共用方式為


適用於整合的 Azure 內建角色

本文列出整合類別中的 Azure 內建角色。

API 管理開發人員入口網站內容編輯器

可以自定義開發人員入口網站、編輯其內容,以及發佈它。

深入了解

動作 描述
Microsoft.ApiManagement/service/portalRevisions/read 列出開發人員入口網站修訂實體的集合。 或取得其標識碼所指定的開發人員入口網站修訂。
Microsoft.ApiManagement/service/portalRevisions/write 建立新的開發人員入口網站修訂。 或 更新指定入口網站修訂的描述,或讓它成為最新狀態。
Microsoft.ApiManagement/service/contentTypes/read 傳回內容類型清單或傳回內容類型
Microsoft.ApiManagement/service/contentTypes/delete 拿掉內容類型。
Microsoft.ApiManagement/service/contentTypes/write 建立新的內容類型
Microsoft.ApiManagement/service/contentTypes/contentItems/read 傳回內容專案清單或傳回內容專案詳細數據
Microsoft.ApiManagement/service/contentTypes/contentItems/write 建立新的內容專案或更新指定的內容專案
Microsoft.ApiManagement/service/contentTypes/contentItems/delete 拿掉指定的內容專案。
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can customize the developer portal, edit its content, and publish it.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/c031e6a8-4391-4de0-8d69-4706a7ed3729",
  "name": "c031e6a8-4391-4de0-8d69-4706a7ed3729",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/portalRevisions/read",
        "Microsoft.ApiManagement/service/portalRevisions/write",
        "Microsoft.ApiManagement/service/contentTypes/read",
        "Microsoft.ApiManagement/service/contentTypes/delete",
        "Microsoft.ApiManagement/service/contentTypes/write",
        "Microsoft.ApiManagement/service/contentTypes/contentItems/read",
        "Microsoft.ApiManagement/service/contentTypes/contentItems/write",
        "Microsoft.ApiManagement/service/contentTypes/contentItems/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Developer Portal Content Editor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

API 管理服務參與者

可以管理服務和 API

深入了解

動作 描述
Microsoft.ApiManagement/service/* 建立和管理 API 管理 服務
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Support/* 建立和更新支援票證
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage service and the APIs",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c",
  "name": "312a565d-c81f-4fd8-895a-4e21e48d571c",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

API 管理服務操作員角色

可以管理服務,但不能管理服務

深入了解

動作 描述
Microsoft.ApiManagement/service/*/read 讀取服務實例 API 管理
Microsoft.ApiManagement/service/backup/action 將 API 管理 服務備份至使用者提供的記憶體帳戶中指定的容器
Microsoft.ApiManagement/service/delete 刪除 API 管理 服務實例
Microsoft.ApiManagement/service/managedeployments/action 變更 SKU/單位、新增/移除 API 管理 服務的區域性部署
Microsoft.ApiManagement/service/read 讀取 API 管理 服務實例的元數據
Microsoft.ApiManagement/service/restore/action 從使用者提供的記憶體帳戶中指定的容器還原 API 管理 服務
Microsoft.ApiManagement/service/updatecertificate/action 上傳 API 管理 服務的 TLS/SSL 憑證
Microsoft.ApiManagement/service/updatehostname/action 設定、更新或移除 API 管理 服務的自定義功能變數名稱
Microsoft.ApiManagement/service/write 建立或更新服務實例 API 管理
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Support/* 建立和更新支援票證
NotActions
Microsoft.ApiManagement/service/users/keys/read 取得與使用者相關聯的金鑰
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage service but not the APIs",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61",
  "name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*/read",
        "Microsoft.ApiManagement/service/backup/action",
        "Microsoft.ApiManagement/service/delete",
        "Microsoft.ApiManagement/service/managedeployments/action",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.ApiManagement/service/restore/action",
        "Microsoft.ApiManagement/service/updatecertificate/action",
        "Microsoft.ApiManagement/service/updatehostname/action",
        "Microsoft.ApiManagement/service/write",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.ApiManagement/service/users/keys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Operator Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

API 管理服務讀取者角色

服務和 API 的唯讀存取權

深入了解

動作 描述
Microsoft.ApiManagement/service/*/read 讀取服務實例 API 管理
Microsoft.ApiManagement/service/read 讀取 API 管理 服務實例的元數據
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Support/* 建立和更新支援票證
NotActions
Microsoft.ApiManagement/service/users/keys/read 取得與使用者相關聯的金鑰
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only access to service and APIs",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d",
  "name": "71522526-b88f-4d52-b57f-d31fc3546d0d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*/read",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.ApiManagement/service/users/keys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

APIM 服務工作區 API 開發人員

具有標籤和產品的讀取許可權,以及允許的寫入許可權:將 API 指派給產品、將標籤指派給產品和 API。 此角色應在服務範圍上指派。

深入了解

動作 描述
Microsoft.ApiManagement/service/tags/read 列出服務實例內定義的標記集合。 或取得其識別碼所指定標記的詳細數據。
Microsoft.ApiManagement/service/tags/apiLinks/*
Microsoft.ApiManagement/service/tags/operationLinks/*
Microsoft.ApiManagement/service/tags/productLinks/*
Microsoft.ApiManagement/service/products/read 列出指定服務實例中的產品集合。 或取得其識別碼所指定產品的詳細數據。
Microsoft.ApiManagement/service/products/apiLinks/*
Microsoft.ApiManagement/service/read 讀取 API 管理 服務實例的元數據
Microsoft.ApiManagement/service/authorizationServers/read 列出服務實例內定義的授權伺服器集合。 或取得授權伺服器的詳細數據,而不需秘密。
Microsoft.Authorization/*/read 讀取角色和角色指派
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Has read access to tags and products and write access to allow: assigning APIs to products, assigning tags to products and APIs. This role should be assigned on the service scope.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/9565a273-41b9-4368-97d2-aeb0c976a9b3",
  "name": "9565a273-41b9-4368-97d2-aeb0c976a9b3",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/tags/read",
        "Microsoft.ApiManagement/service/tags/apiLinks/*",
        "Microsoft.ApiManagement/service/tags/operationLinks/*",
        "Microsoft.ApiManagement/service/tags/productLinks/*",
        "Microsoft.ApiManagement/service/products/read",
        "Microsoft.ApiManagement/service/products/apiLinks/*",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.ApiManagement/service/authorizationServers/read",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Workspace API Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

APIM 服務工作區 API 產品管理員

具備與 APIM 服務工作區 API 開發人員相同的存取權,以及使用者的讀取權限和寫入權限,以允許將使用者指派給群組。 此角色應在服務範圍上指派。

深入了解

動作 描述
Microsoft.ApiManagement/service/users/read 列出指定服務實例中已註冊用戶的集合。 或取得其識別碼所指定之用戶的詳細數據。
Microsoft.ApiManagement/service/tags/read 列出服務實例內定義的標記集合。 或取得其識別碼所指定標記的詳細數據。
Microsoft.ApiManagement/service/tags/apiLinks/*
Microsoft.ApiManagement/service/tags/operationLinks/*
Microsoft.ApiManagement/service/tags/productLinks/*
Microsoft.ApiManagement/service/products/read 列出指定服務實例中的產品集合。 或取得其識別碼所指定產品的詳細數據。
Microsoft.ApiManagement/service/products/apiLinks/*
Microsoft.ApiManagement/service/groups/read 列出服務實例內定義的群組集合。 或取得其識別碼所指定群組的詳細數據。
Microsoft.ApiManagement/service/groups/users/*
Microsoft.ApiManagement/service/read 讀取 API 管理 服務實例的元數據
Microsoft.ApiManagement/service/authorizationServers/read 列出服務實例內定義的授權伺服器集合。 或取得授權伺服器的詳細數據,而不需秘密。
Microsoft.Authorization/*/read 讀取角色和角色指派
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da",
  "name": "d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/users/read",
        "Microsoft.ApiManagement/service/tags/read",
        "Microsoft.ApiManagement/service/tags/apiLinks/*",
        "Microsoft.ApiManagement/service/tags/operationLinks/*",
        "Microsoft.ApiManagement/service/tags/productLinks/*",
        "Microsoft.ApiManagement/service/products/read",
        "Microsoft.ApiManagement/service/products/apiLinks/*",
        "Microsoft.ApiManagement/service/groups/read",
        "Microsoft.ApiManagement/service/groups/users/*",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.ApiManagement/service/authorizationServers/read",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Workspace API Product Manager",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

APIM 工作區 API 開發人員

具備工作區中實體的讀取權限,以及用於編輯 API 之實體的讀取和寫入權限。 此角色應在工作區範圍上指派。

深入了解

動作 描述
Microsoft.ApiManagement/service/workspaces/*/read
Microsoft.ApiManagement/service/workspaces/apis/*
Microsoft.ApiManagement/service/workspaces/apiVersionSets/*
Microsoft.ApiManagement/service/workspaces/policies/*
Microsoft.ApiManagement/service/workspaces/schemas/*
Microsoft.ApiManagement/service/workspaces/products/*
Microsoft.ApiManagement/service/workspaces/policyFragments/*
Microsoft.ApiManagement/service/workspaces/namedValues/*
Microsoft.ApiManagement/service/workspaces/tags/*
Microsoft.ApiManagement/service/workspaces/backends/*
Microsoft.ApiManagement/service/workspaces/certificates/*
Microsoft.ApiManagement/service/workspaces/diagnostics/*
Microsoft.ApiManagement/service/workspaces/loggers/*
Microsoft.Authorization/*/read 讀取角色和角色指派
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Has read access to entities in the workspace and read and write access to entities for editing APIs. This role should be assigned on the workspace scope.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/56328988-075d-4c6a-8766-d93edd6725b6",
  "name": "56328988-075d-4c6a-8766-d93edd6725b6",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/workspaces/*/read",
        "Microsoft.ApiManagement/service/workspaces/apis/*",
        "Microsoft.ApiManagement/service/workspaces/apiVersionSets/*",
        "Microsoft.ApiManagement/service/workspaces/policies/*",
        "Microsoft.ApiManagement/service/workspaces/schemas/*",
        "Microsoft.ApiManagement/service/workspaces/products/*",
        "Microsoft.ApiManagement/service/workspaces/policyFragments/*",
        "Microsoft.ApiManagement/service/workspaces/namedValues/*",
        "Microsoft.ApiManagement/service/workspaces/tags/*",
        "Microsoft.ApiManagement/service/workspaces/backends/*",
        "Microsoft.ApiManagement/service/workspaces/certificates/*",
        "Microsoft.ApiManagement/service/workspaces/diagnostics/*",
        "Microsoft.ApiManagement/service/workspaces/loggers/*",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Workspace API Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

APIM 工作區 API 產品管理員

具備工作區中實體的讀取權限,以及用於發佈 API 之實體的讀取和寫入權限。 此角色應在工作區範圍上指派。

深入了解

動作 描述
Microsoft.ApiManagement/service/workspaces/*/read
Microsoft.ApiManagement/service/workspaces/products/*
Microsoft.ApiManagement/service/workspaces/subscriptions/*
Microsoft.ApiManagement/service/workspaces/groups/*
Microsoft.ApiManagement/service/workspaces/tags/*
Microsoft.ApiManagement/service/workspaces/notifications/*
Microsoft.Authorization/*/read 讀取角色和角色指派
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Has read access to entities in the workspace and read and write access to entities for publishing APIs. This role should be assigned on the workspace scope.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/73c2c328-d004-4c5e-938c-35c6f5679a1f",
  "name": "73c2c328-d004-4c5e-938c-35c6f5679a1f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/workspaces/*/read",
        "Microsoft.ApiManagement/service/workspaces/products/*",
        "Microsoft.ApiManagement/service/workspaces/subscriptions/*",
        "Microsoft.ApiManagement/service/workspaces/groups/*",
        "Microsoft.ApiManagement/service/workspaces/tags/*",
        "Microsoft.ApiManagement/service/workspaces/notifications/*",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Workspace API Product Manager",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

APIM 工作區參與者

可以管理工作區和檢視,但無法修改其成員。 此角色應在工作區範圍上指派。

深入了解

動作 描述
Microsoft.ApiManagement/service/workspaces/*
Microsoft.Authorization/*/read 讀取角色和角色指派
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage the workspace and view, but not modify its members. This role should be assigned on the workspace scope.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/0c34c906-8d99-4cb7-8bb7-33f5b0a1a799",
  "name": "0c34c906-8d99-4cb7-8bb7-33f5b0a1a799",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/workspaces/*",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Workspace Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

APIM 工作區讀者

具備工作區中實體的唯讀權限。 此角色應在工作區範圍上指派。

深入了解

動作 描述
Microsoft.ApiManagement/service/workspaces/*/read
Microsoft.Authorization/*/read 讀取角色和角色指派
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Has read-only access to entities in the workspace. This role should be assigned on the workspace scope.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2",
  "name": "ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/workspaces/*/read",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Workspace Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

應用程式組態 參與者

針對 應用程式組態 資源授與所有管理作業的許可權,但清除除外。

動作 描述
Microsoft.AppConfiguration/*
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
NotActions
Microsoft.AppConfiguration/locations/deletedConfigurationStores/purge/action 清除指定的已刪除組態存放區。
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants permission for all management operations, except purge, for App Configuration resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/fe86443c-f201-4fc4-9d2a-ac61149fbda0",
  "name": "fe86443c-f201-4fc4-9d2a-ac61149fbda0",
  "permissions": [
    {
      "actions": [
        "Microsoft.AppConfiguration/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [
        "Microsoft.AppConfiguration/locations/deletedConfigurationStores/purge/action"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "App Configuration Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

應用程式組態資料擁有者

允許完整存取 應用程式組態 數據。

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.AppConfiguration/configurationStores/*/read
Microsoft.AppConfiguration/configurationStores/*/write
Microsoft.AppConfiguration/configurationStores/*/delete
Microsoft.AppConfiguration/configurationStores/*/action
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows full access to App Configuration data.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
  "name": "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppConfiguration/configurationStores/*/read",
        "Microsoft.AppConfiguration/configurationStores/*/write",
        "Microsoft.AppConfiguration/configurationStores/*/delete",
        "Microsoft.AppConfiguration/configurationStores/*/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "App Configuration Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

應用程式組態資料讀者

允許讀取應用程式組態資料。

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.AppConfiguration/configurationStores/*/read
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read access to App Configuration data.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071",
  "name": "516239f1-63e1-4d78-a4de-a74fb236a071",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppConfiguration/configurationStores/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "App Configuration Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

應用程式組態 讀者

授與 應用程式組態 資源讀取作業的許可權。

動作 描述
Microsoft.AppConfiguration/*/read
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Insights/alertRules/read 讀取傳統計量警示
Microsoft.Resources/deployments/read 取得或列出部署。
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants permission for read operations for App Configuration resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/175b81b9-6e0d-490a-85e4-0d422273c10c",
  "name": "175b81b9-6e0d-490a-85e4-0d422273c10c",
  "permissions": [
    {
      "actions": [
        "Microsoft.AppConfiguration/*/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/read",
        "Microsoft.Resources/deployments/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "App Configuration Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure API 中心合規性管理員

允許在 Azure API 中心服務中管理 API 合規性。

深入了解

動作 描述
Microsoft.ApiCenter/services/*/read
Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/updateAnalysisState/action 更新指定 API 定義的分析結果。
Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action 匯出 API 定義檔。
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows managing API compliance in Azure API Center service.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/ede9aaa3-4627-494e-be13-4aa7c256148d",
  "name": "ede9aaa3-4627-494e-be13-4aa7c256148d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiCenter/services/*/read",
        "Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/updateAnalysisState/action",
        "Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure API Center Compliance Manager",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure API 中心數據讀取器

允許存取 Azure API 中心數據平面讀取作業。

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.ApiCenter/services/*/read
Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action 匯出 API 定義檔。
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for access to Azure API Center data plane read operations.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/c7244dfb-f447-457d-b2ba-3999044d1706",
  "name": "c7244dfb-f447-457d-b2ba-3999044d1706",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.ApiCenter/services/*/read",
        "Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure API Center Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure API 中心服務參與者

允許管理 Azure API 中心服務。

動作 描述
Microsoft.ApiCenter/services/*
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
NotActions
Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/updateAnalysisState/action 更新指定 API 定義的分析結果。
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows managing Azure API Center service.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/dd24193f-ef65-44e5-8a7e-6fa6e03f7713",
  "name": "dd24193f-ef65-44e5-8a7e-6fa6e03f7713",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiCenter/services/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [
        "Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/updateAnalysisState/action"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure API Center Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure API 中心服務讀取器

允許唯讀存取 Azure API 中心服務。

動作 描述
Microsoft.ApiCenter/services/*/read
Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action 匯出 API 定義檔。
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read-only access to Azure API Center service.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/6cba8790-29c5-48e5-bab1-c7541b01cb04",
  "name": "6cba8790-29c5-48e5-bab1-c7541b01cb04",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiCenter/services/*/read",
        "Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure API Center Service Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 轉送接聽程式

允許接聽 Azure 轉播資源的存取權。

動作 描述
Microsoft.Relay/*/wcfRelays/read
Microsoft.Relay/*/hybridConnections/read
NotActions
none
DataActions
Microsoft.Relay/*/listen/action
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for listen access to Azure Relay resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/26e0b698-aa6d-4085-9386-aadae190014d",
  "name": "26e0b698-aa6d-4085-9386-aadae190014d",
  "permissions": [
    {
      "actions": [
        "Microsoft.Relay/*/wcfRelays/read",
        "Microsoft.Relay/*/hybridConnections/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Relay/*/listen/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Relay Listener",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 轉送擁有者

允許完整存取 Azure 轉播資源。

動作 描述
Microsoft.Relay/*
NotActions
none
DataActions
Microsoft.Relay/*
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Relay resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/2787bf04-f1f5-4bfe-8383-c8a24483ee38",
  "name": "2787bf04-f1f5-4bfe-8383-c8a24483ee38",
  "permissions": [
    {
      "actions": [
        "Microsoft.Relay/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Relay/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Relay Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 轉送寄件者

允許傳送對 Azure 轉送資源的存取權。

動作 描述
Microsoft.Relay/*/wcfRelays/read
Microsoft.Relay/*/hybridConnections/read
NotActions
none
DataActions
Microsoft.Relay/*/send/action
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for send access to Azure Relay resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/26baccc8-eea7-41f1-98f4-1762cc7f685d",
  "name": "26baccc8-eea7-41f1-98f4-1762cc7f685d",
  "permissions": [
    {
      "actions": [
        "Microsoft.Relay/*/wcfRelays/read",
        "Microsoft.Relay/*/hybridConnections/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Relay/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Relay Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 資源通知系統主題訂閱者

可讓您針對目前和未來由 Azure 資源通知公開的所有系統主題建立系統主題和事件訂用帳戶

深入了解

動作 描述
Microsoft.ResourceNotifications/systemTopics/subscribeToResources/action 在資源系統主題上執行建立和事件訂用帳戶建立的許可權
Microsoft.ResourceNotifications/systemTopics/subscribeToHealthResources/action 在 HealthResources 系統主題上執行建立和事件訂閱建立的許可權
Microsoft.ResourceNotifications/systemTopics/subscribeToMaintenanceResources/action 在 MaintenanceResources 系統主題上執行建立和事件訂閱建立的許可權
Microsoft.ResourceNotifications/systemTopics/subscribeToComputeResources/action 在 ComputeResources 系統主題上執行建立和事件訂閱建立的許可權
Microsoft.ResourceNotifications/systemTopics/subscribeToComputeScheduleResources/action 在 ComputeScheduleResources 系統主題上執行建立和事件訂閱建立的許可權
Microsoft.EventGrid/eventSubscriptions/write 建立或更新 eventSubscription
Microsoft.EventGrid/systemTopics/eventSubscriptions/write 建立或更新 SystemTopic 事件Subscription
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create system topics and event subscriptions on all system topics exposed currently and in the future by Azure Resource Notifications",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/0b962ed2-6d56-471c-bd5f-3477d83a7ba4",
  "name": "0b962ed2-6d56-471c-bd5f-3477d83a7ba4",
  "permissions": [
    {
      "actions": [
        "Microsoft.ResourceNotifications/systemTopics/subscribeToResources/action",
        "Microsoft.ResourceNotifications/systemTopics/subscribeToHealthResources/action",
        "Microsoft.ResourceNotifications/systemTopics/subscribeToMaintenanceResources/action",
        "Microsoft.ResourceNotifications/systemTopics/subscribeToComputeResources/action",
        "Microsoft.ResourceNotifications/systemTopics/subscribeToComputeScheduleResources/action",
        "Microsoft.EventGrid/eventSubscriptions/write",
        "Microsoft.EventGrid/systemTopics/eventSubscriptions/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Resource Notifications System Topics Subscriber",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 服務匯流排資料擁有者

允許完整存取 Azure 服務匯流排 資源。

深入了解

動作 描述
Microsoft.ServiceBus/*
NotActions
none
DataActions
Microsoft.ServiceBus/*
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Service Bus resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419",
  "name": "090c5cfd-751d-490a-894a-3ce6f1109419",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 服務匯流排 數據接收器

允許接收 Azure 服務匯流排資源。

深入了解

動作 描述
Microsoft.ServiceBus/*/queues/read
Microsoft.ServiceBus/*/topics/read
Microsoft.ServiceBus/*/topics/subscriptions/read
NotActions
none
DataActions
Microsoft.ServiceBus/*/receive/action
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for receive access to Azure Service Bus resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
  "name": "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*/queues/read",
        "Microsoft.ServiceBus/*/topics/read",
        "Microsoft.ServiceBus/*/topics/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 服務匯流排資料傳送者

允許傳送 Azure 服務匯流排資源。

深入了解

動作 描述
Microsoft.ServiceBus/*/queues/read
Microsoft.ServiceBus/*/topics/read
Microsoft.ServiceBus/*/topics/subscriptions/read
NotActions
none
DataActions
Microsoft.ServiceBus/*/send/action
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for send access to Azure Service Bus resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
  "name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*/queues/read",
        "Microsoft.ServiceBus/*/topics/read",
        "Microsoft.ServiceBus/*/topics/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

BizTalk 參與者

可讓您管理 BizTalk 服務,但無法存取它們。

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.BizTalkServices/BizTalk/* 建立和管理 BizTalk 服務
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Support/* 建立和更新支援票證
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage BizTalk services, but not access to them.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/5e3c6656-6cfa-4708-81fe-0de47ac73342",
  "name": "5e3c6656-6cfa-4708-81fe-0de47ac73342",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.BizTalkServices/BizTalk/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "BizTalk Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Chamber Admin

可讓您管理模型化和模擬 Workbench 室下的所有專案。

深入了解

動作 描述
Microsoft.ModSimWorkbench/*/read
Microsoft.ModSimWorkbench/workbenches/chambers/*
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
NotActions
Microsoft.ModSimWorkbench/workbenches/chambers/fileRequests/manage/action manage fileRequests
Microsoft.ModSimWorkbench/workbenches/chambers/connector/setCopyPaste/action
DataActions
Microsoft.ModSimWorkbench/workbenches/chambers/upload/action
Microsoft.ModSimWorkbench/workbenches/chambers/files/*
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything under your Modeling and Simulation Workbench chamber.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/4e9b8407-af2e-495b-ae54-bb60a55b1b5a",
  "name": "4e9b8407-af2e-495b-ae54-bb60a55b1b5a",
  "permissions": [
    {
      "actions": [
        "Microsoft.ModSimWorkbench/*/read",
        "Microsoft.ModSimWorkbench/workbenches/chambers/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [
        "Microsoft.ModSimWorkbench/workbenches/chambers/fileRequests/manage/action",
        "Microsoft.ModSimWorkbench/workbenches/chambers/connector/setCopyPaste/action"
      ],
      "dataActions": [
        "Microsoft.ModSimWorkbench/workbenches/chambers/upload/action",
        "Microsoft.ModSimWorkbench/workbenches/chambers/files/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Chamber Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

室內使用者

可讓您檢視模型化和模擬 Workbench 室下的所有專案,但不會進行任何變更。

深入了解

動作 描述
Microsoft.ModSimWorkbench/workbenches/chambers/*/read
Microsoft.ModSimWorkbench/workbenches/chambers/workloads/*
Microsoft.ModSimWorkbench/workbenches/chambers/getUploadUri/action getUploadUri chambers
Microsoft.ModSimWorkbench/workbenches/chambers/fileRequests/getDownloadUri/action getDownloadUri fileRequests
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
NotActions
none
DataActions
Microsoft.ModSimWorkbench/workbenches/chambers/upload/action
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view everything under your Modeling and Simulation Workbench chamber, but not make any changes.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/4447db05-44ed-4da3-ae60-6cbece780e32",
  "name": "4447db05-44ed-4da3-ae60-6cbece780e32",
  "permissions": [
    {
      "actions": [
        "Microsoft.ModSimWorkbench/workbenches/chambers/*/read",
        "Microsoft.ModSimWorkbench/workbenches/chambers/workloads/*",
        "Microsoft.ModSimWorkbench/workbenches/chambers/getUploadUri/action",
        "Microsoft.ModSimWorkbench/workbenches/chambers/fileRequests/getDownloadUri/action",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ModSimWorkbench/workbenches/chambers/upload/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Chamber User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DeID 批次數據擁有者

建立和管理 DeID 批次作業。 此角色處於預覽狀態,且可能會變更。

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.HealthDataAIServices/DeidServices/Batch/write 建立批次
Microsoft.HealthDataAIServices/DeidServices/Batch/delete 刪除批次
Microsoft.HealthDataAIServices/DeidServices/Batch/read 讀取批次
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and manage DeID batch jobs. This role is in preview and subject to change.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/8a90fa6b-6997-4a07-8a95-30633a7c97b9",
  "name": "8a90fa6b-6997-4a07-8a95-30633a7c97b9",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthDataAIServices/DeidServices/Batch/write",
        "Microsoft.HealthDataAIServices/DeidServices/Batch/delete",
        "Microsoft.HealthDataAIServices/DeidServices/Batch/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "DeID Batch Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DeID 批次數據讀取器

讀取 DeID 批次作業。 此角色處於預覽狀態,且可能會變更。

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.HealthDataAIServices/DeidServices/Batch/read 讀取批次
NotDataActions
Microsoft.HealthDataAIServices/DeidServices/Batch/write 建立批次
Microsoft.HealthDataAIServices/DeidServices/Batch/delete 刪除批次
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read DeID batch jobs. This role is in preview and subject to change.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/b73a14ee-91f5-41b7-bd81-920e12466be9",
  "name": "b73a14ee-91f5-41b7-bd81-920e12466be9",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthDataAIServices/DeidServices/Batch/read"
      ],
      "notDataActions": [
        "Microsoft.HealthDataAIServices/DeidServices/Batch/write",
        "Microsoft.HealthDataAIServices/DeidServices/Batch/delete"
      ]
    }
  ],
  "roleName": "DeID Batch Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DeID 數據擁有者

DeID 數據的完整存取權。 此角色處於預覽狀態,可能會變更

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.HealthDataAIServices/DeidServices/*
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to DeID data. This role is in preview and subject to change",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/78e4b983-1a0b-472e-8b7d-8d770f7c5890",
  "name": "78e4b983-1a0b-472e-8b7d-8d770f7c5890",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthDataAIServices/DeidServices/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "DeID Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DeID 實時數據使用者

對 DeID 即時端點執行要求。 此角色處於預覽狀態,且可能會變更。

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.HealthDataAIServices/DeidServices/Realtime/action 允許存取即時端點
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Execute requests against DeID realtime endpoint. This role is in preview and subject to change.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/bb6577c4-ea0a-40b2-8962-ea18cb8ecd4e",
  "name": "bb6577c4-ea0a-40b2-8962-ea18cb8ecd4e",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthDataAIServices/DeidServices/Realtime/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "DeID Realtime Data User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DICOM 數據擁有者

DICOM 數據的完整存取權。

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.HealthcareApis/workspaces/dicomservices/resources/*
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to DICOM data.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/58a3b984-7adf-4c20-983a-32417c86fbc8",
  "name": "58a3b984-7adf-4c20-983a-32417c86fbc8",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/workspaces/dicomservices/resources/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "DICOM Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DICOM 數據讀取器

讀取和搜尋 DICOM 數據。

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.HealthcareApis/workspaces/dicomservices/resources/read 讀取 DICOM 資源(包括搜尋和變更摘要)。
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read and search DICOM data.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a",
  "name": "e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/workspaces/dicomservices/resources/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "DICOM Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

EventGrid 參與者

可讓您管理 EventGrid 作業。

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.EventGrid/* 建立和管理事件方格資源
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Support/* 建立和更新支援票證
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage EventGrid operations.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de",
  "name": "1e241071-0855-49ea-94dc-649edcd759de",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

EventGrid 數據傳送者

允許傳送事件方格事件的存取權。

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.EventGrid/topics/read 閱讀主題
Microsoft.EventGrid/domains/read 讀取網域
Microsoft.EventGrid/partnerNamespaces/read 讀取夥伴命名空間
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.EventGrid/namespaces/read 讀取命名空間
NotActions
none
DataActions
Microsoft.EventGrid/events/send/action 將事件傳送至主題
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows send access to event grid events.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/d5a91429-5739-47e2-a06b-3470a27159e7",
  "name": "d5a91429-5739-47e2-a06b-3470a27159e7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/topics/read",
        "Microsoft.EventGrid/domains/read",
        "Microsoft.EventGrid/partnerNamespaces/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.EventGrid/namespaces/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventGrid/events/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

EventGrid EventSubscription 參與者

可讓您管理 EventGrid 事件訂用帳戶作業。

深入了解

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.EventGrid/eventSubscriptions/* 建立和管理區域事件訂用帳戶
Microsoft.EventGrid/topicTypes/eventSubscriptions/read 依主題類型列出全域事件訂閱
Microsoft.EventGrid/locations/eventSubscriptions/read 列出區域事件訂用帳戶
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read 依 topictype 列出區域事件訂用帳戶
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Support/* 建立和更新支援票證
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage EventGrid event subscription operations.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
  "name": "428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/eventSubscriptions/*",
        "Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid EventSubscription Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

EventGrid EventSubscription 讀取器

可讓您讀取 EventGrid 事件訂用帳戶。

深入了解

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.EventGrid/eventSubscriptions/read 讀取 eventSubscription
Microsoft.EventGrid/topicTypes/eventSubscriptions/read 依主題類型列出全域事件訂閱
Microsoft.EventGrid/locations/eventSubscriptions/read 列出區域事件訂用帳戶
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read 依 topictype 列出區域事件訂用帳戶
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read EventGrid event subscriptions.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405",
  "name": "2414bbcf-6497-4faf-8c65-045460748405",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/eventSubscriptions/read",
        "Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid EventSubscription Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

EventGrid TopicSpaces Publisher

可讓您在 topicspaces 上發布訊息。

深入了解

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.EventGrid/*/read
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
NotActions
none
DataActions
Microsoft.EventGrid/topicSpaces/publish/action 發佈至主題空間
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you publish messages on topicspaces.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/a12b0b94-b317-4dcd-84a8-502ce99884c6",
  "name": "a12b0b94-b317-4dcd-84a8-502ce99884c6",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventGrid/topicSpaces/publish/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid TopicSpaces Publisher",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

EventGrid TopicSpaces 訂閱者

可讓您訂閱 topicspaces 上的訊息。

深入了解

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.EventGrid/*/read
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
NotActions
none
DataActions
Microsoft.EventGrid/topicSpaces/subscribe/action 訂閱主題空間
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you subscribe messages on topicspaces.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/4b0f2fd7-60b4-4eca-896f-4435034f8bf5",
  "name": "4b0f2fd7-60b4-4eca-896f-4435034f8bf5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventGrid/topicSpaces/subscribe/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid TopicSpaces Subscriber",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

FHIR 數據參與者

角色可讓使用者或主體完整存取 FHIR 數據

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.HealthcareApis/services/fhir/resources/*
Microsoft.HealthcareApis/workspaces/fhirservices/resources/*
NotDataActions
Microsoft.HealthcareApis/services/fhir/resources/smart/action 允許使用者根據SMART on FHIR規格存取FHIR服務。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/smart/action 允許使用者根據SMART on FHIR規格存取FHIR服務。
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal full access to FHIR Data",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/5a1fc7df-4bf1-4951-a576-89034ee01acd",
  "name": "5a1fc7df-4bf1-4951-a576-89034ee01acd",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/*",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/*"
      ],
      "notDataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/smart/action",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/smart/action"
      ]
    }
  ],
  "roleName": "FHIR Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

FHIR 資料轉換器

角色可讓使用者或主體將數據從舊版格式轉換成 FHIR

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.HealthcareApis/services/fhir/resources/convertData/action 資料轉換作業 ($convert-data)
Microsoft.HealthcareApis/workspaces/fhirservices/resources/convertData/action 資料轉換作業 ($convert-data)
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal to convert data from legacy format to FHIR",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
  "name": "a1705bd2-3a8f-45a5-8683-466fcfd5cc24",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/convertData/action",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/convertData/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR Data Converter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

FHIR 數據匯出工具

角色可讓使用者或主體讀取和導出 FHIR 數據

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.HealthcareApis/services/fhir/resources/read 讀取 FHIR 資源(包括搜尋和建立版本記錄)。
Microsoft.HealthcareApis/services/fhir/resources/export/action 匯出作業($export)。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read 讀取 FHIR 資源(包括搜尋和建立版本記錄)。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action 匯出作業($export)。
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal to read and export FHIR Data",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/3db33094-8700-4567-8da5-1501d4e7e843",
  "name": "3db33094-8700-4567-8da5-1501d4e7e843",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/read",
        "Microsoft.HealthcareApis/services/fhir/resources/export/action",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/read",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR Data Exporter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

FHIR 資料匯入工具

角色可讓使用者或主體讀取和匯入 FHIR 數據

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read 讀取 FHIR 資源(包括搜尋和建立版本記錄)。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action 以批次的方式匯入 FHIR 資源。
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal to read and import FHIR Data",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/4465e953-8ced-4406-a58e-0f6e3f3b530b",
  "name": "4465e953-8ced-4406-a58e-0f6e3f3b530b",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/read",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR Data Importer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

FHIR 數據讀取器

角色可讓使用者或主體讀取 FHIR 數據

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.HealthcareApis/services/fhir/resources/read 讀取 FHIR 資源(包括搜尋和建立版本記錄)。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read 讀取 FHIR 資源(包括搜尋和建立版本記錄)。
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal to read FHIR Data",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/4c8d0bbc-75d3-4935-991f-5f3c56d81508",
  "name": "4c8d0bbc-75d3-4935-991f-5f3c56d81508",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/read",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

FHIR 數據寫入器

角色可讓使用者或主體讀取和寫入 FHIR 數據

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.HealthcareApis/services/fhir/resources/read 讀取 FHIR 資源(包括搜尋和建立版本記錄)。
Microsoft.HealthcareApis/services/fhir/resources/write 寫入 FHIR 資源(包括建立和更新)。
Microsoft.HealthcareApis/services/fhir/resources/delete 刪除 FHIR 資源(虛刪除)。
Microsoft.HealthcareApis/services/fhir/resources/export/action 匯出作業($export)。
Microsoft.HealthcareApis/services/fhir/resources/resourceValidate/action 驗證作業 ($validate)。
Microsoft.HealthcareApis/services/fhir/resources/reindex/action 允許使用者執行 Reindex 作業,以編製尚未編製索引的任何搜尋參數的索引。
Microsoft.HealthcareApis/services/fhir/resources/convertData/action 資料轉換作業 ($convert-data)
Microsoft.HealthcareApis/services/fhir/resources/editProfileDefinitions/action 允許使用者在配置檔資源上執行建立更新刪除作業。
Microsoft.HealthcareApis/services/fhir/resources/import/action 以批次的方式匯入 FHIR 資源。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read 讀取 FHIR 資源(包括搜尋和建立版本記錄)。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/write 寫入 FHIR 資源(包括建立和更新)。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/delete 刪除 FHIR 資源(虛刪除)。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action 匯出作業($export)。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/resourceValidate/action 驗證作業 ($validate)。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/reindex/action 允許使用者執行 Reindex 作業,以編製尚未編製索引的任何搜尋參數的索引。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/convertData/action 資料轉換作業 ($convert-data)
Microsoft.HealthcareApis/workspaces/fhirservices/resources/editProfileDefinitions/action 允許使用者在配置檔資源上執行建立更新刪除作業。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action 以批次的方式匯入 FHIR 資源。
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal to read and write FHIR Data",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/3f88fce4-5892-4214-ae73-ba5294559913",
  "name": "3f88fce4-5892-4214-ae73-ba5294559913",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/read",
        "Microsoft.HealthcareApis/services/fhir/resources/write",
        "Microsoft.HealthcareApis/services/fhir/resources/delete",
        "Microsoft.HealthcareApis/services/fhir/resources/export/action",
        "Microsoft.HealthcareApis/services/fhir/resources/resourceValidate/action",
        "Microsoft.HealthcareApis/services/fhir/resources/reindex/action",
        "Microsoft.HealthcareApis/services/fhir/resources/convertData/action",
        "Microsoft.HealthcareApis/services/fhir/resources/editProfileDefinitions/action",
        "Microsoft.HealthcareApis/services/fhir/resources/import/action",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/read",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/write",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/delete",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/resourceValidate/action",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/reindex/action",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/convertData/action",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/editProfileDefinitions/action",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR Data Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

FHIR SMART 使用者

角色可讓用戶根據SMART on FHIR規格存取FHIR服務

深入了解

動作 描述
none
NotActions
none
DataActions
Microsoft.HealthcareApis/services/fhir/resources/read 讀取 FHIR 資源(包括搜尋和建立版本記錄)。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read 讀取 FHIR 資源(包括搜尋和建立版本記錄)。
Microsoft.HealthcareApis/services/fhir/resources/smart/action 允許使用者根據SMART on FHIR規格存取FHIR服務。
Microsoft.HealthcareApis/workspaces/fhirservices/resources/smart/action 允許使用者根據SMART on FHIR規格存取FHIR服務。
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user to access FHIR Service according to SMART on FHIR specification",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/4ba50f17-9666-485c-a643-ff00808643f0",
  "name": "4ba50f17-9666-485c-a643-ff00808643f0",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/read",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/read",
        "Microsoft.HealthcareApis/services/fhir/resources/smart/action",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/smart/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR SMART User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Integration Service 環境參與者

可讓您管理整合服務環境,但無法存取它們。

深入了解

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Support/* 建立和更新支援票證
Microsoft.Logic/integrationServiceEnvironments/*
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage integration service environments, but not access to them.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/a41e2c5b-bd99-4a07-88f4-9bf657a760b8",
  "name": "a41e2c5b-bd99-4a07-88f4-9bf657a760b8",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*",
        "Microsoft.Logic/integrationServiceEnvironments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Integration Service Environment Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Integration Service Environment Developer

可讓開發人員在整合服務環境中建立和更新工作流程、整合帳戶和 API 連線。

深入了解

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Support/* 建立和更新支援票證
Microsoft.Logic/integrationServiceEnvironments/read 讀取整合服務環境。
Microsoft.Logic/integrationServiceEnvironments/*/join/action
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows developers to create and update workflows, integration accounts and API connections in integration service environments.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/c7aa55d3-1abb-444a-a5ca-5e51e485d6ec",
  "name": "c7aa55d3-1abb-444a-a5ca-5e51e485d6ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*",
        "Microsoft.Logic/integrationServiceEnvironments/read",
        "Microsoft.Logic/integrationServiceEnvironments/*/join/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Integration Service Environment Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

智慧型系統帳戶參與者

可讓您管理智慧型手機系統帳戶,但無法存取它們。

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.IntelligentSystems/accounts/* 建立和管理智慧型手機系統帳戶
Microsoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Support/* 建立和更新支援票證
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Intelligent Systems accounts, but not access to them.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e",
  "name": "03a6d094-3444-4b3d-88af-7477090a9e5e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.IntelligentSystems/accounts/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Intelligent Systems Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

邏輯應用程式參與者

可讓您管理邏輯應用程式,但無法變更其存取權。

深入了解

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.ClassicStorage/storageAccounts/listKeys/action 列出記憶體帳戶的存取金鑰。
Microsoft.ClassicStorage/storageAccounts/read 傳回具有指定帳戶的記憶體帳戶。
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.Insights/metricAlerts/*
Microsoft.Insights/diagnosticSettings/* 建立、更新或讀取 Analysis Server 的診斷設定
Microsoft.Insights/logdefinitions/* 需要透過入口網站存取活動記錄的使用者,需要此權限。 列出活動記錄中的記錄類別。
Microsoft.Insights/metricDefinitions/* 讀取計量定義 (資源的可用指標類型清單)。
Microsoft.Logic/* 管理 Logic Apps 資源。
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Storage/storageAccounts/listkeys/action 傳回指定儲存體帳戶的存取金鑰。
Microsoft.Storage/storageAccounts/read 傳回儲存體帳戶的清單,或取得指定之儲存體帳戶的屬性。
Microsoft.Support/* 建立和更新支援票證
Microsoft.Web/connectionGateways/* 建立和管理連線閘道。
Microsoft.Web/connections/* 建立和管理連線。
Microsoft.Web/customApis/* 建立和管理自定義 API。
Microsoft.Web/serverFarms/join/action 加入 App Service 方案
Microsoft.Web/serverFarms/read 取得 App Service 方案上的屬性
Microsoft.Web/sites/functions/listSecrets/action 列出函式秘密。
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage logic app, but not access to them.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e",
  "name": "87a39d53-fc1b-424a-814c-f7e04687dc9e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.ClassicStorage/storageAccounts/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metricAlerts/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logdefinitions/*",
        "Microsoft.Insights/metricDefinitions/*",
        "Microsoft.Logic/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/listkeys/action",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*",
        "Microsoft.Web/connectionGateways/*",
        "Microsoft.Web/connections/*",
        "Microsoft.Web/customApis/*",
        "Microsoft.Web/serverFarms/join/action",
        "Microsoft.Web/serverFarms/read",
        "Microsoft.Web/sites/functions/listSecrets/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Logic App Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

邏輯應用程式操作員

可讓您讀取、啟用和停用邏輯應用程式,但無法編輯或更新邏輯應用程式。

深入了解

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Insights/alertRules/*/read 讀取深入解析警示規則
Microsoft.Insights/metricAlerts/*/read
Microsoft.Insights/diagnosticSettings/*/read 取得 Logic Apps 的診斷設定
Microsoft.Insights/metricDefinitions/*/read 取得 Logic Apps 的可用計量。
Microsoft.Logic/*/read 讀取 Logic Apps 資源。
Microsoft.Logic/workflows/disable/action 停用工作流程。
Microsoft.Logic/workflows/enable/action 啟用工作流程。
Microsoft.Logic/workflows/validate/action 驗證工作流程。
Microsoft.Resources/deployments/operations/read 取得或列出部署作業。
Microsoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Support/* 建立和更新支援票證
Microsoft.Web/connectionGateways/*/read 讀取連線閘道。
Microsoft.Web/connections/*/read 讀取連線。
Microsoft.Web/customApis/*/read 讀取自定義 API。
Microsoft.Web/serverFarms/read 取得 App Service 方案上的屬性
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read, enable and disable logic app.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
  "name": "515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*/read",
        "Microsoft.Insights/metricAlerts/*/read",
        "Microsoft.Insights/diagnosticSettings/*/read",
        "Microsoft.Insights/metricDefinitions/*/read",
        "Microsoft.Logic/*/read",
        "Microsoft.Logic/workflows/disable/action",
        "Microsoft.Logic/workflows/enable/action",
        "Microsoft.Logic/workflows/validate/action",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/connectionGateways/*/read",
        "Microsoft.Web/connections/*/read",
        "Microsoft.Web/customApis/*/read",
        "Microsoft.Web/serverFarms/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Logic App Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Logic Apps 標準參與者 (預覽)

您可以管理標準邏輯應用程式和工作流程的所有層面。 您無法變更存取權或擁有權。

深入了解

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.Resources/deployments/operations/read 取得或列出部署作業。
Microsoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Support/* 建立和更新支援票證
Microsoft.Web/*/read
Microsoft.Web/certificates/* 建立和管理憑證。
Microsoft.Web/connectionGateways/* 建立和管理連線閘道。
Microsoft.Web/connections/* 建立和管理連線。
Microsoft.Web/customApis/* 建立和管理自定義 API。
Microsoft.Web/serverFarms/* 建立和管理 App Service 方案。
Microsoft.Web/sites/* 建立和管理 Web 應用程式。
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "You can manage all aspects of a Standard logic app and workflows. You can't change access or ownership.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/ad710c24-b039-4e85-a019-deb4a06e8570",
  "name": "ad710c24-b039-4e85-a019-deb4a06e8570",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/*/read",
        "Microsoft.Web/certificates/*",
        "Microsoft.Web/connectionGateways/*",
        "Microsoft.Web/connections/*",
        "Microsoft.Web/customApis/*",
        "Microsoft.Web/serverFarms/*",
        "Microsoft.Web/sites/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Logic Apps Standard Contributor (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Logic Apps 標準開發人員 (預覽)

您可以建立和編輯標準邏輯應用程式的工作流程、連線和設定。 您無法在工作流程範圍之外進行變更。

深入了解

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.Resources/deployments/operations/read 取得或列出部署作業。
Microsoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Support/* 建立和更新支援票證
Microsoft.Web/*/read
Microsoft.Web/connections/* 建立和管理連線。
Microsoft.Web/customApis/* 建立和管理自定義 API。
Microsoft.Web/sites/config/list/Action 列出 Web 應用程式的安全性機密設定,例如發佈認證、應用程式設定和連接字串
microsoft.web/sites/config/Write 更新 Web 應用程式的組態設定
microsoft.web/sites/config/web/appsettings/delete 刪除 Web Apps 應用程式設定
microsoft.web/sites/config/web/appsettings/write 建立或更新 Web 應用程式單一應用程式設定
microsoft.web/sites/deployWorkflowArtifacts/action 在邏輯應用程式中建立成品。
microsoft.web/sites/hostruntime/* 取得或列出 Web 應用程式或函式應用程式的 hostruntime 成品。
microsoft.web/sites/listworkflowsconnections/action 依邏輯應用程式中的標識碼列出邏輯應用程式的連線。
Microsoft.Web/sites/publish/Action 發佈 Web 應用程式
microsoft.web/sites/slots/config/appsettings/write 建立或更新 Web 應用程式位置的單一應用程式設定
Microsoft.Web/sites/slots/config/list/Action 列出 Web 應用程式位置的安全性機密設定,例如發佈認證、應用程式設定和連接字串
microsoft.web/sites/slots/config/web/appsettings/delete 刪除 Web 應用程式位置的應用程式設定
microsoft.web/sites/slots/deployWorkflowArtifacts/action 在邏輯應用程式中的部署位置中建立成品。
microsoft.web/sites/slots/listworkflowsconnections/action 依邏輯應用程式部署位置中的識別碼,列出邏輯應用程式的連線。
Microsoft.Web/sites/slots/publish/Action 發佈 Web 應用程式位置
microsoft.web/sites/workflows/*
microsoft.web/sites/workflowsconfiguration/*
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "You can create and edit workflows, connections, and settings for a Standard logic app. You can't make changes outside the workflow scope.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/523776ba-4eb2-4600-a3c8-f2dc93da4bdb",
  "name": "523776ba-4eb2-4600-a3c8-f2dc93da4bdb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/*/read",
        "Microsoft.Web/connections/*",
        "Microsoft.Web/customApis/*",
        "Microsoft.Web/sites/config/list/Action",
        "microsoft.web/sites/config/Write",
        "microsoft.web/sites/config/web/appsettings/delete",
        "microsoft.web/sites/config/web/appsettings/write",
        "microsoft.web/sites/deployWorkflowArtifacts/action",
        "microsoft.web/sites/hostruntime/*",
        "microsoft.web/sites/listworkflowsconnections/action",
        "Microsoft.Web/sites/publish/Action",
        "microsoft.web/sites/slots/config/appsettings/write",
        "Microsoft.Web/sites/slots/config/list/Action",
        "microsoft.web/sites/slots/config/web/appsettings/delete",
        "microsoft.web/sites/slots/deployWorkflowArtifacts/action",
        "microsoft.web/sites/slots/listworkflowsconnections/action",
        "Microsoft.Web/sites/slots/publish/Action",
        "microsoft.web/sites/workflows/*",
        "microsoft.web/sites/workflowsconfiguration/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Logic Apps Standard Developer (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Logic Apps 標準操作員 (預覽)

您可以啟用和停用邏輯應用程式、重新提交工作流程執行,以及建立連線。 您無法編輯工作流程或設定。

深入了解

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.Resources/deployments/operations/read 取得或列出部署作業。
Microsoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Support/* 建立和更新支援票證
Microsoft.Web/*/read
Microsoft.Web/sites/applySlotConfig/Action 將 Web 應用程式位置設定從目標位置套用至目前的 Web 應用程式
microsoft.web/sites/hostruntime/* 取得或列出 Web 應用程式或函式應用程式的 hostruntime 成品。
Microsoft.Web/sites/restart/Action 重新啟動 Web 應用程式
Microsoft.Web/sites/slots/restart/Action 重新啟動 Web 應用程式位置
Microsoft.Web/sites/slots/slotsswap/Action 交換 Web 應用程式部署位置
Microsoft.Web/sites/slots/start/Action 啟動 Web 應用程式位置
Microsoft.Web/sites/slots/stop/Action 停止 Web 應用程式位置
Microsoft.Web/sites/slotsdiffs/Action 取得 Web 應用程式和位置之間的設定差異
Microsoft.Web/sites/slotsswap/Action 交換 Web 應用程式部署位置
Microsoft.Web/sites/start/Action 啟動 Web 應用程式
Microsoft.Web/sites/stop/Action 停止 Web 應用程式
Microsoft.Web/sites/write 建立新的 Web 應用程式,或更新現有 Web 應用程式
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "You can enable and disable the logic app, resubmit workflow runs, as well as create connections. You can't edit workflows or settings.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/b70c96e9-66fe-4c09-b6e7-c98e69c98555",
  "name": "b70c96e9-66fe-4c09-b6e7-c98e69c98555",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/*/read",
        "Microsoft.Web/sites/applySlotConfig/Action",
        "microsoft.web/sites/hostruntime/*",
        "Microsoft.Web/sites/restart/Action",
        "Microsoft.Web/sites/slots/restart/Action",
        "Microsoft.Web/sites/slots/slotsswap/Action",
        "Microsoft.Web/sites/slots/start/Action",
        "Microsoft.Web/sites/slots/stop/Action",
        "Microsoft.Web/sites/slotsdiffs/Action",
        "Microsoft.Web/sites/slotsswap/Action",
        "Microsoft.Web/sites/start/Action",
        "Microsoft.Web/sites/stop/Action",
        "Microsoft.Web/sites/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Logic Apps Standard Operator (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Logic Apps 標準讀取者 (預覽)

您有標準邏輯應用程式和工作流程中所有資源的唯讀存取權,包括工作流程執行及其歷程記錄。

深入了解

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.Resources/deployments/operations/read 取得或列出部署作業。
Microsoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Support/* 建立和更新支援票證
Microsoft.Web/*/read
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "You have read-only access to all resources in a Standard logic app and workflows, including the workflow runs and their history.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/4accf36b-2c05-432f-91c8-5c532dff4c73",
  "name": "4accf36b-2c05-432f-91c8-5c532dff4c73",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Logic Apps Standard Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

排程器作業集合參與者

可讓您管理排程器工作集合,但無法存取它們。

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Insights/alertRules/* 建立和管理傳統計量警示
Microsoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Scheduler/jobcollections/* 建立和管理作業集合
Microsoft.Support/* 建立和更新支援票證
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Scheduler job collections, but not access to them.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/188a0f2f-5c9e-469b-ae67-2aa5ce574b94",
  "name": "188a0f2f-5c9e-469b-ae67-2aa5ce574b94",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Scheduler/jobcollections/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Scheduler Job Collections Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Services Hub 操作員

Services Hub 操作員可讓您執行與 Services Hub 連接器相關的所有讀取、寫入和刪除作業。

深入了解

動作 描述
Microsoft.Authorization/*/read 讀取角色和角色指派
Microsoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。
Microsoft.Resources/deployments/* 建立和管理部署
Microsoft.ServicesHub/connectors/write 建立或更新 Services Hub 連接器
Microsoft.ServicesHub/connectors/read 檢視或列出Services Hub 連接器
Microsoft.ServicesHub/connectors/delete 刪除 Services Hub 連接器
Microsoft.ServicesHub/connectors/checkAssessmentEntitlement/action 列出指定 Services Hub 工作區的評定權利
Microsoft.ServicesHub/supportOfferingEntitlement/read 檢視給定 Services Hub 工作區的支持供應項目權利
Microsoft.ServicesHub/workspaces/read 列出指定使用者的 Services Hub 工作區
NotActions
none
DataActions
none
NotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/82200a5b-e217-47a5-b665-6d8765ee745b",
  "name": "82200a5b-e217-47a5-b665-6d8765ee745b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.ServicesHub/connectors/write",
        "Microsoft.ServicesHub/connectors/read",
        "Microsoft.ServicesHub/connectors/delete",
        "Microsoft.ServicesHub/connectors/checkAssessmentEntitlement/action",
        "Microsoft.ServicesHub/supportOfferingEntitlement/read",
        "Microsoft.ServicesHub/workspaces/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Services Hub Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

下一步