記憶體的 Azure 內建角色
本文列出記憶體類別中的 Azure 內建角色。
Avere 參與者
可建立及管理 Avere vFXT 叢集。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Compute/*/read | |
Microsoft.Compute/availabilitySets/* | |
Microsoft.Compute/proximityPlacementGroups/* | |
Microsoft.Compute/virtualMachines/* | |
Microsoft.Compute/disks/* | |
Microsoft.Network/*/read | |
Microsoft.Network/networkInterfaces/* | |
Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
Microsoft.Network/virtualNetworks/subnets/read | 取得虛擬網路子網路定義 |
Microsoft.Network/virtualNetworks/subnets/join/action | 加入虛擬網路。 不可警示。 |
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。 不可警示。 |
Microsoft.Network/networkSecurityGroups/join/action | 加入網路安全性群組。 不可警示。 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Storage/*/read | |
Microsoft.Storage/storageAccounts/* | 建立及管理儲存體帳戶 |
Microsoft.Support/* | 建立和更新支援票證 |
Microsoft.Resources/subscriptions/resourceGroups/resources/read | 取得資源群組的資源。 |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete | 傳回刪除 Blob 的結果 |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read | 傳回 Blob 或 Blob 清單 |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write | 傳回寫入 Blob 的結果 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Can create and manage an Avere vFXT cluster.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/proximityPlacementGroups/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/disks/*",
"Microsoft.Network/*/read",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/*/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*",
"Microsoft.Resources/subscriptions/resourceGroups/resources/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Avere 操作員
Avere vFXT 叢集用以管理叢集
動作 | 描述 |
---|---|
Microsoft.Compute/virtualMachines/read | 取得虛擬機器的屬性 |
Microsoft.Network/networkInterfaces/read | 取得網路介面定義。 |
Microsoft.Network/networkInterfaces/write | 建立網路介面或更新現有的網路介面。 |
Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
Microsoft.Network/virtualNetworks/subnets/read | 取得虛擬網路子網路定義 |
Microsoft.Network/virtualNetworks/subnets/join/action | 加入虛擬網路。 不可警示。 |
Microsoft.Network/networkSecurityGroups/join/action | 加入網路安全性群組。 不可警示。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Storage/storageAccounts/blobServices/containers/delete | 傳回刪除容器的結果 |
Microsoft.Storage/storageAccounts/blobServices/containers/read | 傳回容器清單 |
Microsoft.Storage/storageAccounts/blobServices/containers/write | 傳回放置 Blob 容器的結果 |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete | 傳回刪除 Blob 的結果 |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read | 傳回 Blob 或 Blob 清單 |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write | 傳回寫入 Blob 的結果 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Used by the Avere vFXT cluster to manage the cluster",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"permissions": [
{
"actions": [
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
備份參與者
讓您可管理備份服務,但無法建立保存庫以及提供其他人存取權
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
Microsoft.RecoveryServices/locations/* | |
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* | 管理備份管理作業的結果 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* | 在復原服務保存庫的備份網狀架構內建立和管理備份容器 |
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action | 重新整理容器清單 |
Microsoft.RecoveryServices/Vaults/backupJobs/* | 建立和管理備份作業 |
Microsoft.RecoveryServices/Vaults/backupJobsExport/action | 匯出作業 |
Microsoft.RecoveryServices/Vaults/backupOperationResults/* | 建立和管理備份管理作業的結果 |
Microsoft.RecoveryServices/Vaults/backupPolicies/* | 建立和管理備份原則 |
Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | 建立和管理可備份的專案 |
Microsoft.RecoveryServices/Vaults/backupProtectedItems/* | 建立和管理備份的專案 |
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* | 建立和管理保存備份專案的容器 |
Microsoft.RecoveryServices/Vaults/backupSecurityPIN/* | |
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read | 傳回復原服務的受保護專案和受保護伺服器的摘要。 |
Microsoft.RecoveryServices/Vaults/certificates/* | 在復原服務保存庫中建立和管理與備份相關的憑證 |
Microsoft.RecoveryServices/Vaults/extendedInformation/* | 建立和管理與保存庫相關的擴充資訊 |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/read | 取得復原服務保存庫的警示。 |
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
Microsoft.RecoveryServices/Vaults/read | Get Vault 作業會取得代表 『vault』 類型的 Azure 資源的物件 |
Microsoft.RecoveryServices/Vaults/registeredIdentities/* | 建立和管理已註冊的身分識別 |
Microsoft.RecoveryServices/Vaults/usages/* | 建立和管理復原服務保存庫的使用方式 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Storage/storageAccounts/read | 傳回儲存體帳戶的清單,或取得指定之儲存體帳戶的屬性。 |
Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
Microsoft.RecoveryServices/Vaults/backupconfig/* | |
Microsoft.RecoveryServices/Vaults/backupValidateOperation/action | 驗證受保護專案上的作業 |
Microsoft.RecoveryServices/Vaults/write | 建立保存庫作業會建立類型為 『vault』 的 Azure 資源 |
Microsoft.RecoveryServices/Vaults/backupOperations/read | 傳回復原服務保存庫的備份作業狀態。 |
Microsoft.RecoveryServices/Vaults/backupEngines/read | 傳回向保存庫註冊的所有備份管理伺服器。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/* | |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read | 取得所有可保護的容器 |
Microsoft.RecoveryServices/vaults/operationStatus/read | 取得指定作業的作業狀態 |
Microsoft.RecoveryServices/vaults/operationResults/read | 取得作業結果作業可用來取得異步送出作業的作業狀態和結果 |
Microsoft.RecoveryServices/locations/backupStatus/action | 檢查復原服務保存庫的備份狀態 |
Microsoft.RecoveryServices/locations/backupPreValidateProtection/action | |
Microsoft.RecoveryServices/locations/backupValidateFeatures/action | 驗證功能 |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/write | 解決警示。 |
Microsoft.RecoveryServices/operations/read | 作業會傳回資源提供者的作業清單 |
Microsoft.RecoveryServices/locations/operationStatus/read | 取得指定作業的作業狀態 |
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read | 列出所有備份保護意圖 |
Microsoft.Support/* | 建立和更新支援票證 |
Microsoft.DataProtection/locations/getBackupStatus/action | 檢查復原服務保存庫的備份狀態 |
Microsoft.DataProtection/backupVaults/backupInstances/write | 建立備份實例 |
Microsoft.DataProtection/backupVaults/backupInstances/delete | 刪除備份實例 |
Microsoft.DataProtection/backupVaults/backupInstances/read | 傳回所有備份實例 |
Microsoft.DataProtection/backupVaults/backupInstances/read | 傳回所有備份實例 |
Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | 列出備份保存庫中虛刪除的備份實例。 |
Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action | 執行虛刪除備份實例的取消刪除。 備份實例會從SoftDelet移至 ProtectionStopped 狀態。 |
Microsoft.DataProtection/backupVaults/backupInstances/backup/action | 在備份實例上執行備份 |
Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action | 驗證備份實例的還原 |
Microsoft.DataProtection/backupVaults/backupInstances/restore/action | 觸發備份實例上的還原 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action | 在指定的備份實例上觸發跨區域還原作業。 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action | 執行跨區域還原作業的驗證。 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | 從次要區域列出備份實例的跨區域還原作業。 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | 從次要區域取得跨區域還原作業詳細數據。 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | 針對已啟用跨區域還原的備份保存庫,從次要區域傳回恢復點。 |
Microsoft.DataProtection/backupVaults/backupPolicies/write | 建立備份原則 |
Microsoft.DataProtection/backupVaults/backupPolicies/delete | 刪除備份原則 |
Microsoft.DataProtection/backupVaults/backupPolicies/read | 傳回所有備份原則 |
Microsoft.DataProtection/backupVaults/backupPolicies/read | 傳回所有備份原則 |
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | 傳回所有恢復點 |
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | 傳回所有恢復點 |
Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action | 尋找可還原的時間範圍 |
Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read | 傳回備份保存庫的備份作業結果。 |
Microsoft.DataProtection/backupVaults/write | 更新BackupVault作業會更新類型為 『Backup Vault』 的 Azure 資源 |
Microsoft.DataProtection/backupVaults/read | 取得資源群組中的備份保存庫清單 |
Microsoft.DataProtection/backupVaults/operationResults/read | 取得備份保存庫修補作業的作業結果 |
Microsoft.DataProtection/backupVaults/operationStatus/read | 傳回備份保存庫的備份作業狀態。 |
Microsoft.DataProtection/locations/checkNameAvailability/action | 檢查要求的BackupVault名稱是否可用 |
Microsoft.DataProtection/locations/checkFeatureSupport/action | 驗證是否支援功能 |
Microsoft.DataProtection/backupVaults/read | 取得資源群組中的備份保存庫清單 |
Microsoft.DataProtection/backupVaults/read | 取得資源群組中的備份保存庫清單 |
Microsoft.DataProtection/locations/operationStatus/read | 傳回備份保存庫的備份作業狀態。 |
Microsoft.DataProtection/locations/operationResults/read | 傳回備份保存庫的備份作業結果。 |
Microsoft.DataProtection/backupVaults/validateForBackup/action | 驗證備份實例的備份 |
Microsoft.DataProtection/operations/read | 作業會傳回資源提供者的作業清單 |
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete | 刪除 ResourceGuard Proxy 作業會刪除類型為 'ResourceGuard Proxy' 的指定 Azure 資源 |
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read | 取得資源的 ResourceGuard Proxy 清單 |
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action | 解除鎖定刪除 ResourceGuard Proxy 作業會解除鎖定下一個刪除關鍵作業 |
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write | 建立 ResourceGuard Proxy 作業會建立類型為 'ResourceGuard Proxy' 的 Azure 資源 |
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read | 取得 ResourceGuard Proxy 作業會取得代表類型為 'ResourceGuard Proxy' 的 Azure 資源的物件 |
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write | 建立 ResourceGuard Proxy 作業會建立類型為 'ResourceGuard Proxy' 的 Azure 資源 |
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete | 刪除 ResourceGuard Proxy 作業會刪除類型為 'ResourceGuard Proxy' 的指定 Azure 資源 |
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action | 解除鎖定刪除 ResourceGuard Proxy 作業會解除鎖定下一個刪除關鍵作業 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backups, but can't delete vaults and give access to others",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
"name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/*",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/*",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/Vaults/usages/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/vaults/operationStatus/read",
"Microsoft.RecoveryServices/vaults/operationResults/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*",
"Microsoft.DataProtection/locations/getBackupStatus/action",
"Microsoft.DataProtection/backupVaults/backupInstances/write",
"Microsoft.DataProtection/backupVaults/backupInstances/delete",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/read",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action",
"Microsoft.DataProtection/backupVaults/backupInstances/backup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action",
"Microsoft.DataProtection/backupVaults/backupInstances/restore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action",
"Microsoft.DataProtection/backupVaults/backupPolicies/write",
"Microsoft.DataProtection/backupVaults/backupPolicies/delete",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
"Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read",
"Microsoft.DataProtection/backupVaults/write",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/operationResults/read",
"Microsoft.DataProtection/backupVaults/operationStatus/read",
"Microsoft.DataProtection/locations/checkNameAvailability/action",
"Microsoft.DataProtection/locations/checkFeatureSupport/action",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/backupVaults/validateForBackup/action",
"Microsoft.DataProtection/operations/read",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
備份 MUA 管理員
備份 MultiUser-Authorization。 可以建立/刪除 ResourceGuard
動作 | 描述 |
---|---|
Microsoft.DataProtection/*/read | |
Microsoft.DataProtection/*/resourceGuards/write | |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write | 更新 ResourceGuard 作業會更新類型為 'ResourceGuard' 的 Azure 資源 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/delete | 刪除 ResourceGuard 作業會刪除類型為 'ResourceGuard' 的指定 Azure 資源 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read | 取得資源群組中的 ResourceGuards 清單 |
Microsoft.DataProtection/locations/operationResults/read | 傳回備份保存庫的備份作業結果。 |
Microsoft.DataProtection/locations/operationStatus/read | 傳回備份保存庫的備份作業狀態。 |
Microsoft.DataProtection/locations/getBackupStatus/action | 檢查復原服務保存庫的備份狀態 |
Microsoft.DataProtection/locations/checkFeatureSupport/action | 驗證是否支援功能 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/operationStatus/read | 傳回備份保存庫的備份作業狀態。 |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Features/features/read | 取得訂用帳戶的功能。 |
Microsoft.Features/providers/features/read | 取得指定資源提供者中訂用帳戶的功能。 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/operations/read | 取得或列出部署作業。 |
Microsoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。 |
Microsoft.Resources/subscriptions/read | 取得訂用帳戶的清單。 |
Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read | 取得 ResourceGuard Proxy 作業會取得代表類型為 'ResourceGuard Proxy' 的 Azure 資源的物件 |
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write | 建立 ResourceGuard Proxy 作業會建立類型為 'ResourceGuard Proxy' 的 Azure 資源 |
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete | 刪除 ResourceGuard Proxy 作業會刪除類型為 'ResourceGuard Proxy' 的指定 Azure 資源 |
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action | 解除鎖定刪除 ResourceGuard Proxy 作業會解除鎖定下一個刪除關鍵作業 |
Microsoft.DataProtection/subscriptions/providers/resourceGuards/read | 取得訂用帳戶中的 ResourceGuards 清單 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read | 取得 ResourceGuard 預設作業要求資訊 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Backup MultiUser-Authorization. Can create/delete ResourceGuard ",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c2a970b4-16a7-4a51-8c84-8a8ea6ee0bb8",
"name": "c2a970b4-16a7-4a51-8c84-8a8ea6ee0bb8",
"permissions": [
{
"actions": [
"Microsoft.DataProtection/*/read",
"Microsoft.DataProtection/*/resourceGuards/write",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/delete",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/getBackupStatus/action",
"Microsoft.DataProtection/locations/checkFeatureSupport/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/operationStatus/read",
"Microsoft.Authorization/*/read",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action",
"Microsoft.DataProtection/subscriptions/providers/resourceGuards/read",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup MUA Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
備份 MUA 運算子
備份 MultiUser-Authorization。 允許使用者執行由 resourceguard 保護的重要作業
動作 | 描述 |
---|---|
Microsoft.DataProtection/*/action | |
Microsoft.DataProtection/*/read | |
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Backup MultiUser-Authorization. Allows user to perform critical operation protected by resourceguard",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f54b6d04-23c6-443e-b462-9c16ab7b4a52",
"name": "f54b6d04-23c6-443e-b462-9c16ab7b4a52",
"permissions": [
{
"actions": [
"Microsoft.DataProtection/*/action",
"Microsoft.DataProtection/*/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup MUA Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
備份操作員
讓您可管理備份服務,但移除備份、建立保存庫以及提供其他人存取權除外
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Network/virtualNetworks/read | 取得虛擬網路定義 |
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read | 傳回作業的狀態 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read | 取得在保護容器上執行的作業結果。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action | 執行受保護項目的備份。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read | 取得在受保護項目上執行的作業結果。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read | 傳回在受保護項目上執行的作業狀態。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | 傳回受保護項目的物件詳細數據 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action | 布建受保護專案的立即項目復原 |
Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action | 取得跨區域還原的AccessToken。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | 取得受保護項目的恢復點。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action | 還原受保護項目的恢復點。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action | 撤銷受保護專案的立即項目復原 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write | 建立備份受保護的專案 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read | 傳回所有已註冊的容器 |
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action | 重新整理容器清單 |
Microsoft.RecoveryServices/Vaults/backupJobs/* | 建立和管理備份作業 |
Microsoft.RecoveryServices/Vaults/backupJobsExport/action | 匯出作業 |
Microsoft.RecoveryServices/Vaults/backupOperationResults/* | 建立和管理備份管理作業的結果 |
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read | 取得原則作業的結果。 |
Microsoft.RecoveryServices/Vaults/backupPolicies/read | 傳回所有保護原則 |
Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | 建立和管理可備份的專案 |
Microsoft.RecoveryServices/Vaults/backupProtectedItems/read | 傳回所有受保護項目的清單。 |
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read | 傳回屬於訂用帳戶的所有容器 |
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read | 傳回復原服務的受保護專案和受保護伺服器的摘要。 |
Microsoft.RecoveryServices/Vaults/certificates/write | 更新資源憑證作業會更新資源/保存庫認證憑證。 |
Microsoft.RecoveryServices/Vaults/extendedInformation/read | 取得擴充資訊作業會取得對象的擴充資訊,代表類型為 ?vault 的 Azure 資源? |
Microsoft.RecoveryServices/Vaults/extendedInformation/write | 取得擴充資訊作業會取得對象的擴充資訊,代表類型為 ?vault 的 Azure 資源? |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/read | 取得復原服務保存庫的警示。 |
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
Microsoft.RecoveryServices/Vaults/read | Get Vault 作業會取得代表 『vault』 類型的 Azure 資源的物件 |
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | 取得作業結果作業可用來取得異步送出作業的作業狀態和結果 |
Microsoft.RecoveryServices/Vaults/registeredIdentities/read | 您可以使用取得容器作業來取得為資源註冊的容器。 |
Microsoft.RecoveryServices/Vaults/registeredIdentities/write | 註冊服務容器作業可用來向復原服務註冊容器。 |
Microsoft.RecoveryServices/Vaults/usages/read | 傳回復原服務保存庫的使用詳細數據。 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Storage/storageAccounts/read | 傳回儲存體帳戶的清單,或取得指定之儲存體帳戶的屬性。 |
Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
Microsoft.RecoveryServices/Vaults/backupValidateOperation/action | 驗證受保護專案上的作業 |
Microsoft.RecoveryServices/Vaults/backupTriggerValidateOperation/action | 驗證受保護專案上的作業 |
Microsoft.RecoveryServices/Vaults/backupValidateOperationResults/read | 驗證受保護專案上的作業 |
Microsoft.RecoveryServices/Vaults/backupValidateOperationsStatuses/read | 驗證受保護專案上的作業 |
Microsoft.RecoveryServices/Vaults/backupOperations/read | 傳回復原服務保存庫的備份作業狀態。 |
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read | 取得原則作業的狀態。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write | 建立已註冊的容器 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/query/action | 對容器內的工作負載進行查詢 |
Microsoft.RecoveryServices/Vaults/backupEngines/read | 傳回向保存庫註冊的所有備份管理伺服器。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write | 建立備份保護意圖 |
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read | 取得備份保護意圖 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read | 取得所有可保護的容器 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read | 取得容器中的所有專案 |
Microsoft.RecoveryServices/locations/backupStatus/action | 檢查復原服務保存庫的備份狀態 |
Microsoft.RecoveryServices/locations/backupPreValidateProtection/action | |
Microsoft.RecoveryServices/locations/backupValidateFeatures/action | 驗證功能 |
Microsoft.RecoveryServices/locations/backupAadProperties/read | 取得 AAD 屬性,以在跨區域還原的第三個區域中進行驗證。 |
Microsoft.RecoveryServices/locations/backupCrrJobs/action | 列出復原服務保存庫次要區域中的跨區域還原作業。 |
Microsoft.RecoveryServices/locations/backupCrrJob/action | 取得復原服務保存庫次要區域中的跨區域還原作業詳細數據。 |
Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action | 觸發跨區域還原。 |
Microsoft.RecoveryServices/locations/backupCrrOperationResults/read | 傳回復原服務保存庫的CRR作業結果。 |
Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read | 傳回復原服務保存庫的CRR作業狀態。 |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/write | 解決警示。 |
Microsoft.RecoveryServices/operations/read | 作業會傳回資源提供者的作業清單 |
Microsoft.RecoveryServices/locations/operationStatus/read | 取得指定作業的作業狀態 |
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read | 列出所有備份保護意圖 |
Microsoft.Support/* | 建立和更新支援票證 |
Microsoft.DataProtection/backupVaults/backupInstances/read | 傳回所有備份實例 |
Microsoft.DataProtection/backupVaults/backupInstances/read | 傳回所有備份實例 |
Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read | 傳回備份保存庫的備份作業結果。 |
Microsoft.DataProtection/backupVaults/backupInstances/write | 建立備份實例 |
Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | 列出備份保存庫中虛刪除的備份實例。 |
Microsoft.DataProtection/backupVaults/backupPolicies/read | 傳回所有備份原則 |
Microsoft.DataProtection/backupVaults/backupPolicies/read | 傳回所有備份原則 |
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | 傳回所有恢復點 |
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | 傳回所有恢復點 |
Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action | 尋找可還原的時間範圍 |
Microsoft.DataProtection/backupVaults/read | 取得資源群組中的備份保存庫清單 |
Microsoft.DataProtection/backupVaults/operationResults/read | 取得備份保存庫修補作業的作業結果 |
Microsoft.DataProtection/backupVaults/operationStatus/read | 傳回備份保存庫的備份作業狀態。 |
Microsoft.DataProtection/backupVaults/read | 取得資源群組中的備份保存庫清單 |
Microsoft.DataProtection/backupVaults/read | 取得資源群組中的備份保存庫清單 |
Microsoft.DataProtection/locations/operationStatus/read | 傳回備份保存庫的備份作業狀態。 |
Microsoft.DataProtection/locations/operationResults/read | 傳回備份保存庫的備份作業結果。 |
Microsoft.DataProtection/operations/read | 作業會傳回資源提供者的作業清單 |
Microsoft.DataProtection/backupVaults/validateForBackup/action | 驗證備份實例的備份 |
Microsoft.DataProtection/backupVaults/backupInstances/backup/action | 在備份實例上執行備份 |
Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action | 驗證備份實例的還原 |
Microsoft.DataProtection/backupVaults/backupInstances/restore/action | 觸發備份實例上的還原 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action | 在指定的備份實例上觸發跨區域還原作業。 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action | 執行跨區域還原作業的驗證。 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | 從次要區域列出備份實例的跨區域還原作業。 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | 從次要區域取得跨區域還原作業詳細數據。 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | 針對已啟用跨區域還原的備份保存庫,從次要區域傳回恢復點。 |
Microsoft.DataProtection/locations/checkFeatureSupport/action | 驗證是否支援功能 |
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete | 刪除 ResourceGuard Proxy 作業會刪除類型為 'ResourceGuard Proxy' 的指定 Azure 資源 |
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read | 取得資源的 ResourceGuard Proxy 清單 |
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action | 解除鎖定刪除 ResourceGuard Proxy 作業會解除鎖定下一個刪除關鍵作業 |
Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write | 建立 ResourceGuard Proxy 作業會建立類型為 'ResourceGuard Proxy' 的 Azure 資源 |
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read | 取得 ResourceGuard Proxy 作業會取得代表類型為 'ResourceGuard Proxy' 的 Azure 資源的物件 |
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write | 建立 ResourceGuard Proxy 作業會建立類型為 'ResourceGuard Proxy' 的 Azure 資源 |
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete | 刪除 ResourceGuard Proxy 作業會刪除類型為 'ResourceGuard Proxy' 的指定 Azure 資源 |
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action | 解除鎖定刪除 ResourceGuard Proxy 作業會解除鎖定下一個刪除關鍵作業 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
"id": "/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
"name": "00c29273-979b-4161-815c-10b084fb9324",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/write",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/backupTriggerValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/backupValidateOperationResults/read",
"Microsoft.RecoveryServices/Vaults/backupValidateOperationsStatuses/read",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/locations/backupAadProperties/read",
"Microsoft.RecoveryServices/locations/backupCrrJobs/action",
"Microsoft.RecoveryServices/locations/backupCrrJob/action",
"Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action",
"Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
"Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read",
"Microsoft.DataProtection/backupVaults/backupInstances/write",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/operationResults/read",
"Microsoft.DataProtection/backupVaults/operationStatus/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/operations/read",
"Microsoft.DataProtection/backupVaults/validateForBackup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/backup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action",
"Microsoft.DataProtection/backupVaults/backupInstances/restore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action",
"Microsoft.DataProtection/locations/checkFeatureSupport/action",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action",
"Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete",
"Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
備份讀取者
可以檢視備份服務,但無法進行變更
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp 是服務所使用的內部作業 |
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read | 傳回作業的狀態 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read | 取得在保護容器上執行的作業結果。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read | 取得在受保護項目上執行的作業結果。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read | 傳回在受保護項目上執行的作業狀態。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | 傳回受保護項目的物件詳細數據 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | 取得受保護項目的恢復點。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read | 傳回所有已註冊的容器 |
Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read | 傳回作業作業的結果。 |
Microsoft.RecoveryServices/Vaults/backupJobs/read | 傳回所有作業物件 |
Microsoft.RecoveryServices/Vaults/backupJobsExport/action | 匯出作業 |
Microsoft.RecoveryServices/Vaults/backupOperationResults/read | 傳回復原服務保存庫的備份作業結果。 |
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read | 取得原則作業的結果。 |
Microsoft.RecoveryServices/Vaults/backupPolicies/read | 傳回所有保護原則 |
Microsoft.RecoveryServices/Vaults/backupProtectedItems/read | 傳回所有受保護項目的清單。 |
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read | 傳回屬於訂用帳戶的所有容器 |
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read | 傳回復原服務的受保護專案和受保護伺服器的摘要。 |
Microsoft.RecoveryServices/Vaults/extendedInformation/read | 取得擴充資訊作業會取得對象的擴充資訊,代表類型為 ?vault 的 Azure 資源? |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/read | 取得復原服務保存庫的警示。 |
Microsoft.RecoveryServices/Vaults/read | Get Vault 作業會取得代表 『vault』 類型的 Azure 資源的物件 |
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | 取得作業結果作業可用來取得異步送出作業的作業狀態和結果 |
Microsoft.RecoveryServices/Vaults/registeredIdentities/read | 您可以使用取得容器作業來取得為資源註冊的容器。 |
Microsoft.RecoveryServices/Vaults/backupstorageconfig/read | 傳回復原服務保存庫的記憶體組態。 |
Microsoft.RecoveryServices/Vaults/backupconfig/read | 傳回復原服務保存庫的組態。 |
Microsoft.RecoveryServices/Vaults/backupOperations/read | 傳回復原服務保存庫的備份作業狀態。 |
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read | 取得原則作業的狀態。 |
Microsoft.RecoveryServices/Vaults/backupEngines/read | 傳回向保存庫註冊的所有備份管理伺服器。 |
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read | 取得備份保護意圖 |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read | 取得容器中的所有專案 |
Microsoft.RecoveryServices/locations/backupStatus/action | 檢查復原服務保存庫的備份狀態 |
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/write | 解決警示。 |
Microsoft.RecoveryServices/operations/read | 作業會傳回資源提供者的作業清單 |
Microsoft.RecoveryServices/locations/operationStatus/read | 取得指定作業的作業狀態 |
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read | 列出所有備份保護意圖 |
Microsoft.RecoveryServices/Vaults/usages/read | 傳回復原服務保存庫的使用詳細數據。 |
Microsoft.RecoveryServices/locations/backupValidateFeatures/action | 驗證功能 |
Microsoft.RecoveryServices/locations/backupCrrJobs/action | 列出復原服務保存庫次要區域中的跨區域還原作業。 |
Microsoft.RecoveryServices/locations/backupCrrJob/action | 取得復原服務保存庫次要區域中的跨區域還原作業詳細數據。 |
Microsoft.RecoveryServices/locations/backupCrrOperationResults/read | 傳回復原服務保存庫的CRR作業結果。 |
Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read | 傳回復原服務保存庫的CRR作業狀態。 |
Microsoft.DataProtection/locations/getBackupStatus/action | 檢查復原服務保存庫的備份狀態 |
Microsoft.DataProtection/backupVaults/backupInstances/write | 建立備份實例 |
Microsoft.DataProtection/backupVaults/backupInstances/read | 傳回所有備份實例 |
Microsoft.DataProtection/backupVaults/deletedBackupInstances/read | 列出備份保存庫中虛刪除的備份實例。 |
Microsoft.DataProtection/backupVaults/backupInstances/backup/action | 在備份實例上執行備份 |
Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action | 驗證備份實例的還原 |
Microsoft.DataProtection/backupVaults/backupInstances/restore/action | 觸發備份實例上的還原 |
Microsoft.DataProtection/backupVaults/backupPolicies/read | 傳回所有備份原則 |
Microsoft.DataProtection/backupVaults/backupPolicies/read | 傳回所有備份原則 |
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | 傳回所有恢復點 |
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read | 傳回所有恢復點 |
Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read | 傳回備份保存庫的備份作業結果。 |
Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action | 尋找可還原的時間範圍 |
Microsoft.DataProtection/backupVaults/read | 取得資源群組中的備份保存庫清單 |
Microsoft.DataProtection/backupVaults/operationResults/read | 取得備份保存庫修補作業的作業結果 |
Microsoft.DataProtection/backupVaults/operationStatus/read | 傳回備份保存庫的備份作業狀態。 |
Microsoft.DataProtection/backupVaults/read | 取得資源群組中的備份保存庫清單 |
Microsoft.DataProtection/backupVaults/read | 取得資源群組中的備份保存庫清單 |
Microsoft.DataProtection/locations/operationStatus/read | 傳回備份保存庫的備份作業狀態。 |
Microsoft.DataProtection/locations/operationResults/read | 傳回備份保存庫的備份作業結果。 |
Microsoft.DataProtection/backupVaults/validateForBackup/action | 驗證備份實例的備份 |
Microsoft.DataProtection/operations/read | 作業會傳回資源提供者的作業清單 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action | 從次要區域列出備份實例的跨區域還原作業。 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | 從次要區域取得跨區域還原作業詳細數據。 |
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | 針對已啟用跨區域還原的備份保存庫,從次要區域傳回恢復點。 |
Microsoft.DataProtection/locations/checkFeatureSupport/action | 驗證是否支援功能 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Can view backup services, but can't make changes",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
"name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/read",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
"Microsoft.RecoveryServices/Vaults/backupconfig/read",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/locations/backupCrrJobs/action",
"Microsoft.RecoveryServices/locations/backupCrrJob/action",
"Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
"Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
"Microsoft.DataProtection/locations/getBackupStatus/action",
"Microsoft.DataProtection/backupVaults/backupInstances/write",
"Microsoft.DataProtection/backupVaults/backupInstances/read",
"Microsoft.DataProtection/backupVaults/deletedBackupInstances/read",
"Microsoft.DataProtection/backupVaults/backupInstances/backup/action",
"Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action",
"Microsoft.DataProtection/backupVaults/backupInstances/restore/action",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupPolicies/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
"Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read",
"Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/operationResults/read",
"Microsoft.DataProtection/backupVaults/operationStatus/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/backupVaults/read",
"Microsoft.DataProtection/locations/operationStatus/read",
"Microsoft.DataProtection/locations/operationResults/read",
"Microsoft.DataProtection/backupVaults/validateForBackup/action",
"Microsoft.DataProtection/operations/read",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action",
"Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action",
"Microsoft.DataProtection/locations/checkFeatureSupport/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
傳統儲存體帳戶參與者
可讓您管理傳統儲存體帳戶,但無法加以存取。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.ClassicStorage/storageAccounts/* | 建立及管理儲存體帳戶 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic storage accounts, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicStorage/storageAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
傳統儲存體帳戶金鑰操作員服務角色
允許傳統儲存體帳戶金鑰操作員列出及重新產生傳統儲存體帳戶的金鑰
動作 | 描述 |
---|---|
Microsoft.ClassicStorage/storageAccounts/listkeys/action | 列出記憶體帳戶的存取金鑰。 |
Microsoft.ClassicStorage/storageAccounts/regeneratekey/action | 重新產生記憶體帳戶的現有存取金鑰。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
"id": "/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"permissions": [
{
"actions": [
"Microsoft.ClassicStorage/storageAccounts/listkeys/action",
"Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
資料箱參與者
可讓您管理資料箱服務下的所有項目,但不包含提供其他人存取權。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
Microsoft.Databox/* | |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage everything under Data Box Service except giving access to others.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
"name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Databox/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
資料箱讀者
可讓您管理資料箱服務,但建立訂單或編輯訂單詳細資料,以及提供其他人存取權除外。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Databox/*/read | |
Microsoft.Databox/jobs/listsecrets/action | |
Microsoft.Databox/jobs/listcredentials/action | 列出與訂單相關的未加密認證。 |
Microsoft.Databox/locations/availableSkus/action | 這個方法會傳回可用 SKU 的清單。 |
Microsoft.Databox/locations/validateInputs/action | 此方法會執行所有類型的驗證。 |
Microsoft.Databox/locations/regionConfiguration/action | 這個方法會傳回區域的組態。 |
Microsoft.Databox/locations/validateAddress/action | 驗證出貨位址,並在任何位址時提供替代位址。 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Support/* | 建立和更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Databox/*/read",
"Microsoft.Databox/jobs/listsecrets/action",
"Microsoft.Databox/jobs/listcredentials/action",
"Microsoft.Databox/locations/availableSkus/action",
"Microsoft.Databox/locations/validateInputs/action",
"Microsoft.Databox/locations/regionConfiguration/action",
"Microsoft.Databox/locations/validateAddress/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Lake Analytics 開發人員
可讓您提交、監視及管理您自己的作業,但無法建立或刪除 Data Lake Analytics 帳戶。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.BigAnalytics/accounts/* | |
Microsoft.DataLakeAnalytics/accounts/* | |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Support/* | 建立和更新支援票證 |
NotActions | |
Microsoft.BigAnalytics/accounts/Delete | |
Microsoft.BigAnalytics/accounts/TakeOwnership/action | |
Microsoft.BigAnalytics/accounts/Write | |
Microsoft.DataLakeAnalytics/accounts/Delete | 刪除 DataLakeAnalytics 帳戶。 |
Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action | 授與許可權以取消其他使用者提交的作業。 |
Microsoft.DataLakeAnalytics/accounts/Write | 建立或更新 DataLakeAnalytics 帳戶。 |
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write | 建立或更新 DataLakeAnalytics 帳戶的連結 DataLakeStore 帳戶。 |
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete | 從 DataLakeAnalytics 帳戶取消連結 DataLakeStore 帳戶。 |
Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write | 建立或更新 DataLakeAnalytics 帳戶的連結記憶體帳戶。 |
Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete | 從 DataLakeAnalytics 帳戶取消連結記憶體帳戶。 |
Microsoft.DataLakeAnalytics/accounts/firewallRules/Write | 建立或更新防火牆規則。 |
Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete | 刪除防火牆規則。 |
Microsoft.DataLakeAnalytics/accounts/computePolicies/Write | 建立或更新計算原則。 |
Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete | 刪除計算原則。 |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
"name": "47b7735b-770e-4598-a7da-8b91488b4c88",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.BigAnalytics/accounts/*",
"Microsoft.DataLakeAnalytics/accounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.BigAnalytics/accounts/Delete",
"Microsoft.BigAnalytics/accounts/TakeOwnership/action",
"Microsoft.BigAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
"Microsoft.DataLakeAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Lake Analytics Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
適用於儲存體的 Defender 資料掃描器
授與讀取 Blob 和更新索引標籤的存取權。 適用於儲存體的 Defender 資料掃描器會使用此角色。
動作 | 描述 |
---|---|
Microsoft.Storage/storageAccounts/blobServices/containers/read | 傳回容器清單 |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read | 傳回 Blob 或 Blob 清單 |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write | 傳回寫入 Blob 標記的結果 |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read | 傳回讀取 Blob 標記的結果 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read blobs and update index tags. This role is used by the data scanner of Defender for Storage.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40",
"name": "1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read"
],
"notDataActions": []
}
],
"roleName": "Defender for Storage Data Scanner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
彈性 SAN 網路管理員
允許在 SAN 資源上建立私人端點,以及讀取 SAN 資源
動作 | 描述 |
---|---|
Microsoft.ElasticSan/elasticSans/*/read | |
Microsoft.ElasticSan/elasticSans/PrivateEndpointConnectionsApproval/action | |
Microsoft.ElasticSan/elasticSans/privateEndpointConnections/write | |
Microsoft.ElasticSan/elasticSans/privateEndpointConnections/delete | |
Microsoft.ElasticSan/locations/asyncoperations/read | 輪詢異步操作的狀態。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows access to create Private Endpoints on SAN resources, and to read SAN resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa6cecf6-5db3-4c43-8470-c540bcb4eafa",
"name": "fa6cecf6-5db3-4c43-8470-c540bcb4eafa",
"permissions": [
{
"actions": [
"Microsoft.ElasticSan/elasticSans/*/read",
"Microsoft.ElasticSan/elasticSans/PrivateEndpointConnectionsApproval/action",
"Microsoft.ElasticSan/elasticSans/privateEndpointConnections/write",
"Microsoft.ElasticSan/elasticSans/privateEndpointConnections/delete",
"Microsoft.ElasticSan/locations/asyncoperations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Network Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
彈性 SAN 擁有者
允許 Azure Elastic SAN 下所有資源的完整存取權,包括變更網路安全性原則以解除封鎖資料路徑存取權
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.ElasticSan/elasticSans/* | |
Microsoft.ElasticSan/locations/* | |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to all resources under Azure Elastic SAN including changing network security policies to unblock data path access",
"id": "/providers/Microsoft.Authorization/roleDefinitions/80dcbedb-47ef-405d-95bd-188a1b4ac406",
"name": "80dcbedb-47ef-405d-95bd-188a1b4ac406",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ElasticSan/elasticSans/*",
"Microsoft.ElasticSan/locations/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
彈性 SAN 讀取者
允許控制 Azure Elastic SAN 的路徑讀取存取
動作 | 描述 |
---|---|
Microsoft.Authorization/roleAssignments/read | 取得關於角色指派的資訊。 |
Microsoft.Authorization/roleDefinitions/read | 取得角色定義的相關信息。 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.ElasticSan/elasticSans/*/read | |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for control path read access to Azure Elastic SAN",
"id": "/providers/Microsoft.Authorization/roleDefinitions/af6a70f8-3c9f-4105-acf1-d719e9fca4ca",
"name": "af6a70f8-3c9f-4105-acf1-d719e9fca4ca",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.ElasticSan/elasticSans/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
彈性 SAN 磁碟區群組擁有者
允許 Azure Elastic SAN 中磁碟區群組的完整存取權,包括變更網路安全性原則以解除封鎖資料路徑存取權
動作 | 描述 |
---|---|
Microsoft.Authorization/roleAssignments/read | 取得關於角色指派的資訊。 |
Microsoft.Authorization/roleDefinitions/read | 取得角色定義的相關信息。 |
Microsoft.ElasticSan/elasticSans/volumeGroups/* | |
Microsoft.ElasticSan/locations/asyncoperations/read | 輪詢異步操作的狀態。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to a volume group in Azure Elastic SAN including changing network security policies to unblock data path access",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a8281131-f312-4f34-8d98-ae12be9f0d23",
"name": "a8281131-f312-4f34-8d98-ae12be9f0d23",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read",
"Microsoft.ElasticSan/elasticSans/volumeGroups/*",
"Microsoft.ElasticSan/locations/asyncoperations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Elastic SAN Volume Group Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
讀取者及資料存取
可讓您檢視所有項目,但不會讓您刪除或建立儲存體帳戶或包含的資源。 它也允許透過存取儲存體帳戶金鑰,對儲存體帳戶中包含的所有資料進行讀取/撰寫的存取權。
動作 | 描述 |
---|---|
Microsoft.Storage/storageAccounts/listKeys/action | 傳回指定儲存體帳戶的存取金鑰。 |
Microsoft.Storage/storageAccounts/ListAccountSas/action | 傳回指定記憶體帳戶的帳戶 SAS 令牌。 |
Microsoft.Storage/storageAccounts/read | 傳回儲存體帳戶的清單,或取得指定之儲存體帳戶的屬性。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
"name": "c12c1c16-33a1-487b-954d-41c89c60f349",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/ListAccountSas/action",
"Microsoft.Storage/storageAccounts/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reader and Data Access",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體帳戶備份參與者
可讓您在儲存體帳戶上使用 Azure 備份來執行備份和還原作業。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Authorization/locks/read | 取得指定範圍的鎖定。 |
Microsoft.Authorization/locks/write | 在指定的範圍新增鎖定。 |
Microsoft.Authorization/locks/delete | 刪除指定範圍中的鎖定。 |
Microsoft.Features/features/read | 取得訂用帳戶的功能。 |
Microsoft.Features/providers/features/read | 取得指定資源提供者中訂用帳戶的功能。 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Storage/operations/read | 輪詢異步操作的狀態。 |
Microsoft.Storage/storageAccounts/objectReplicationPolicies/delete | 刪除物件複寫策略 |
Microsoft.Storage/storageAccounts/objectReplicationPolicies/read | 列出物件複寫策略 |
Microsoft.Storage/storageAccounts/objectReplicationPolicies/write | 建立或更新物件復寫策略 |
Microsoft.Storage/storageAccounts/objectReplicationPolicies/restorePointMarkers/write | 建立物件復寫還原點標記 |
Microsoft.Storage/storageAccounts/blobServices/containers/read | 傳回容器清單 |
Microsoft.Storage/storageAccounts/blobServices/containers/write | 傳回放置 Blob 容器的結果 |
Microsoft.Storage/storageAccounts/blobServices/read | 傳回 Blob 服務屬性或統計數據 |
Microsoft.Storage/storageAccounts/blobServices/write | 傳回放置 Blob 服務屬性的結果 |
Microsoft.Storage/storageAccounts/read | 傳回儲存體帳戶的清單,或取得指定之儲存體帳戶的屬性。 |
Microsoft.Storage/storageAccounts/restoreBlobRanges/action | 將 Blob 範圍還原至指定時間的狀態 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform backup and restore operations using Azure Backup on the storage account.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1",
"name": "e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/locks/read",
"Microsoft.Authorization/locks/write",
"Microsoft.Authorization/locks/delete",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/operations/read",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/delete",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/read",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/write",
"Microsoft.Storage/storageAccounts/objectReplicationPolicies/restorePointMarkers/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/write",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/restoreBlobRanges/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Backup Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體帳戶參與者
允許管理儲存體帳戶。 提供帳戶金鑰的存取權,這可用以透過共用金鑰授權存取資料。
動作 | 描述 |
---|---|
Microsoft.Authorization/*/read | 讀取角色和角色指派 |
Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示 |
Microsoft.Insights/diagnosticSettings/* | 建立、更新或讀取 Analysis Server 的診斷設定 |
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。 不可警示。 |
Microsoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態 |
Microsoft.Resources/deployments/* | 建立和管理部署 |
Microsoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。 |
Microsoft.Storage/storageAccounts/* | 建立及管理儲存體帳戶 |
Microsoft.Support/* | 建立和更新支援票證 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
"name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體帳戶金鑰操作員服務角色
允許列出和重新產生儲存體帳戶存取金鑰。
動作 | 描述 |
---|---|
Microsoft.Storage/storageAccounts/listkeys/action | 傳回指定儲存體帳戶的存取金鑰。 |
Microsoft.Storage/storageAccounts/regeneratekey/action | 重新產生指定記憶體帳戶的存取金鑰。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
"id": "/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
"name": "81a9662b-bebf-436f-a333-f67b29880f12",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體 Blob 資料參與者
讀取、寫入和刪除 Azure 儲存體容器和 Blob。 若要瞭解指定數據作業需要哪些動作,請參閱 呼叫數據作業的許可權。
動作 | 描述 |
---|---|
Microsoft.Storage/storageAccounts/blobServices/containers/delete | 刪除容器。 |
Microsoft.Storage/storageAccounts/blobServices/containers/read | 傳回容器或容器清單。 |
Microsoft.Storage/storageAccounts/blobServices/containers/write | 修改容器的元數據或屬性。 |
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | 傳回 Blob 服務的使用者委派金鑰。 |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete | 刪除 Blob。 |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read | 傳回 Blob 或 Blob 清單。 |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write | 寫入 Blob。 |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action | 將 Blob 從一個路徑移至另一個路徑 |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action | 傳回新增 Blob 內容的結果 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write and delete access to Azure Storage blob containers and data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體 Blob 資料擁有者
提供 Azure 儲存體 Blob 容器和資料的完整存取權,包括指派 POSIX 存取控制。 若要瞭解指定數據作業需要哪些動作,請參閱 呼叫數據作業的許可權。
動作 | 描述 |
---|---|
Microsoft.Storage/storageAccounts/blobServices/containers/* | 容器的完整許可權。 |
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | 傳回 Blob 服務的使用者委派金鑰。 |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* | Blob 的完整許可權。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/*",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體 Blob 資料讀者
讀取並列出 Azure 儲存體容器和 Blob。 若要瞭解指定數據作業需要哪些動作,請參閱 呼叫數據作業的許可權。
動作 | 描述 |
---|---|
Microsoft.Storage/storageAccounts/blobServices/containers/read | 傳回容器或容器清單。 |
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | 傳回 Blob 服務的使用者委派金鑰。 |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read | 傳回 Blob 或 Blob 清單。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage blob containers and data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體 Blob 委派者
取得使用者委派密鑰,然後可用來為使用 Azure AD 認證簽署的容器或 Blob 建立共用存取簽章。 如需詳細資訊,請參閱建立使用者委派 SAS。
動作 | 描述 |
---|---|
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | 傳回 Blob 服務的使用者委派金鑰。 |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
"id": "/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Blob Delegator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體檔案資料特殊權限參與者
藉由覆寫現有的 ACL/NTFS 權限,允許在 Azure 檔案共用中的檔案/目錄上讀取、寫入、刪除和修改 ACL。 此角色在 Windows 檔案伺服器上沒有內建對等項目。
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read | 傳回檔案/資料夾或檔案/資料夾清單 |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write | 傳回寫入檔案或建立資料夾的結果 |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete | 傳回刪除檔案/資料夾的結果 |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action | 傳回修改檔案/資料夾許可權的結果 |
Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action | 讀取檔備份語意許可權 |
Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action | 寫入檔案備份語意許可權 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Customer has read, write, delete and modify NTFS permission access on Azure Storage file shares.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/69566ab7-960f-475b-8e7c-b3118f30c6bd",
"name": "69566ab7-960f-475b-8e7c-b3118f30c6bd",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action",
"Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action",
"Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action"
],
"notDataActions": []
}
],
"roleName": "Storage File Data Privileged Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體檔案資料特殊權限讀者
藉由覆寫現有的 ACL/NTFS 權限,允許在 Azure 檔案共用中的檔案/目錄上讀取存取。 此角色在 Windows 檔案伺服器上沒有內建對等項目。
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read | 傳回檔案/資料夾或檔案/資料夾清單 |
Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action | 讀取檔備份語意許可權 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Customer has read access on Azure Storage file shares.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b8eda974-7b85-4f76-af95-65846b26df6d",
"name": "b8eda974-7b85-4f76-af95-65846b26df6d",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action"
],
"notDataActions": []
}
],
"roleName": "Storage File Data Privileged Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體檔案資料 SMB 共用參與者
允許對 Azure 檔案共用中的檔案/目錄進行讀取、寫入和刪除存取。 此角色在 Windows 檔案伺服器上沒有內建對等項目。
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read | 傳回檔案/資料夾或檔案/資料夾清單。 |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write | 傳回寫入檔案或建立資料夾的結果。 |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete | 傳回刪除檔案/資料夾的結果。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體檔案資料 SMB 共用提升權限的參與者
允許對 Azure 檔案共用中的檔案/目錄讀取、寫入、刪除和修改 ACL。 此角色相當於 Windows 檔案伺服器上的檔案共用 ACL 變更。
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read | 傳回檔案/資料夾或檔案/資料夾清單。 |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write | 傳回寫入檔案或建立資料夾的結果。 |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete | 傳回刪除檔案/資料夾的結果。 |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action | 傳回修改檔案/資料夾許可權的結果。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
"name": "a7264617-510b-434b-a828-9731dc254ea7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Elevated Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體檔案資料 SMB 共用讀者
允許對 Azure 檔案共用中的檔案/目錄進行讀取存取。 此角色相當於 Windows 檔案伺服器上的檔案共用 ACL 讀取。
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read | 傳回檔案/資料夾或檔案/資料夾清單。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure File Share over SMB",
"id": "/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
"name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體佇列資料參與者
讀取、寫入及刪除 Azure 儲存體佇列與佇列訊息。 若要瞭解指定數據作業需要哪些動作,請參閱 呼叫數據作業的許可權。
動作 | 描述 |
---|---|
Microsoft.Storage/storageAccounts/queueServices/queues/delete | 刪除佇列。 |
Microsoft.Storage/storageAccounts/queueServices/queues/read | 傳回佇列或佇列清單。 |
Microsoft.Storage/storageAccounts/queueServices/queues/write | 修改佇列元數據或屬性。 |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete | 從佇列中刪除一或多個訊息。 |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/read | 從佇列中查看或擷取一或多個訊息。 |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/write | 將訊息新增至佇列。 |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action | 傳回處理訊息的結果 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
"id": "/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/write",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體佇列資料訊息處理者
從 Azure 儲存體佇列中查看、擷取和刪除訊息。 若要瞭解指定數據作業需要哪些動作,請參閱 呼叫數據作業的許可權。
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/read | 查看訊息。 |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action | 擷取和刪除訊息。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
"name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Processor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體佇列資料訊息傳送者
將訊息新增至 Azure 儲存體佇列。 若要瞭解指定數據作業需要哪些動作,請參閱 呼叫數據作業的許可權。
動作 | 描述 |
---|---|
none | |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action | 將訊息新增至佇列。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for sending of Azure Storage queue messages",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體佇列資料讀者
讀取及列出 Azure 儲存體佇列與佇列訊息。 若要瞭解指定數據作業需要哪些動作,請參閱 呼叫數據作業的許可權。
動作 | 描述 |
---|---|
Microsoft.Storage/storageAccounts/queueServices/queues/read | 傳回佇列或佇列清單。 |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/read | 從佇列中查看或擷取一或多個訊息。 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage queues and queue messages",
"id": "/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
"name": "19e7f393-937e-4f77-808e-94535e297925",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體資料表資料參與者
允許讀取、寫入及刪除存取 Azure 儲存體資料表與實體
動作 | 描述 |
---|---|
Microsoft.Storage/storageAccounts/tableServices/tables/read | 查詢資料表 |
Microsoft.Storage/storageAccounts/tableServices/tables/write | 建立表格 |
Microsoft.Storage/storageAccounts/tableServices/tables/delete | 路由表 |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/tableServices/tables/entities/read | 查詢數據表實體 |
Microsoft.Storage/storageAccounts/tableServices/tables/entities/write | 插入、合併或取代數據表實體 |
Microsoft.Storage/storageAccounts/tableServices/tables/entities/delete | 刪除資料表實體 |
Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action | 插入數據表實體 |
Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action | 合併或更新數據表實體 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write and delete access to Azure Storage tables and entities",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3",
"name": "0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/read",
"Microsoft.Storage/storageAccounts/tableServices/tables/write",
"Microsoft.Storage/storageAccounts/tableServices/tables/delete"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/read",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/write",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/delete",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action",
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action"
],
"notDataActions": []
}
],
"roleName": "Storage Table Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體資料表資料讀取者
允許讀取存取 Azure 儲存體資料表與實體
動作 | 描述 |
---|---|
Microsoft.Storage/storageAccounts/tableServices/tables/read | 查詢資料表 |
NotActions | |
none | |
DataActions | |
Microsoft.Storage/storageAccounts/tableServices/tables/entities/read | 查詢數據表實體 |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage tables and entities",
"id": "/providers/Microsoft.Authorization/roleDefinitions/76199698-9eea-4c19-bc75-cec21354c6b6",
"name": "76199698-9eea-4c19-bc75-cec21354c6b6",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/read"
],
"notDataActions": []
}
],
"roleName": "Storage Table Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}