsåtkomst till faktureringsdata
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Billing/*/read | Läs faktureringsinformation |
| Microsoft.Commerce/*/read | |
| Microsoft.Consumption/*/read | |
| Microsoft.Management/managementGroups/read | Lista hanteringsgrupper för den autentiserade användaren. |
| Microsoft.CostManagement/*/read | |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to billing data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"name": "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Billing/*/read",
"Microsoft.Commerce/*/read",
"Microsoft.Consumption/*/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Billing Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Skissdeltagare
Kan hantera skissdefinitioner, men inte tilldela dem.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Blueprint/blueprints/* | Skapa och hantera skissdefinitioner eller skissartefakter. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Can manage blueprint definitions, but not assign them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4",
"name": "41077137-e803-4205-871c-5a86e6a753b4",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprints/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Skissoperator
Kan tilldela befintliga publicerade skisser, men kan inte skapa nya skisser. Observera att detta endast fungerar om tilldelningen görs med en användartilldelad hanterad identitet.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Blueprint/blueprintAssignments/* | Skapa och hantera skisstilldelningar. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090",
"name": "437d2ced-4a38-4302-8479-ed2bcb43d090",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprintAssignments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Läsare för koldioxidoptimering
Tillåt läsåtkomst till Azure Carbon Optimization-data
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Carbon/carbonEmissionReports/action | API för rapporter om koldioxidutsläpp |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allow read access to Azure Carbon Optimization data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa0d39e6-28e5-40cf-8521-1eb320653a4c",
"name": "fa0d39e6-28e5-40cf-8521-1eb320653a4c",
"permissions": [
{
"actions": [
"Microsoft.Carbon/carbonEmissionReports/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Carbon Optimization Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Cost Management-deltagare
Kan visa kostnader och hantera kostnadskonfiguration (t.ex. budgetar, exporter)
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Consumption/* | |
| Microsoft.CostManagement/* | |
| Microsoft.Billing/billingPeriods/read | |
| Microsoft.Resources/subscriptions/read | Hämtar listan över prenumerationer. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| Microsoft.Advisor/configurations/read | Hämta konfigurationer |
| Microsoft.Advisor/recommendations/read | Läsrekommendationer |
| Microsoft.Management/managementGroups/read | Lista hanteringsgrupper för den autentiserade användaren. |
| Microsoft.Billing/billingProperty/read | Hämtar faktureringsegenskaperna för en prenumeration |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Can view costs and manage cost configuration (e.g. budgets, exports)",
"id": "/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430",
"name": "434105ed-43f6-45c7-a02f-909b2ba83430",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*",
"Microsoft.CostManagement/*",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Billing/billingProperty/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Cost Management-läsare
Kan visa kostnadsdata och konfiguration (t.ex. budgetar, exporter)
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Consumption/*/read | |
| Microsoft.CostManagement/*/read | |
| Microsoft.Billing/billingPeriods/read | |
| Microsoft.Resources/subscriptions/read | Hämtar listan över prenumerationer. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| Microsoft.Advisor/configurations/read | Hämta konfigurationer |
| Microsoft.Advisor/recommendations/read | Läsrekommendationer |
| Microsoft.Management/managementGroups/read | Lista hanteringsgrupper för den autentiserade användaren. |
| Microsoft.Billing/billingProperty/read | Hämtar faktureringsegenskaperna för en prenumeration |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Can view cost data and configuration (e.g. budgets, exports)",
"id": "/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3",
"name": "72fafb9e-0641-4937-9268-a91bfd8191a3",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Billing/billingProperty/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administratör för hierarkiinställningar
Tillåter användare att redigera och ta bort hierarkiinställningar
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Management/managementGroups/settings/write | Skapar eller uppdaterar hierarkiinställningar för hanteringsgrupper. |
| Microsoft.Management/managementGroups/settings/delete | Tar bort inställningar för hanteringsgruppshierarki. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows users to edit and delete Hierarchy Settings",
"id": "/providers/Microsoft.Authorization/roleDefinitions/350f8d15-c687-4448-8ae1-157740a3936d",
"name": "350f8d15-c687-4448-8ae1-157740a3936d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/settings/write",
"Microsoft.Management/managementGroups/settings/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Hierarchy Settings Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Deltagarroll för hanterat program
Tillåter att hanterade programresurser skapas.
| Åtgärder | beskrivning |
|---|---|
| */read | Läsa resurser av alla typer, förutom hemligheter. |
| Microsoft.Solutions/applications/* | |
| Microsoft.Solutions/register/action | Registrera prenumerationen för Microsoft.Solutions |
| Microsoft.Resources/subscriptions/resourceGroups/* | |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows for creating managed application resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e",
"name": "641177b8-a67a-45b9-a033-47bc880bb21e",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/*",
"Microsoft.Solutions/register/action",
"Microsoft.Resources/subscriptions/resourceGroups/*",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Contributor Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Hanterad programoperatorroll
Gör att du kan läsa och utföra åtgärder på hanterade programresurser
| Åtgärder | beskrivning |
|---|---|
| */read | Läsa resurser av alla typer, förutom hemligheter. |
| Microsoft.Solutions/applications/read | Visar en lista över alla program i en prenumeration. |
| Microsoft.Solutions/*/action | |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and perform actions on Managed Application resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae",
"name": "c7393b34-138c-406f-901b-d8cf2b17e6ae",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/read",
"Microsoft.Solutions/*/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Läsare för hanterade program
Låter dig läsa resurser i en hanterad app och begära JIT-åtkomst.
| Åtgärder | beskrivning |
|---|---|
| */read | Läsa resurser av alla typer, förutom hemligheter. |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Solutions/jitRequests/* | |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you read resources in a managed app and request JIT access.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44",
"name": "b9331d33-8a36-4f8c-b097-4f54124fdb44",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Solutions/jitRequests/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Applications Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Ta bort roll för registreringstilldelning för hanterade tjänster
Med borttagningsrollen för registrering av hanterade tjänster kan de hantera klientanvändare ta bort den registreringstilldelning som tilldelats deras klientorganisation.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.ManagedServices/registrationAssignments/read | Hämtar en lista över registreringstilldelningar för Managed Services. |
| Microsoft.ManagedServices/registrationAssignments/delete | Tar bort registreringstilldelning för Managed Services. |
| Microsoft.ManagedServices/operationStatuses/read | Läser åtgärdsstatusen för resursen. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46",
"name": "91c1777a-f3dc-4fae-b103-61d183457e46",
"permissions": [
{
"actions": [
"Microsoft.ManagedServices/registrationAssignments/read",
"Microsoft.ManagedServices/registrationAssignments/delete",
"Microsoft.ManagedServices/operationStatuses/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Services Registration assignment Delete Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Deltagare i hanteringsgrupp
Deltagarroll för hanteringsgrupp
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Management/managementGroups/delete | Ta bort hanteringsgrupp. |
| Microsoft.Management/managementGroups/read | Lista hanteringsgrupper för den autentiserade användaren. |
| Microsoft.Management/managementGroups/subscriptions/delete | Koppla från prenumerationen från hanteringsgruppen. |
| Microsoft.Management/managementGroups/subscriptions/write | Associerar en befintlig prenumeration med hanteringsgruppen. |
| Microsoft.Management/managementGroups/write | Skapa eller uppdatera en hanteringsgrupp. |
| Microsoft.Management/managementGroups/subscriptions/read | Visar en lista över prenumerationer under den angivna hanteringsgruppen. |
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Management Group Contributor Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"name": "5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/delete",
"Microsoft.Management/managementGroups/read",
"Microsoft.Management/managementGroups/subscriptions/delete",
"Microsoft.Management/managementGroups/subscriptions/write",
"Microsoft.Management/managementGroups/write",
"Microsoft.Management/managementGroups/subscriptions/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Hanteringsgruppsläsare
Läsarroll för hanteringsgrupp
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Management/managementGroups/read | Lista hanteringsgrupper för den autentiserade användaren. |
| Microsoft.Management/managementGroups/subscriptions/read | Visar en lista över prenumerationer under den angivna hanteringsgruppen. |
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Management Group Reader Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d",
"name": "ac63b705-f282-497d-ac71-919bf39d939d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/read",
"Microsoft.Management/managementGroups/subscriptions/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Ny relik-APM-kontodeltagare
Gör att du kan hantera konton och program för hantering av nya relikprogramsprestanda, men inte åtkomst till dem.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Insights/alertRules/* | Skapa och hantera en klassisk måttavisering |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NewRelic.APM/accounts/* | |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237",
"name": "5d28c62d-5b37-4476-8438-e587778df237",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"NewRelic.APM/accounts/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "New Relic APM Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Policy Insights Data Writer (förhandsversion)
Tillåter läsåtkomst till resursprinciper och skrivåtkomst till resurskomponentprinciphändelser.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/policyassignments/read | Hämta information om en principtilldelning. |
| Microsoft.Authorization/policydefinitions/read | Hämta information om en principdefinition. |
| Microsoft.Authorization/policyexemptions/read | Få information om ett principundantag. |
| Microsoft.Authorization/policysetdefinitions/read | Hämta information om en principuppsättningsdefinition. |
| NotActions | |
| ingen | |
| DataActions | |
| Microsoft.PolicyInsights/checkDataPolicyCompliance/action | Kontrollera efterlevnadsstatusen för en viss komponent mot dataprinciper. |
| Microsoft.PolicyInsights/policyEvents/logDataEvents/action | Logga resurskomponentens principhändelser. |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to resource policies and write access to resource component policy events.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84",
"name": "66bb4e9e-b016-4a94-8249-4c0511c2be84",
"permissions": [
{
"actions": [
"Microsoft.Authorization/policyassignments/read",
"Microsoft.Authorization/policydefinitions/read",
"Microsoft.Authorization/policyexemptions/read",
"Microsoft.Authorization/policysetdefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.PolicyInsights/checkDataPolicyCompliance/action",
"Microsoft.PolicyInsights/policyEvents/logDataEvents/action"
],
"notDataActions": []
}
],
"roleName": "Policy Insights Data Writer (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator för kvotbegäran
Läs och skapa kvotbegäranden, hämta status för kvotbegäran och skapa supportärenden.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Capacity/resourceProviders/locations/serviceLimits/read | Hämta den aktuella tjänstgränsen eller kvoten för den angivna resursen och platsen |
| Microsoft.Capacity/resourceProviders/locations/serviceLimits/write | Skapa tjänstgräns eller kvot för den angivna resursen och platsen |
| Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read | Hämta en tjänstgränsbegäran för den angivna resursen och platsen |
| Microsoft.Capacity/register/action | Registrerar kapacitetsresursprovidern och gör det möjligt att skapa kapacitetsresurser. |
| Microsoft.Quota/usages/read | Hämta användning för resursprovidrar |
| Microsoft.Quota/quotas/read | Hämta den aktuella tjänstgränsen eller kvoten för den angivna resursen |
| Microsoft.Quota/quotas/write | Skapar tjänstgränsen eller kvotbegäran för den angivna resursen |
| Microsoft.Quota/quotaRequests/read | Hämta en tjänstgränsbegäran för den angivna resursen |
| Microsoft.Quota/register/action | Registrera prenumerationen med Microsoft.Quota Resource Provider |
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Insights/alertRules/* | Skapa och hantera en klassisk måttavisering |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Read and create quota requests, get quota request status, and create support tickets.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0e5f05e5-9ab9-446b-b98d-1e2157c94125",
"name": "0e5f05e5-9ab9-446b-b98d-1e2157c94125",
"permissions": [
{
"actions": [
"Microsoft.Capacity/resourceProviders/locations/serviceLimits/read",
"Microsoft.Capacity/resourceProviders/locations/serviceLimits/write",
"Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read",
"Microsoft.Capacity/register/action",
"Microsoft.Quota/usages/read",
"Microsoft.Quota/quotas/read",
"Microsoft.Quota/quotas/write",
"Microsoft.Quota/quotaRequests/read",
"Microsoft.Quota/register/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Quota Request Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Reservationsköpare
Gör att du kan köpa reservationer
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/roleAssignments/read | Hämta information om en rolltilldelning. |
| Microsoft.Capacity/catalogs/read | Läsa reservationskatalogen |
| Microsoft.Capacity/register/action | Registrerar kapacitetsresursprovidern och gör det möjligt att skapa kapacitetsresurser. |
| Microsoft.Compute/register/action | Registrerar prenumeration med Microsoft.Compute-resursprovider |
| Microsoft.Consumption/register/action | Registrera dig för förbruknings-RP |
| Microsoft.Consumption/reservationRecommendationDetails/read | Lista information om reservationsrekommendation |
| Microsoft.Consumption/reservationRecommendations/read | Lista enskilda eller delade rekommendationer för reserverade instanser för en prenumeration. |
| Microsoft.Resources/subscriptions/read | Hämtar listan över prenumerationer. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.SQL/registrera/åtgärd | Registrerar prenumerationen för Microsoft SQL Database-resursprovidern och gör det möjligt att skapa Microsoft SQL Databases. |
| Microsoft.Support/supporttickets/write | Tillåter att du skapar och uppdaterar ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you purchase reservations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f7b75c60-3036-4b75-91c3-6b41c27c1689",
"name": "f7b75c60-3036-4b75-91c3-6b41c27c1689",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Capacity/catalogs/read",
"Microsoft.Capacity/register/action",
"Microsoft.Compute/register/action",
"Microsoft.Consumption/register/action",
"Microsoft.Consumption/reservationRecommendationDetails/read",
"Microsoft.Consumption/reservationRecommendations/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SQL/register/action",
"Microsoft.Support/supporttickets/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservation Purchaser",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Reservationsläsare
Låter en läsa alla reservationer i en klientorganisation
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Capacity/*/read | |
| Microsoft.Authorization/roleAssignments/read | Hämta information om en rolltilldelning. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/providers/Microsoft.Capacity"
],
"description": "Lets one read all the reservations in a tenant",
"id": "/providers/Microsoft.Authorization/roleDefinitions/582fc458-8989-419f-a480-75249bc5db7e",
"name": "582fc458-8989-419f-a480-75249bc5db7e",
"permissions": [
{
"actions": [
"Microsoft.Capacity/*/read",
"Microsoft.Authorization/roleAssignments/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservations Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Deltagare för resursprincip
Användare med behörighet att skapa/ändra resursprincip, skapa supportbegäran och läsa resurser/hierarki.
| Åtgärder | beskrivning |
|---|---|
| */read | Läsa resurser av alla typer, förutom hemligheter. |
| Microsoft.Authorization/policyassignments/* | Skapa och hantera principtilldelningar |
| Microsoft.Authorization/policydefinitions/* | Skapa och hantera principdefinitioner |
| Microsoft.Authorization/policyexemptions/* | Skapa och hantera principundantag |
| Microsoft.Authorization/policysetdefinitions/* | Skapa och hantera principuppsättningar |
| Microsoft.PolicyInsights/* | |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608",
"name": "36243c78-bf99-498c-9df9-86d9f8d28608",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/policyassignments/*",
"Microsoft.Authorization/policydefinitions/*",
"Microsoft.Authorization/policyexemptions/*",
"Microsoft.Authorization/policysetdefinitions/*",
"Microsoft.PolicyInsights/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Resource Policy Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Inköpare av sparplan
Låter dig köpa sparplaner
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Resources/subscriptions/read | Hämtar listan över prenumerationer. |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Capacity/register/action | Registrerar kapacitetsresursprovidern och gör det möjligt att skapa kapacitetsresurser. |
| Microsoft.Capacity/catalogs/read | Läsa reservationskatalogen |
| Microsoft.Authorization/roleAssignments/read | Hämta information om en rolltilldelning. |
| Microsoft.BillingBenefits/savingsPlanOrders/write | Skapa en sparplansbeställning |
| Microsoft.BIllingBenefits/register/action | Registrerar BillingBenefits-resursprovidern och gör det möjligt att skapa BillingBenefits-resurser. |
| Microsoft.Support/supporttickets/write | Tillåter att du skapar och uppdaterar ett supportärende |
| Microsoft.Billing/billingProperty/read | Hämtar faktureringsegenskaperna för en prenumeration |
| Microsoft.CostManagement/benefitRecommendations/read | Lista enskilda eller delade rekommendationer för Microsoft-förmåner. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you purchase savings plans",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3d24a3a0-c154-4f6f-a5ed-adc8e01ddb74",
"name": "3d24a3a0-c154-4f6f-a5ed-adc8e01ddb74",
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Capacity/register/action",
"Microsoft.Capacity/catalogs/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.BillingBenefits/savingsPlanOrders/write",
"Microsoft.BIllingBenefits/register/action",
"Microsoft.Support/supporttickets/write",
"Microsoft.Billing/billingProperty/read",
"Microsoft.CostManagement/benefitRecommendations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Savings plan Purchaser",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Schemalagd uppdateringsdeltagare
Ger åtkomst till att hantera underhållskonfigurationer med underhållsomfånget InGuestPatch och motsvarande konfigurationstilldelningar
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Maintenance/maintenanceConfigurations/read | Läs underhållskonfiguration. |
| Microsoft.Maintenance/maintenanceConfigurations/write | Skapa eller uppdatera underhållskonfigurationen. |
| Microsoft.Maintenance/maintenanceConfigurations/delete | Ta bort underhållskonfigurationen. |
| Microsoft.Maintenance/configurationAssignments/read | Läs underhållskonfigurationstilldelning. |
| Microsoft.Maintenance/configurationAssignments/write | Skapa eller uppdatera underhållskonfigurationstilldelningen. |
| Microsoft.Maintenance/configurationAssignments/delete | Ta bort tilldelning av underhållskonfiguration. |
| Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/read | Läs underhållskonfigurationstilldelning för InGuestPatch-underhållsomfång. |
| Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/write | Skapa eller uppdatera en underhållskonfigurationstilldelning för Underhållsomfånget InGuestPatch. |
| Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/delete | Ta bort underhållskonfigurationstilldelningen för InGuestPatch-underhållsomfånget. |
| Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/read | Läs underhållskonfiguration för Underhållsomfånget InGuestPatch. |
| Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/write | Skapa eller uppdatera en underhållskonfiguration för underhållsomfånget InGuestPatch. |
| Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/delete | Ta bort underhållskonfigurationen för underhållsomfånget InGuestPatch. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cd08ab90-6b14-449c-ad9a-8f8e549482c6",
"name": "cd08ab90-6b14-449c-ad9a-8f8e549482c6",
"permissions": [
{
"actions": [
"Microsoft.Maintenance/maintenanceConfigurations/read",
"Microsoft.Maintenance/maintenanceConfigurations/write",
"Microsoft.Maintenance/maintenanceConfigurations/delete",
"Microsoft.Maintenance/configurationAssignments/read",
"Microsoft.Maintenance/configurationAssignments/write",
"Microsoft.Maintenance/configurationAssignments/delete",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/read",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/write",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/delete",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/read",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/write",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Scheduled Patching Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery-deltagare
Gör att du kan hantera Site Recovery-tjänsten förutom skapande av valv och rolltilldelning
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Insights/alertRules/* | Skapa och hantera en klassisk måttavisering |
| Microsoft.Network/virtualNetworks/read | Hämta definitionen för virtuellt nätverk |
| Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp är en intern åtgärd som används av tjänsten |
| Microsoft.RecoveryServices/locations/allocateStamp/action | AllocateStamp är en intern åtgärd som används av tjänsten |
| Microsoft.RecoveryServices/Vaults/certificates/write | Åtgärden Uppdatera resurscertifikat uppdaterar autentiseringscertifikatet för resurs/valv. |
| Microsoft.RecoveryServices/Vaults/extendedInformation/* | Skapa och hantera utökad information om valv |
| Microsoft.RecoveryServices/Vaults/read | Åtgärden Get Vault hämtar ett objekt som representerar Azure-resursen av typen "valv" |
| Microsoft.RecoveryServices/Vaults/refreshContainers/read | |
| Microsoft.RecoveryServices/Vaults/registeredIdentiteter/* | Skapa och hantera registrerade identiteter |
| Microsoft.RecoveryServices/vaults/replicationAlertSettings/* | Skapa eller uppdatera aviseringsinställningar för replikering |
| Microsoft.RecoveryServices/vaults/replicationEvents/read | Läs alla händelser |
| Microsoft.RecoveryServices/vaults/replicationFabrics/* | Skapa och hantera replikeringsinfrastrukturer |
| Microsoft.RecoveryServices/vaults/replicationJobs/* | Skapa och hantera replikeringsjobb |
| Microsoft.RecoveryServices/vaults/replicationPolicies/* | Skapa och hantera replikeringsprinciper |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/* | Skapa och hantera återställningsplaner |
| Microsoft.RecoveryServices/vaults/replicationVaultSettings/* | |
| Microsoft.RecoveryServices/Vaults/storageConfig/* | Skapa och hantera lagringskonfiguration för Recovery Services-valv |
| Microsoft.RecoveryServices/Vaults/tokenInfo/read | |
| Microsoft.RecoveryServices/Vaults/usages/read | Returnerar användningsinformation för ett Recovery Services-valv. |
| Microsoft.RecoveryServices/Vaults/vaultTokens/read | Åtgärden Valvtoken kan användas för att hämta valvtoken för backend-åtgärder på valvnivå. |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | Läsa aviseringar för Recovery Services-valvet |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Storage/storageAccounts/read | Returnerar listan över lagringskonton eller hämtar egenskaperna för det angivna lagringskontot. |
| Microsoft.RecoveryServices/vaults/replicationOperationStatus/read | Läs valvreplikeringsåtgärdsstatus |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Site Recovery service except vault creation and role assignment",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"name": "6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/*",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/*",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/*",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/*",
"Microsoft.RecoveryServices/Vaults/storageConfig/*",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/vaults/replicationOperationStatus/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery-operatör
Låter dig redundans och återställning efter fel men inte utföra andra Site Recovery-hanteringsåtgärder
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Insights/alertRules/* | Skapa och hantera en klassisk måttavisering |
| Microsoft.Network/virtualNetworks/read | Hämta definitionen för virtuellt nätverk |
| Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp är en intern åtgärd som används av tjänsten |
| Microsoft.RecoveryServices/locations/allocateStamp/action | AllocateStamp är en intern åtgärd som används av tjänsten |
| Microsoft.RecoveryServices/Vaults/extendedInformation/read | Åtgärden Hämta utökad information hämtar ett objekts utökade information som representerar Azure-resursen av typen ?vault? |
| Microsoft.RecoveryServices/Vaults/read | Åtgärden Get Vault hämtar ett objekt som representerar Azure-resursen av typen "valv" |
| Microsoft.RecoveryServices/Vaults/refreshContainers/read | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | Åtgärden Hämta åtgärdsresultat kan användas för att hämta åtgärdsstatus och resultat för den asynkront skickade åtgärden |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/read | Åtgärden Hämta containrar kan användas för att få containrarna registrerade för en resurs. |
| Microsoft.RecoveryServices/vaults/replicationAlertSettings/read | Läs eventuella aviseringsinställningar |
| Microsoft.RecoveryServices/vaults/replicationEvents/read | Läs alla händelser |
| Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action | Kontrollerar infrastrukturresursens konsekvens |
| Microsoft.RecoveryServices/vaults/replicationFabrics/read | Läs alla infrastrukturresurser |
| Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action | Associera gatewayen igen |
| Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action | Förnya certifikat för infrastrukturresurser |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read | Läsa alla nätverk |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read | Läsa eventuella nätverksmappningar |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read | Läs alla skyddscontainrar |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read | Läs alla skyddsbara objekt |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action | Tillämpa återställningspunkt |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action | Incheckning av redundans |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action | Planerad redundans |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read | Läsa alla skyddade objekt |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read | Läs eventuella replikeringsåterställningspunkter |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action | Reparera replikering |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action | Återaktivera skyddet av skyddat objekt |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action | Växla skyddscontainer |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action | Testa redundans |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action | Testa redundansrensning |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action | Redundans |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action | Uppdatera mobilitetstjänsten |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read | Läsa eventuella skyddscontainermappningar |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read | Läs alla Recovery Services-leverantörer |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action | Uppdatera provider |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read | Läs eventuella lagringsklassificeringar |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read | Läsa eventuella lagringsklassificeringsmappningar |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read | Läs eventuella vCenters |
| Microsoft.RecoveryServices/vaults/replicationJobs/* | Skapa och hantera replikeringsjobb |
| Microsoft.RecoveryServices/vaults/replicationPolicies/read | Läs alla principer |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action | Återställningsplan för redundansberedskap |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action | Planerad återställningsplan för redundans |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read | Läs eventuella återställningsplaner |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action | Återaktivera skydd för återställningsplan |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action | Testa återställningsplan för redundans |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action | Återställningsplan för redundanstestning |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action | Återställningsplan för redundans |
| Microsoft.RecoveryServices/vaults/replicationVaultSettings/read | Läs alla |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | Läsa aviseringar för Recovery Services-valvet |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
| Microsoft.RecoveryServices/Vaults/storageConfig/read | |
| Microsoft.RecoveryServices/Vaults/tokenInfo/read | |
| Microsoft.RecoveryServices/Vaults/usages/read | Returnerar användningsinformation för ett Recovery Services-valv. |
| Microsoft.RecoveryServices/Vaults/vaultTokens/read | Åtgärden Valvtoken kan användas för att hämta valvtoken för backend-åtgärder på valvnivå. |
| Microsoft.ResourceHealth/availabilityStatuses/read | Hämtar tillgänglighetsstatusar för alla resurser i det angivna omfånget |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Storage/storageAccounts/read | Returnerar listan över lagringskonton eller hämtar egenskaperna för det angivna lagringskontot. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you failover and failback but not perform other Site Recovery management operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca",
"name": "494ae006-db33-4328-bf46-533a6560a3ca",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery-läsare
Gör att du kan visa Site Recovery-status men inte utföra andra hanteringsåtgärder
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp är en intern åtgärd som används av tjänsten |
| Microsoft.RecoveryServices/Vaults/extendedInformation/read | Åtgärden Hämta utökad information hämtar ett objekts utökade information som representerar Azure-resursen av typen ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/read | Hämtar aviseringarna för Recovery Services-valvet. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
| Microsoft.RecoveryServices/Vaults/read | Åtgärden Get Vault hämtar ett objekt som representerar Azure-resursen av typen "valv" |
| Microsoft.RecoveryServices/Vaults/refreshContainers/read | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | Åtgärden Hämta åtgärdsresultat kan användas för att hämta åtgärdsstatus och resultat för den asynkront skickade åtgärden |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/read | Åtgärden Hämta containrar kan användas för att få containrarna registrerade för en resurs. |
| Microsoft.RecoveryServices/vaults/replicationAlertSettings/read | Läs eventuella aviseringsinställningar |
| Microsoft.RecoveryServices/vaults/replicationEvents/read | Läs alla händelser |
| Microsoft.RecoveryServices/vaults/replicationFabrics/read | Läs alla infrastrukturresurser |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read | Läsa alla nätverk |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read | Läsa eventuella nätverksmappningar |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read | Läs alla skyddscontainrar |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read | Läs alla skyddsbara objekt |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read | Läsa alla skyddade objekt |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read | Läs eventuella replikeringsåterställningspunkter |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read | Läsa eventuella skyddscontainermappningar |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read | Läs alla Recovery Services-leverantörer |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read | Läs eventuella lagringsklassificeringar |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read | Läsa eventuella lagringsklassificeringsmappningar |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read | Läs eventuella vCenters |
| Microsoft.RecoveryServices/vaults/replicationJobs/read | Läs alla jobb |
| Microsoft.RecoveryServices/vaults/replicationPolicies/read | Läs alla principer |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read | Läs eventuella återställningsplaner |
| Microsoft.RecoveryServices/vaults/replicationVaultSettings/read | Läs alla |
| Microsoft.RecoveryServices/Vaults/storageConfig/read | |
| Microsoft.RecoveryServices/Vaults/tokenInfo/read | |
| Microsoft.RecoveryServices/Vaults/usages/read | Returnerar användningsinformation för ett Recovery Services-valv. |
| Microsoft.RecoveryServices/Vaults/vaultTokens/read | Åtgärden Valvtoken kan användas för att hämta valvtoken för backend-åtgärder på valvnivå. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you view Site Recovery status but not perform other management operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/dbaa88c4-0c30-4179-9fb3-46319faa6149",
"name": "dbaa88c4-0c30-4179-9fb3-46319faa6149",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/read",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Deltagare i supportbegäran
Gör att du kan skapa och hantera supportförfrågningar
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you create and manage Support requests",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"name": "cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Support Request Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Taggdeltagare
Gör att du kan hantera taggar på entiteter utan att ge åtkomst till själva entiteterna.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| Microsoft.Resources/subscriptions/resourceGroups/resources/read | Hämtar resurserna för resursgruppen. |
| Microsoft.Resources/subscriptions/resources/read | Hämtar resurser för en prenumeration. |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Insights/alertRules/* | Skapa och hantera en klassisk måttavisering |
| Microsoft.Support/* | Skapa och uppdatera ett supportärende |
| Microsoft.Resources/tags/* | |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage tags on entities, without providing access to the entities themselves.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f",
"name": "4a9ae827-6dc8-4573-8ac7-8239d42aa03f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/resources/read",
"Microsoft.Resources/subscriptions/resources/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*",
"Microsoft.Resources/tags/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Tag Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Mallspecifikationsdeltagare
Tillåter fullständig åtkomst till mallspecifikationsåtgärder i det tilldelade omfånget.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Resources/templateSpecs/* | Skapa och hantera mallspecifikationer och mallspecifikationsversioner |
| Microsoft.Authorization/*/read | Läsa roller och rolltilldelningar |
| Microsoft.Resources/deployments/* | Skapa och hantera en distribution |
| Microsoft.Resources/subscriptions/resourceGroups/read | Hämtar eller listar resursgrupper. |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows full access to Template Spec operations at the assigned scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1c9b6475-caf0-4164-b5a1-2142a7116f4b",
"name": "1c9b6475-caf0-4164-b5a1-2142a7116f4b",
"permissions": [
{
"actions": [
"Microsoft.Resources/templateSpecs/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Template Spec Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Mallspecifikationsläsare
Tillåter läsåtkomst till mallspecifikationer i det tilldelade omfånget.
| Åtgärder | beskrivning |
|---|---|
| Microsoft.Resources/templateSpecs/*/read | Hämta eller lista mallspecifikationer och mallspecifikationsversioner |
| NotActions | |
| ingen | |
| DataActions | |
| ingen | |
| NotDataActions | |
| ingen |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to Template Specs at the assigned scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/392ae280-861d-42bd-9ea5-08ee6d83b80e",
"name": "392ae280-861d-42bd-9ea5-08ee6d83b80e",
"permissions": [
{
"actions": [
"Microsoft.Resources/templateSpecs/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Template Spec Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}