Integrierte Azure-Rollen für KI + Machine Learning

In diesem Artikel werden die integrierten Azure-Rollen in der Kategorie „KI + Machine Learning“ aufgeführt.

Azure AI-Kontobesitzer

Gewährt vollzugriff auf die Verwaltung von KI-Projekten und -Konten. Enthält eine ABAC-Bedingung, um Rollenzuweisungen einzuschränken. Gewährt einer bedingten Zuweisung der Azure AI-Benutzerrolle andere Benutzerprinzipien. Gilt für neue Foundry-Ressourcen.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage AI projects and accounts. Grants conditional assignment of the Azure AI User role to other user principles.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/e47c6f54-e4a2-4754-9501-8e0985b135e1",
  "name": "e47c6f54-e4a2-4754-9501-8e0985b135e1",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Authorization/roleAssignments/write",
        "Microsoft.Authorization/roleAssignments/delete",
        "Microsoft.CognitiveServices/*",
        "Microsoft.Features/features/read",
        "Microsoft.Features/providers/features/read",
        "Microsoft.Features/providers/features/register/action",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": [],
      "conditionVersion": "2.0",
      "condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{53ca6127-db72-4b80-b1b0-d745d6d5456d})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{53ca6127-db72-4b80-b1b0-d745d6d5456d}))"
    }
  ],
  "roleName": "Azure AI Account Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure KI-Administrator

Eine Built-In Rolle, die über alle Berechtigungen für die Steuerungsebene verfügt, um mit Azure AI und seinen Abhängigkeiten zu arbeiten. Gilt nur für Azure Machine Learning- und Foundry-Hubs.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "A Built-In Role that has all control plane permissions to work with Azure AI and its dependencies.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/b78c5d69-af96-48a3-bf8d-a8b4d589de94",
  "name": "b78c5d69-af96-48a3-bf8d-a8b4d589de94",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*",
        "Microsoft.ContainerRegistry/registries/*",
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Features/features/read",
        "Microsoft.Features/providers/features/read",
        "Microsoft.Features/providers/features/register/action",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/generateLiveToken/read",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricAlerts/*",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/scheduledqueryrules/*",
        "Microsoft.Insights/topology/read",
        "Microsoft.Insights/transactions/read",
        "Microsoft.Insights/webtests/*",
        "Microsoft.KeyVault/*",
        "Microsoft.MachineLearningServices/workspaces/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/subscriptions/resourceGroups/write",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*",
        "Microsoft.Search/searchServices/write",
        "Microsoft.Search/searchServices/read",
        "Microsoft.Search/searchServices/delete",
        "Microsoft.Search/searchServices/indexes/*",
        "Microsoft.Search/searchServices/listAdminKeys/action",
        "Microsoft.Search/searchServices/privateEndpointConnections/*",
        "Microsoft.DataFactory/factories/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure AI Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure KI-Entwickler

Kann alle Aktionen innerhalb einer Azure KI-Ressource ausführen, neben der Verwaltung der Ressource selbst. Gilt nur für Azure Machine Learning- und Foundry-Hubs.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform all actions within an Azure AI resource besides managing the resource itself.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/64702f94-c441-49e6-a78b-ef80e0188fee",
  "name": "64702f94-c441-49e6-a78b-ef80e0188fee",
  "permissions": [
    {
      "actions": [
        "Microsoft.MachineLearningServices/workspaces/*/read",
        "Microsoft.MachineLearningServices/workspaces/*/action",
        "Microsoft.MachineLearningServices/workspaces/*/delete",
        "Microsoft.MachineLearningServices/workspaces/*/write",
        "Microsoft.MachineLearningServices/locations/*/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*"
      ],
      "notActions": [
        "Microsoft.MachineLearningServices/workspaces/delete",
        "Microsoft.MachineLearningServices/workspaces/write",
        "Microsoft.MachineLearningServices/workspaces/listKeys/action",
        "Microsoft.MachineLearningServices/workspaces/hubs/write",
        "Microsoft.MachineLearningServices/workspaces/hubs/delete",
        "Microsoft.MachineLearningServices/workspaces/featurestores/write",
        "Microsoft.MachineLearningServices/workspaces/featurestores/delete",
        "Microsoft.MachineLearningServices/workspaces/evaluations/results/labels/read",
        "Microsoft.MachineLearningServices/workspaces/evaluations/results/reasonings/read",
        "Microsoft.MachineLearningServices/workspaces/simulations/results/images/read"
      ],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/OpenAI/*",
        "Microsoft.CognitiveServices/accounts/SpeechServices/*",
        "Microsoft.CognitiveServices/accounts/ContentSafety/*",
        "Microsoft.CognitiveServices/accounts/MaaS/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure AI Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Genehmigende Person für Azure KI Enterprise-Netzwerkverbindung

Kann private Endpunktverbindungen mit gemeinsamen Azure KI-Abhängigkeitsressourcen genehmigen

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Can approve private endpoint connections to Azure AI common dependency resources",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/b556d68e-0be0-4f35-a333-ad7ee1ce17ea",
  "name": "b556d68e-0be0-4f35-a333-ad7ee1ce17ea",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/privateEndpointConnections/read",
        "Microsoft.ApiManagement/service/privateEndpointConnections/write",
        "Microsoft.ApiManagement/service/privateLinkResources/read",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.ContainerRegistry/registries/privateEndpointConnectionsApproval/action",
        "Microsoft.ContainerRegistry/registries/privateEndpointConnections/read",
        "Microsoft.ContainerRegistry/registries/privateEndpointConnections/write",
        "Microsoft.Cache/redis/read",
        "Microsoft.Cache/redis/privateEndpointConnections/read",
        "Microsoft.Cache/redis/privateEndpointConnections/write",
        "Microsoft.Cache/redis/privateLinkResources/read",
        "Microsoft.Cache/redis/privateEndpointConnectionsApproval/action",
        "Microsoft.Cache/redisEnterprise/read",
        "Microsoft.Cache/redisEnterprise/privateEndpointConnections/read",
        "Microsoft.Cache/redisEnterprise/privateEndpointConnections/write",
        "Microsoft.Cache/redisEnterprise/privateLinkResources/read",
        "Microsoft.Cache/redisEnterprise/privateEndpointConnectionsApproval/action",
        "Microsoft.CognitiveServices/accounts/read",
        "Microsoft.CognitiveServices/accounts/privateEndpointConnections/read",
        "Microsoft.CognitiveServices/accounts/privateEndpointConnections/write",
        "Microsoft.CognitiveServices/accounts/privateLinkResources/read",
        "Microsoft.DBforPostgreSQL/flexibleServers/privateEndpointConnectionsApproval/action",
        "Microsoft.DBforPostgreSQL/flexibleServers/privateEndpointConnections/read",
        "Microsoft.DBforPostgreSQL/flexibleServers/privateEndpointConnections/write",
        "Microsoft.DBforPostgreSQL/flexibleServers/privateLinkResources/read",
        "Microsoft.DBforPostgreSQL/flexibleServers/read",
        "Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnectionsApproval/action",
        "Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnections/read",
        "Microsoft.DBforPostgreSQL/serverGroupsv2/privateEndpointConnections/write",
        "Microsoft.DBforPostgreSQL/serverGroupsv2/privateLinkResources/read",
        "Microsoft.DBforMySQL/flexibleServers/privateEndpointConnectionsApproval/action",
        "Microsoft.DBforMySQL/flexibleServers/privateEndpointConnections/read",
        "Microsoft.DBforMySQL/flexibleServers/privateEndpointConnections/write",
        "Microsoft.DBforMySQL/flexibleServers/privateLinkResources/read",
        "Microsoft.DBforMySQL/flexibleServers/read",
        "Microsoft.DocumentDB/databaseAccounts/privateEndpointConnectionsApproval/action",
        "Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read",
        "Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/write",
        "Microsoft.DocumentDB/databaseAccounts/privateLinkResources/read",
        "Microsoft.DocumentDB/databaseAccounts/read",
        "Microsoft.KeyVault/vaults/privateEndpointConnectionsApproval/action",
        "Microsoft.KeyVault/vaults/privateEndpointConnections/read",
        "Microsoft.KeyVault/vaults/privateEndpointConnections/write",
        "Microsoft.KeyVault/vaults/privateLinkResources/read",
        "Microsoft.KeyVault/vaults/read",
        "Microsoft.MachineLearningServices/registries/privateEndpointConnectionsApproval/action",
        "Microsoft.MachineLearningServices/registries/privateEndpointConnections/read",
        "Microsoft.MachineLearningServices/registries/privateEndpointConnections/write",
        "Microsoft.MachineLearningServices/registries/privateLinkResources/read",
        "Microsoft.MachineLearningServices/registries/read",
        "Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionsApproval/action",
        "Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read",
        "Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write",
        "Microsoft.MachineLearningServices/workspaces/privateLinkResources/read",
        "Microsoft.MachineLearningServices/workspaces/read",
        "Microsoft.Storage/storageAccounts/privateEndpointConnections/read",
        "Microsoft.Storage/storageAccounts/privateEndpointConnections/write",
        "Microsoft.Storage/storageAccounts/privateLinkResources/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action",
        "Microsoft.Sql/servers/privateEndpointConnectionsApproval/action",
        "Microsoft.Sql/servers/privateEndpointConnections/read",
        "Microsoft.Sql/servers/privateEndpointConnections/write",
        "Microsoft.Sql/servers/privateLinkResources/read",
        "Microsoft.Sql/servers/read",
        "Microsoft.EventHub/namespaces/privateEndpointConnectionsApproval/action",
        "Microsoft.EventHub/namespaces/privateEndpointConnections/read",
        "Microsoft.EventHub/namespaces/privateEndpointConnections/write",
        "Microsoft.EventHub/namespaces/privateLinkResources/read",
        "Microsoft.EventHub/namespaces/read",
        "Microsoft.Search/searchServices/privateEndpointConnectionsApproval/action",
        "Microsoft.Search/searchServices/privateEndpointConnections/read",
        "Microsoft.Search/searchServices/privateEndpointConnections/write",
        "Microsoft.Search/searchServices/sharedPrivateLinkResources/read",
        "Microsoft.Search/searchServices/read",
        "Microsoft.Insights/privatelinkscopes/privateEndpointConnectionsApproval/action",
        "Microsoft.Insights/privatelinkscopes/privateEndpointConnections/read",
        "Microsoft.Insights/privatelinkscopes/privateEndpointConnections/write",
        "Microsoft.Insights/privatelinkscopes/privateLinkResources/read",
        "Microsoft.Insights/privatelinkscopes/read",
        "Microsoft.Network/privateLinkServices/privateEndpointConnectionsApproval/action",
        "Microsoft.Network/privateLinkServices/privateEndpointConnections/read",
        "Microsoft.Network/privateLinkServices/privateEndpointConnections/write",
        "Microsoft.Network/privateLinkServices/read",
        "Microsoft.Network/applicationGateways/privateEndpointConnections/read",
        "Microsoft.Network/applicationGateways/privateEndpointConnections/write",
        "Microsoft.Network/applicationGateways/privateLinkResources/read",
        "Microsoft.Network/applicationGateways/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure AI Enterprise Network Connection Approver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure KI-Rückschlussbereitstellungsoperator

Kann alle erforderlichen Aktionen ausführen, um eine Ressourcenbereitstellung innerhalb einer Ressourcengruppe zu erstellen.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform all actions required to create a resource deployment within a resource group.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/3afb7f49-54cb-416e-8c09-6dc049efa503",
  "name": "3afb7f49-54cb-416e-8c09-6dc049efa503",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Insights/AutoscaleSettings/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure AI Inference Deployment Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure AI-Besitzer

Gewährt voll zum Verwalten von KI-Projekten und -Konten. Gewährt Lesezugriff auf KI-Projekte, Lesezugriff auf KI-Konten und Datenaktionen für ein KI-Projekt. Gilt für neue Foundry-Ressourcen.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full to manage AI project and accounts. Grants reader access to AI projects, reader access to AI accounts, and data actions for an AI project.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/c883944f-8b7b-4483-af10-35834be79c4a",
  "name": "c883944f-8b7b-4483-af10-35834be79c4a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure AI Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure AI-Projektmanager

Hiermit können Sie Entwickleraktionen und Verwaltungsaktionen für Foundry Projects ausführen. Enthält eine ABAC-Bedingung, um Rollenzuweisungen einzuschränken. Ermöglicht das Erstellen von Rollenzuweisungen, aber beschränkt auf azure AI-Benutzerrolle. Gilt für neue Foundry-Ressourcen.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you perform developer actions and management actions on Azure AI Foundry Projects. Allows for making role assignments, but limited to Cognitive Service User role.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/eadc314b-1a2d-4efa-be10-5d325db5065e",
  "name": "eadc314b-1a2d-4efa-be10-5d325db5065e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/roleAssignments/write",
        "Microsoft.Authorization/roleAssignments/delete",
        "Microsoft.CognitiveServices/accounts/*/read",
        "Microsoft.CognitiveServices/accounts/projects/*",
        "Microsoft.CognitiveServices/locations/*/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*"
      ],
      "notDataActions": [],
      "conditionVersion": "2.0",
      "condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{53ca6127-db72-4b80-b1b0-d745d6d5456d})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{53ca6127-db72-4b80-b1b0-d745d6d5456d}))"
    }
  ],
  "roleName": "Azure AI Project Manager",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure AI-Benutzer

Gewährt Lesezugriff auf KI-Projekte, Lesezugriff auf KI-Konten und Datenaktionen für ein KI-Projekt.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants reader access to AI projects, reader access to AI accounts, and data actions for an AI project.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/53ca6127-db72-4b80-b1b0-d745d6d5456d",
  "name": "53ca6127-db72-4b80-b1b0-d745d6d5456d",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.CognitiveServices/accounts/listkeys/action",
        "Microsoft.Insights/alertRules/read",
        "Microsoft.Insights/diagnosticSettings/read",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure AI User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AzureML Compute-Operator

Kann auf CRUD-Vorgänge auf verwalteten Computeressourcen von Machine Learning Services (einschließlich Notebook-VMs) zugreifen und diese ausführen.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Can access and perform CRUD operations on Machine Learning Services managed compute resources (including Notebook VMs).",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/e503ece1-11d0-4e8e-8e2c-7a6c3bf38815",
  "name": "e503ece1-11d0-4e8e-8e2c-7a6c3bf38815",
  "permissions": [
    {
      "actions": [
        "Microsoft.MachineLearningServices/workspaces/computes/*",
        "Microsoft.MachineLearningServices/workspaces/notebooks/vm/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AzureML Compute Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AzureML Data Scientist

Kann alle Aktionen innerhalb eines Azure Machine Learning-Arbeitsbereichs ausführen, mit Ausnahme des Erstellens oder Löschens von Computeressourcen und des Änderns des Arbeitsbereichs selbst.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f6c7c914-8db3-469d-8ca1-694a8f32e121",
  "name": "f6c7c914-8db3-469d-8ca1-694a8f32e121",
  "permissions": [
    {
      "actions": [
        "Microsoft.MachineLearningServices/workspaces/*/read",
        "Microsoft.MachineLearningServices/workspaces/*/action",
        "Microsoft.MachineLearningServices/workspaces/*/delete",
        "Microsoft.MachineLearningServices/workspaces/*/write"
      ],
      "notActions": [
        "Microsoft.MachineLearningServices/workspaces/delete",
        "Microsoft.MachineLearningServices/workspaces/write",
        "Microsoft.MachineLearningServices/workspaces/computes/*/write",
        "Microsoft.MachineLearningServices/workspaces/computes/*/delete",
        "Microsoft.MachineLearningServices/workspaces/computes/listKeys/action",
        "Microsoft.MachineLearningServices/workspaces/listKeys/action",
        "Microsoft.MachineLearningServices/workspaces/hubs/write",
        "Microsoft.MachineLearningServices/workspaces/hubs/delete",
        "Microsoft.MachineLearningServices/workspaces/featurestores/write",
        "Microsoft.MachineLearningServices/workspaces/featurestores/delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AzureML Data Scientist",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Writer für AzureML-Metriken (Vorschau)

Mit dieser Rolle können Sie Metriken in den AzureML-Arbeitsbereich schreiben.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you write metrics to AzureML workspace",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/635dd51f-9968-44d3-b7fb-6d9a6bd613ae",
  "name": "635dd51f-9968-44d3-b7fb-6d9a6bd613ae",
  "permissions": [
    {
      "actions": [
        "Microsoft.MachineLearningServices/workspaces/metrics/*/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AzureML Metrics Writer (preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AzureML-Registrierungsbenutzer

Kann alle Aktionen für Machine Learning Services-Registrierungsressourcen ausführen und Registrierungsressourcen abrufen.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform all actions on Machine Learning Services Registry assets as well as get Registry resources.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/1823dd4f-9b8c-4ab6-ab4e-7397a3684615",
  "name": "1823dd4f-9b8c-4ab6-ab4e-7397a3684615",
  "permissions": [
    {
      "actions": [
        "Microsoft.MachineLearningServices/registries/read",
        "Microsoft.MachineLearningServices/registries/assets/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AzureML Registry User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender für Cognitive Services

Ermöglicht Ihnen das Erstellen, Lesen, Aktualisieren, Löschen und Verwalten von Cognitive Services-Schlüsseln.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*",
        "Microsoft.Features/features/read",
        "Microsoft.Features/providers/features/read",
        "Microsoft.Features/providers/features/register/action",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.CognitiveServices/raiPolicy/write",
        "Microsoft.CognitiveServices/raiPolicy/delete",
        "Microsoft.CognitiveServices/raiExternalSafetyProviders/write",
        "Microsoft.CognitiveServices/raiExternalSafetyProviders/delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services: Custom Vision-Mitwirkender

Vollzugriff auf Projekte, einschließlich der Möglichkeit zum Anzeigen, Erstellen, Bearbeiten oder Löschen von Projekten

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to the project, including the ability to view, create, edit, or delete projects.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Custom Vision Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services: Custom Vision-Bereitstellung

Veröffentlichen, Aufheben der Veröffentlichung oder Exportieren von Modellen. Mit der Bereitstellungsrolle kann das Projekt angezeigt, aber nicht aktualisiert werden.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Publish, unpublish or export models. Deployment can view the project but can't update.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f",
  "name": "5c4089e1-6d96-4d2f-b296-c1bc7137275f",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/classify/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/detect/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Deployment",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services: Custom Vision-Beschriftungsersteller

Anzeigen, Bearbeiten von Trainingsbildern und Erstellen, Hinzufügen, Entfernen oder Löschen von Bildtags. Beschriftungsersteller können Projekte anzeigen, jedoch nichts außer Trainingsbildern und Tags aktualisieren.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c",
  "name": "88424f51-ebe7-446f-bc41-7fa16989e96c",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Labeler",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services: Custom Vision-Leser

Schreibgeschützte Aktionen im Projekt. Leser können das Projekt weder erstellen noch aktualisieren.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only actions in the project. Readers can't create or update the project.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/93586559-c37d-4a6b-ba08-b9f0940c2d73",
  "name": "93586559-c37d-4a6b-ba08-b9f0940c2d73",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services: Custom Vision-Trainer

Anzeigen, Bearbeiten von Projekten und Trainieren der Modelle, einschließlich der Möglichkeit zum Veröffentlichen, Aufheben der Veröffentlichung und Exportieren der Modelle. Trainer können das Projekt weder erstellen noch löschen.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can't create or delete the project.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
  "name": "0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/action",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/delete",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Trainer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services-Datenlesende

Ermöglicht das Lesen von Cognitive Services-Daten.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read Cognitive Services data.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
  "name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services: Gesichtserkennung

Ermöglicht Ihnen das Ausführen von Vorgängen zum Erkennen, Überprüfen, Identifizieren und Gruppieren sowie zum Auffinden ähnlicher Gesichter in der Gesichtserkennungs-API. Diese Rolle lässt keine Erstellungs- oder Löschvorgänge zu. Daher eignet sie sich gut für Endpunkte, die nur Rückschlussfunktionen basierend auf der Regel der geringsten Rechte benötigen.

{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/9894cab4-e18a-44aa-828b-cb588cd6f2d7",
  "name": "9894cab4-e18a-44aa-828b-cb588cd6f2d7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/Face/detect/action",
        "Microsoft.CognitiveServices/accounts/Face/verify/action",
        "Microsoft.CognitiveServices/accounts/Face/identify/action",
        "Microsoft.CognitiveServices/accounts/Face/group/action",
        "Microsoft.CognitiveServices/accounts/Face/findsimilars/action",
        "Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action",
        "Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action",
        "Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action",
        "Microsoft.CognitiveServices/accounts/Face/*/sessions/action",
        "Microsoft.CognitiveServices/accounts/Face/*/sessions/delete",
        "Microsoft.CognitiveServices/accounts/Face/*/sessions/read",
        "Microsoft.CognitiveServices/accounts/Face/*/sessions/audit/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Face Recognizer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Plastischer Reader-Benutzer für Cognitive Services

Ermöglicht das Erstellen Plastischer Reader-Sitzungen und Aufrufen von APIs

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides access to create Immersive Reader sessions and call APIs",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/b2de6794-95db-4659-8781-7e080d3f2b9d",
  "name": "b2de6794-95db-4659-8781-7e080d3f2b9d",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/ImmersiveReader/getcontentmodelforreader/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Immersive Reader User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services-Sprachbesitzer

Hat Zugriff auf alle Lese-, Test-, Schreib-, Bereitstellungs- und Löschfunktionen im Sprachportal

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Has access to all Read, Test, Write, Deploy and Delete functions under Language portal",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f07febfe-79bc-46b1-8b37-790e26e6e498",
  "name": "f07febfe-79bc-46b1-8b37-790e26e6e498",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.CognitiveServices/accounts/listkeys/action",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/LanguageAuthoring/*",
        "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*",
        "Microsoft.CognitiveServices/accounts/Language/*",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*"
      ]
    }
  ],
  "roleName": "Cognitive Services Language Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services-Sprachleser

Zugriff auf Lese- und Testfunktionen im Sprachportal

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Has access to Read and Test functions under Language portal",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/7628b7b8-a8b2-4cdc-b46f-e9b35248918e",
  "name": "7628b7b8-a8b2-4cdc-b46f-e9b35248918e",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/LanguageAuthoring/*/read",
        "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*/read",
        "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/export/action",
        "Microsoft.CognitiveServices/accounts/Language/*/read",
        "Microsoft.CognitiveServices/accounts/Language/*/projects/export/action",
        "Microsoft.CognitiveServices/accounts/Language/query-text/action",
        "Microsoft.CognitiveServices/accounts/Language/query-dataverse/action",
        "Microsoft.CognitiveServices/accounts/Language/analyze-text/jobs/action",
        "Microsoft.CognitiveServices/accounts/Language/analyze-text/action",
        "Microsoft.CognitiveServices/accounts/Language/analyze-text/jobscancel/action",
        "Microsoft.CognitiveServices/accounts/Language/analyze-conversations/action",
        "Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobscancel/action",
        "Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobs/action",
        "Microsoft.CognitiveServices/accounts/Language/query-knowledgebases/action",
        "Microsoft.CognitiveServices/accounts/Language/generate/action",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*"
      ]
    }
  ],
  "roleName": "Cognitive Services Language Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services-Sprachwriter

Hat Zugriff auf alle Lese-, Test- und Schreibfunktionen im Sprachportal

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": " Has access to all Read, Test, and Write functions under Language Portal",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f2310ca1-dc64-4889-bb49-c8e0fa3d47a8",
  "name": "f2310ca1-dc64-4889-bb49-c8e0fa3d47a8",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/LanguageAuthoring/*",
        "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*",
        "Microsoft.CognitiveServices/accounts/Language/*",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/LanguageAuthoring/projects/publish/action",
        "Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/deployments/write",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/*",
        "Microsoft.CognitiveServices/accounts/Language/*/projects/delete",
        "Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/write",
        "Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/delete",
        "Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/swap/action"
      ]
    }
  ],
  "roleName": "Cognitive Services Language Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services: LUIS-Besitzer

Hat Zugriff auf alle Lese-, Test-, Schreib-, Bereitstellungs- und Löschfunktionen unter LUIS

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": " Has access to all Read, Test, Write, Deploy and Delete functions under LUIS",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f72c8140-2111-481c-87ff-72b910f6e3f8",
  "name": "f72c8140-2111-481c-87ff-72b910f6e3f8",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.CognitiveServices/accounts/listkeys/action",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/LUIS/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services LUIS Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services: LUIS-Reader

Hat Zugriff auf Lese- und Testfunktionen unter LUIS

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Has access to Read and Test functions under LUIS.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/18e81cdc-4e98-4e29-a639-e7d10c5a6226",
  "name": "18e81cdc-4e98-4e29-a639-e7d10c5a6226",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/LUIS/*/read",
        "Microsoft.CognitiveServices/accounts/LUIS/apps/testdatasets/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services LUIS Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services: LUIS-Writer

Hat Zugriff auf alle Lese-, Test- und Schreibfunktionen unter LUIS

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Has access to all Read, Test, and Write functions under LUIS",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/6322a993-d5c9-4bed-b113-e49bbea25b27",
  "name": "6322a993-d5c9-4bed-b113-e49bbea25b27",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/LUIS/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/LUIS/apps/delete",
        "Microsoft.CognitiveServices/accounts/LUIS/apps/move/action",
        "Microsoft.CognitiveServices/accounts/LUIS/apps/publish/action",
        "Microsoft.CognitiveServices/accounts/LUIS/apps/settings/write",
        "Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/action",
        "Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/delete"
      ]
    }
  ],
  "roleName": "Cognitive Services LUIS Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services Metrics Advisor-Administrator

Vollzugriff auf das Projekt, einschließlich der Konfiguration auf Systemebene.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to the project, including the system level configuration.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/cb43c632-a144-4ec5-977c-e80c4affc34a",
  "name": "cb43c632-a144-4ec5-977c-e80c4affc34a",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/MetricsAdvisor/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Metrics Advisor Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Metrics Advisor-Benutzer für Cognitive Services

Diese Rolle bietet Zugriff auf das Projekt.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Access to the project.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/3b20f47b-3825-43cb-8114-4bd2201156a8",
  "name": "3b20f47b-3825-43cb-8114-4bd2201156a8",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/MetricsAdvisor/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/MetricsAdvisor/stats/*"
      ]
    }
  ],
  "roleName": "Cognitive Services Metrics Advisor User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender für Cognitive Services OpenAI

Vollzugriff, einschließlich der Möglichkeit zum Optimieren, Bereitstellen und Generieren von Text

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access including the ability to fine-tune, deploy and generate text",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/a001fd3d-188f-4b5d-821b-7da978bf7442",
  "name": "a001fd3d-188f-4b5d-821b-7da978bf7442",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.CognitiveServices/accounts/deployments/write",
        "Microsoft.CognitiveServices/accounts/deployments/delete",
        "Microsoft.CognitiveServices/accounts/raiPolicies/read",
        "Microsoft.CognitiveServices/accounts/raiPolicies/write",
        "Microsoft.CognitiveServices/accounts/raiPolicies/delete",
        "Microsoft.CognitiveServices/accounts/commitmentplans/read",
        "Microsoft.CognitiveServices/accounts/commitmentplans/write",
        "Microsoft.CognitiveServices/accounts/commitmentplans/delete",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/OpenAI/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services OpenAI Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services OpenAI-Benutzer

Lesezugriff auf Dateien, Modelle, Bereitstellungen. Die Möglichkeit zum Erstellen von Abschluss- und Einbettungsaufrufen.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Ability to view files, models, deployments. Readers can't make any changes They can inference and create images",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/5e0bd9bd-7b93-4f28-af87-19fc36ad61bd",
  "name": "5e0bd9bd-7b93-4f28-af87-19fc36ad61bd",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/OpenAI/*/read",
        "Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/deployments/audio/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/deployments/realtime/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/images/generations/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/video/generations/*/action",
        "Microsoft.CognitiveServices/accounts/OpenAI/video/generations/*/delete",
        "Microsoft.CognitiveServices/accounts/OpenAI/assistants/*",
        "Microsoft.CognitiveServices/accounts/OpenAI/responses/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/OpenAI/stored-completions/read"
      ]
    }
  ],
  "roleName": "Cognitive Services OpenAI User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services QnA Maker-Editor

Erstellen, Bearbeiten, Importieren und Exportieren einer Wissensdatenbank. Sie können keine Wissensdatenbank veröffentlichen oder löschen.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Let's you create, edit, import and export a KB. You cannot publish or delete a KB.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f4cc2bf9-21be-47a1-bdf1-5c5804381025",
  "name": "f4cc2bf9-21be-47a1-bdf1-5c5804381025",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/alterations/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker/operations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/write",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services QnA Maker Editor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services QnA Maker-Leseberechtigter

Sie können Wissensdatenbanken nur lesen und testen.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Let's you read and test a KB only.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/466ccd10-b268-4a11-b098-b4849f024126",
  "name": "466ccd10-b268-4a11-b098-b4849f024126",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services QnA Maker Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Speech-Mitwirkender für Cognitive Services

Vollzugriff auf Speech-Projekte, einschließlich Lesen, Schreiben und Löschen aller Entitäten, für Echtzeit-Spracherkennungs- und Batchtranskriptionsaufgaben, Sprachsynthese in Echtzeit und lange Audioaufgaben, benutzerdefinierte Sprache und benutzerdefinierte Stimme.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/0e75ca1e-0464-4b4d-8b93-68208a576181",
  "name": "0e75ca1e-0464-4b4d-8b93-68208a576181",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/SpeechServices/*",
        "Microsoft.CognitiveServices/accounts/CustomVoice/*",
        "Microsoft.CognitiveServices/accounts/AudioContentCreation/*",
        "Microsoft.CognitiveServices/accounts/TTSPlayer/*",
        "Microsoft.CognitiveServices/accounts/VideoTranslation/*",
        "Microsoft.CognitiveServices/accounts/CustomAvatar/*",
        "Microsoft.CognitiveServices/accounts/BatchAvatar/*",
        "Microsoft.CognitiveServices/accounts/BatchTextToSpeech/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Speech Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Speech-Benutzer für Cognitive Services

Zugriff auf die Echtzeit-Spracherkennungs- und Batchtranskriptions-APIs, Echtzeit-Sprachsynthese- und Long-Audio-APIs sowie zum Lesen der Daten/Tests/Modelle/Endpunkte für benutzerdefinierte Modelle, können jedoch die Daten/Tests/Modelle/Endpunkte für benutzerdefinierte Modelle nicht erstellen, löschen oder ändern.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f2dc8367-1007-4938-bd23-fe263f013447",
  "name": "f2dc8367-1007-4938-bd23-fe263f013447",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/SpeechServices/*/read",
        "Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/read",
        "Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/write",
        "Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/delete",
        "Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/action",
        "Microsoft.CognitiveServices/accounts/SpeechServices/*/frontend/action",
        "Microsoft.CognitiveServices/accounts/SpeechServices/text-dependent/*/action",
        "Microsoft.CognitiveServices/accounts/SpeechServices/text-independent/*/action",
        "Microsoft.CognitiveServices/accounts/SpeechServices/voiceagent/realtime/*",
        "Microsoft.CognitiveServices/accounts/SpeechServices/voicelive/realtime/*",
        "Microsoft.CognitiveServices/accounts/CustomVoice/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVoice/evaluations/*",
        "Microsoft.CognitiveServices/accounts/CustomVoice/longaudiosynthesis/*",
        "Microsoft.CognitiveServices/accounts/AudioContentCreation/*",
        "Microsoft.CognitiveServices/accounts/TTSPlayer/*",
        "Microsoft.CognitiveServices/accounts/VideoTranslation/*",
        "Microsoft.CognitiveServices/accounts/CustomAvatar/*/read",
        "Microsoft.CognitiveServices/accounts/BatchAvatar/*",
        "Microsoft.CognitiveServices/accounts/BatchTextToSpeech/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVoice/datasets/files/read",
        "Microsoft.CognitiveServices/accounts/CustomVoice/datasets/utterances/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Speech User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services-Nutzungsleser

Minimale Berechtigung zum Anzeigen von Cognitive Services-Nutzungen.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Minimal permission to view Cognitive Services usages.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/bba48692-92b0-4667-a9ad-c31c7b334ac2",
  "name": "bba48692-92b0-4667-a9ad-c31c7b334ac2",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/locations/usages/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Usages Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services-Benutzer

Ermöglicht Ihnen das Lesen und Auflisten von Cognitive Services-Schlüsseln.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and list keys of Cognitive Services.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
  "name": "a97b65f3-24c7-4388-baec-2e87135dc908",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.CognitiveServices/accounts/listkeys/action",
        "Microsoft.Insights/alertRules/read",
        "Microsoft.Insights/diagnosticSettings/read",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Admin für Healthcare-Agent

Benutzende mit Administratorzugriff können sich anmelden, alle Botressourcen, Szenarien und Konfigurationseinstellungen anzeigen und bearbeiten, einschließlich der Botinstanzschlüssel und Geheimschlüssel.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Users with admin access can sign in, view and edit all of the bot resources, scenarios and configuration setting including the bot instance keys & secrets.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/f1082fec-a70f-419f-9230-885d2550fb38",
  "name": "f1082fec-a70f-419f-9230-885d2550fb38",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthBot/healthBots/ResourceData/Read",
        "Microsoft.HealthBot/healthBots/Metadata/Read",
        "Microsoft.HealthBot/healthBots/CopilotStudioSolution/*",
        "Microsoft.HealthBot/healthBots/Feedback/Read",
        "Microsoft.HealthBot/healthBots/Users/Read",
        "Microsoft.HealthBot/healthBots/AuditTrails/Read",
        "Microsoft.HealthBot/healthBots/AnalyticReport/Read",
        "Microsoft.HealthBot/healthBots/ExposedSkill/Read",
        "Microsoft.HealthBot/healthBots/RegisteredSkills/Read",
        "Microsoft.HealthBot/healthBots/Configuration/*",
        "Microsoft.HealthBot/healthBots/Localization/*",
        "Microsoft.HealthBot/healthBots/AuthenticationProviders/*",
        "Microsoft.HealthBot/healthBots/Channels/*",
        "Microsoft.HealthBot/healthBots/DataConnections/*",
        "Microsoft.HealthBot/healthBots/OpenAPIPlugins/*",
        "Microsoft.HealthBot/healthBots/Scenarios/*",
        "Microsoft.HealthBot/healthBots/LanguageModels/*",
        "Microsoft.HealthBot/healthBots/Resources/*",
        "Microsoft.HealthBot/healthBots/Admin/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Healthcare Agent Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Editor für Healthcare-Agent

Benutzende mit Editorzugriff können sich anmelden, alle Bot-Ressourcen, Szenarien und Konfigurationseinstellungen anzeigen und bearbeiten, mit Ausnahme der Botinstanzschlüssel und Geheimschlüssel und der Endbenutzereingaben (einschließlich Feedback, nicht erkannte Äußerungen und Unterhaltungsprotokolle). Ein schreibgeschützter Zugriff auf die Bot-Fähigkeiten und -Kanäle.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Users with editor access can sign in, view and edit all the bot resources, scenarios and configuration setting except for the bot instance keys & secrets and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). A read-only access to the bot skills and channels.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/af854a69-80ce-4ff7-8447-f1118a2e0ca8",
  "name": "af854a69-80ce-4ff7-8447-f1118a2e0ca8",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthBot/healthBots/ResourceData/Read",
        "Microsoft.HealthBot/healthBots/Metadata/Read",
        "Microsoft.HealthBot/healthBots/CopilotStudioSolution/*",
        "Microsoft.HealthBot/healthBots/Feedback/Read",
        "Microsoft.HealthBot/healthBots/Users/Read",
        "Microsoft.HealthBot/healthBots/AuditTrails/Read",
        "Microsoft.HealthBot/healthBots/AnalyticReport/Read",
        "Microsoft.HealthBot/healthBots/ExposedSkill/Read",
        "Microsoft.HealthBot/healthBots/RegisteredSkills/Read",
        "Microsoft.HealthBot/healthBots/Configuration/*",
        "Microsoft.HealthBot/healthBots/Localization/*",
        "Microsoft.HealthBot/healthBots/AuthenticationProviders/*",
        "Microsoft.HealthBot/healthBots/Channels/*",
        "Microsoft.HealthBot/healthBots/DataConnections/*",
        "Microsoft.HealthBot/healthBots/OpenAPIPlugins/*",
        "Microsoft.HealthBot/healthBots/Scenarios/*",
        "Microsoft.HealthBot/healthBots/LanguageModels/*",
        "Microsoft.HealthBot/healthBots/Resources/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Healthcare Agent Editor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leser für Healthcare-Agent

Benutzende mit Lesezugriff können sich anmelden, schreibgeschützten Zugriff auf die Bot-Ressourcen, Szenarien und Konfigurationseinstellungen haben, mit Ausnahme der Bot-Instanzschlüssel und Geheimschlüssel (einschließlich Authentifizierung, Datenverbindung und Kanälen) und die Endbenutzereingaben (einschließlich Feedback, nicht erkannte Äußerungen und Unterhaltungsprotokolle).

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Users with reader access can sign in, have read-only access to the bot resources, scenarios and configuration setting except for the bot instance keys & secrets (including Authentication, Data Connection and Channels keys) and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs).",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/eb5a76d5-50e7-4c33-a449-070e7c9c4cf2",
  "name": "eb5a76d5-50e7-4c33-a449-070e7c9c4cf2",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthBot/healthBots/ResourceData/Read",
        "Microsoft.HealthBot/healthBots/Metadata/Read",
        "Microsoft.HealthBot/healthBots/CopilotStudioSolution/RestoreBuiltinTemplate/Read",
        "Microsoft.HealthBot/healthBots/Feedback/Read",
        "Microsoft.HealthBot/healthBots/Users/Read",
        "Microsoft.HealthBot/healthBots/AuditTrails/Read",
        "Microsoft.HealthBot/healthBots/AnalyticReport/Read",
        "Microsoft.HealthBot/healthBots/ExposedSkill/Read",
        "Microsoft.HealthBot/healthBots/RegisteredSkills/Read",
        "Microsoft.HealthBot/healthBots/Configuration/Read",
        "Microsoft.HealthBot/healthBots/Localization/Read",
        "Microsoft.HealthBot/healthBots/AuthenticationProviders/Read",
        "Microsoft.HealthBot/healthBots/DataConnections/Read",
        "Microsoft.HealthBot/healthBots/OpenAPIPlugins/Read",
        "Microsoft.HealthBot/healthBots/Scenarios/*/Read",
        "Microsoft.HealthBot/healthBots/LanguageModels/Read",
        "Microsoft.HealthBot/healthBots/Resources/Files/Read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Healthcare Agent Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender an Suchindexdaten

Gewährt Vollzugriff auf Azure Cognitive Search-Indexdaten.

{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to Azure Cognitive Search index data.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7",
  "name": "8ebe5a00-799e-43f5-93ac-243d3dce84a7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Search/searchServices/indexes/documents/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Search Index Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Suchindexdatenleser

Gewährt Lesezugriff auf Azure Cognitive Search-Indexdaten.

{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants read access to Azure Cognitive Search index data.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f",
  "name": "1407120a-92aa-4202-b7e9-c0e197c71c8f",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Search/searchServices/indexes/documents/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Search Index Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von Suchdienst

Ermöglicht Ihnen das Verwalten von Search-Diensten, nicht aber den Zugriff darauf.

Weitere Informationen

{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Search services, but not access to them.",
  "id": "/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Search/searchServices/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Search Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Nächste Schritte

• Weisen Sie Azure-Rollen über das Azure-Portal zu