| Service | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| automation | Configure Alerts | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/change-tracking/configure-alerts.md | +> [!NOTE] +> Change Tracking & Inventory with Log Analytics onboarding via Azure portal will not be allowed since the service has retired on **31st August 2024**. We recommend that you configure new version of Change Tracking & Inventory with AMA. Your existing VMs on Change Tracking & Inventory with legacy agent will continue to work till **1st February, 2025**. For more information, see [Enable Change Tracking and Inventory using Azure Monitoring Agent](enable-vms-monitoring-agent.md). + Alerts in Azure proactively notify you of results from runbook jobs, service health issues, or other scenarios related to your Automation account. Azure Automation does not include pre-configured alert rules, but you can create your own based on data that it generates. This article provides guidance on creating alert rules based on changes identified by Change Tracking and Inventory. If you're not familiar with Azure Monitor alerts, see [Overview of alerts in Microsoft Azure](/azure/azure-monitor/alerts/alerts-overview) before you start. To learn more about alerts that use log queries, see [Log alerts in Azure Monitor](/azure/azure-monitor/alerts/alerts-unified-log). |
| automation | Manage Change Tracking | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/change-tracking/manage-change-tracking.md | Title: Manage Change Tracking and Inventory in Azure Automation description: This article tells how to use Change Tracking and Inventory to track software and Microsoft service changes in your environment. Previously updated : 09/15/2024 Last updated : 09/19/2024 +> [!NOTE] +> Change Tracking & Inventory with Log Analytics onboarding via Azure portal will not be allowed since the service has retired on **31st August 2024**. We recommend that you configure new version of Change Tracking & Inventory with AMA. Your existing VMs on Change Tracking & Inventory with legacy agent will continue to work till **1st February, 2025**. For more information, see [Enable Change Tracking and Inventory using Azure Monitoring Agent](enable-vms-monitoring-agent.md). + When you add a new file or registry key to track, Azure Automation enables it for [Change Tracking and Inventory](overview.md). This article describes how to configure tracking, review tracking results, and handle alerts when changes are detected. Before using the procedures in this article, ensure that you've enabled Change Tracking and Inventory on your VMs using one of these techniques: |
| automation | Manage Inventory Vms | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/change-tracking/manage-inventory-vms.md | description: This article tells how to manage inventory collection from VMs. keywords: inventory, automation, change, tracking Previously updated : 09/09/2024 Last updated : 09/19/2024 # Manage inventory collection from VMs ++> [!NOTE] +> Change Tracking & Inventory with Log Analytics onboarding via Azure portal will not be allowed since the service has retired on **31st August 2024**. We recommend that you configure new version of Change Tracking & Inventory with AMA. Your existing VMs on Change Tracking & Inventory with legacy agent will continue to work till **1st February, 2025**. For more information, see [Enable Change Tracking and Inventory using Azure Monitoring Agent](enable-vms-monitoring-agent.md). + You can enable inventory tracking for an Azure VM from the resource page of the machine. You can collect and view the following inventory information on your computers: - Windows updates, Windows applications, services, files, and registry keys |
| automation | Manage Scope Configurations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/change-tracking/manage-scope-configurations.md | +> [!NOTE] +> Change Tracking & Inventory with Log Analytics onboarding via Azure portal will not be allowed since the service has retired on **31st August 2024**. We recommend that you configure new version of Change Tracking & Inventory with AMA. Your existing VMs on Change Tracking & Inventory with legacy agent will continue to work till **1st February, 2025**. For more information, see [Enable Change Tracking and Inventory using Azure Monitoring Agent](enable-vms-monitoring-agent.md). + This article describes how to work with scope configurations when using the [Change Tracking and Inventory](overview.md) feature to deploy changes to your VMs. For more information, see [Targeting monitoring solutions in Azure Monitor (Preview)](/previous-versions/azure/azure-monitor/insights/solution-targeting). ## About scope configurations |
| automation | Enable From Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/update-management/enable-from-portal.md | Title: Enable Azure Automation Update Management from the Azure portal description: This article tells how to enable Update Management from the Azure portal. Previously updated : 09/15/2024 Last updated : 09/19/2024 +> [!NOTE] +> Azure Update Management onboarding via the portal is no longer available, as the service was retired on **August 31, 2024**. Existing VMs using Azure Update Management with the legacy agent will remain operational until **February 1, 2025**. We recommend that you configure [periodic assessments](../../update-manager/tutorial-assessment-deployment-using-policy.md) or [patch schedules](../../update-manager/scheduled-patching.md) for patch deployment via [Azure Update Manager](../../update-manager/overview.md). + This article describes how you can enable the [Update Management](overview.md) feature for VMs by browsing the Azure portal. To enable Azure VMs at scale, you must enable an existing Azure VM using Update Management. The number of resource groups that you can use for managing your VMs is limited by the [Resource Manager deployment limits](../../azure-resource-manager/templates/deploy-to-resource-group.md). Resource Manager deployments, not to be confused with Update deployments, are limited to five resource groups per deployment. Two of these resource groups are reserved to configure the Log Analytics workspace, Automation account, and related resources. This leaves you with three resource groups to select for management by Update Management. This limit only applies to simultaneous setup, not the number of resource groups that can be managed by an Automation feature. |
| automation | Enable From Vm | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/update-management/enable-from-vm.md | Title: Enable Azure Automation Update Management for an Azure VM description: This article tells how to enable Update Management for an Azure VM. Previously updated : 09/15/2024 Last updated : 09/19/2024 |
| azure-resource-manager | Quickstart Create Bicep Use Visual Studio Code | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-resource-manager/bicep/quickstart-create-bicep-use-visual-studio-code.md | Title: Create Bicep files - Visual Studio Code -description: Use Visual Studio Code and the Bicep extension to Bicep files for deploy Azure resources Previously updated : 08/05/2024+description: Use Visual Studio Code and the Bicep extension to Bicep files for deploy Azure resources. Last updated : 09/20/2024 -#Customer intent: As a developer new to Azure deployment, I want to learn how to use Visual Studio Code to create and edit Bicep files, so I can use them to deploy Azure resources. +#Customer intent: As a developer new to Azure deployment, I want to learn how to use Visual Studio Code to create and edit Bicep files so that I can use them to deploy Azure resources. # Quickstart: Create Bicep files with Visual Studio Code This quickstart guides you through the steps to create a [Bicep file](overview.md) with Visual Studio Code. You create a storage account and a virtual network. You also learn how the Bicep extension simplifies development by providing type safety, syntax validation, and autocompletion. -Similar authoring experience is also supported in Visual Studio. See [Quickstart: Create Bicep files with Visual Studio](./quickstart-create-bicep-use-visual-studio.md). +Similar authoring experience is also supported in Visual Studio. See [Quickstart: Create Bicep files with Visual Studio](./quickstart-create-bicep-use-visual-studio.md). ## Prerequisites In *main.bicep*, type **vnet**, and then select **res-vnet** from the list, and :::image type="content" source="./media/quickstart-create-bicep-use-visual-studio-code/add-snippet.png" alt-text="Screenshot of adding snippet for virtual network."::: > [!TIP]-> If you don't see those intellisense options in VS Code, make sure you've installed the Bicep extension as specified in [Prerequisites](#prerequisites). If you have installed the extension, give the Bicep language service some time to start after opening your Bicep file. It usually starts quickly, but you don't have intellisense options until it starts. A notification in the lower right corner indicates that the service is starting. When that notification disappears, the service is running. +> If you don't see those IntelliSense options in VS Code, make sure you've installed the Bicep extension as specified in [Prerequisites](#prerequisites). If you have installed the extension, give the Bicep language service some time to start after opening your Bicep file. It usually starts quickly, but you don't have IntelliSense options until it starts. A notification in the lower right corner indicates that the service is starting. When that notification disappears, the service is running. Your Bicep file now contains the following code: At the top of the file, add: param location ``` -When you add a space after **location**, notice that intellisense offers the data types that are available for the parameter. Select **string**. +When you add a space after **location**, notice that IntelliSense offers the data types that are available for the parameter. Select **string**. :::image type="content" source="./media/quickstart-create-bicep-use-visual-studio-code/add-param.png" alt-text="Screenshot of adding string type to parameter."::: Add both decorators and specify the character limits: param storageAccountName string = 'store${uniqueString(resourceGroup().id)}' ``` -You can also add a description for the parameter. Include information that helps people deploying the Bicep file understand the value to provide. +You can also add a description for the parameter. Include information that helps people deploying the Bicep file understand which value to provide. ```bicep @minLength(3) Your parameters are ready to use. ## Add resource -Instead of using a snippet to define the storage account, you use intellisense to set the values. Intellisense makes this step easier than having to manually type the values. +Instead of using a snippet to define the storage account, you use IntelliSense to set the values. IntelliSense makes this step easier than having to manually type the values. -To define a resource, use the `resource` keyword. Below your virtual network, type **resource exampleStorage**: +To define a resource, use the `resource` keyword. Below your virtual network, type **resource exampleStorage**: ```bicep resource exampleStorage When you add a space after the symbolic name, a list of resource types is displa :::image type="content" source="./media/quickstart-create-bicep-use-visual-studio-code/select-resource-type.png" alt-text="Screenshot of selecting storage accounts for resource type."::: -After selecting **Microsoft.Storage/storageAccounts**, you're presented with the available API versions. Select the latest version. For the following screenshot, it is **2023-01-01**. +After selecting **Microsoft.Storage/storageAccounts**, you're presented with the available API versions. Select the latest version. For the following screenshot, it is **2023-05-01**. :::image type="content" source="./media/quickstart-create-bicep-use-visual-studio-code/select-api-version.png" alt-text="Screenshot of select API version for resource type."::: After the single quote for the resource type, add **=** and a space. You're pres This option adds all of the properties for the resource type that are required for deployment. After selecting this option, your storage account has the following properties: ```bicep-resource exampleStorage 'Microsoft.Storage/storageAccounts@2023-01-01' = { +resource exampleStorage 'Microsoft.Storage/storageAccounts@2023-05-01' = { name: location: sku: { resource exampleStorage 'Microsoft.Storage/storageAccounts@2023-01-01' = { You're almost done. Just provide values for those properties. -Again, intellisense helps you. Set `name` to `storageAccountName`, which is the parameter that contains a name for the storage account. For `location`, set it to `location`, which is a parameter you created earlier. When adding `sku.name` and `kind`, intellisense presents the valid options. +Again, IntelliSense helps you. Set `name` to `storageAccountName`, which is the parameter that contains a name for the storage account. For `location`, set it to `location`, which is a parameter you created earlier. When adding `sku.name` and `kind`, IntelliSense presents the valid options. -To add optional properties alongside the required properties, place the cursor at the desired location and press <kbd>Ctrl</kbd>+<kbd>Space</kbd>. Intellisense suggests unused properties as shown in the following screenshot. +To add optional properties alongside the required properties, place the cursor at the desired location and press <kbd>Ctrl</kbd>+<kbd>Space</kbd>. IntelliSense suggests unused properties as shown in the following screenshot: :::image type="content" source="./media/quickstart-create-bicep-use-visual-studio-code/bicep-visual-studio-code-add-properties.png" alt-text="Screenshot of adding additional properties."::: When finished, you have: @minLength(3) @maxLength(24) param storageAccountName string = 'store${uniqueString(resourceGroup().id)}'+param location string = resourceGroup().location -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-11-01' = { +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-01-01' = { name: 'exampleVNet' location: resourceGroup().location properties: { resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-11-01' = { } } -resource exampleStorage 'Microsoft.Storage/storageAccounts@2023-04-01' = { +resource exampleStorage 'Microsoft.Storage/storageAccounts@2023-05-01' = { name: storageAccountName location: 'eastus' sku: { |
| azure-sql-edge | Backup Restore | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/backup-restore.md | Title: Back up and restore databases - Azure SQL Edge description: Learn about backup and restore capabilities in Azure SQL Edge. Previously updated : 09/14/2023 Last updated : 09/21/2024 # Back up and restore databases in Azure SQL Edge -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Azure SQL Edge is built on the latest versions of the Microsoft SQL Database Engine. It provides similar backup and restore database capabilities to SQL Server on Linux and SQL Server running in containers. The backup and restore component provides an essential safeguard for protecting data stored in your Azure SQL Edge databases. |
| azure-sql-edge | Configure Replication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/configure-replication.md | Title: Configure replication to Azure SQL Edge description: Learn about configuring replication to Azure SQL Edge. Previously updated : 09/14/2023 Last updated : 09/21/2024 # Configure replication to Azure SQL Edge -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. You can configure an instance of Azure SQL Edge as the push subscriber for one-way transactional replication or snapshot replication. This instance can't act as the publisher or the distributor for a transactional replication configuration. Azure SQL Edge doesn't support merge replication, peer-to-peer replication, or Oracle publishing. Create a publication and a push subscription. For more information, see: - [Create a publication](/sql/relational-databases/replication/publish/create-a-publication) - [Create a push subscription](/sql/relational-databases/replication/create-a-push-subscription/) by using the Azure SQL Edge server name and IP as the subscriber (for example, **myEdgeinstance,1433**), and a database name on the Azure SQL Edge instance as the destination database (for example, **AdventureWorks**). -## Next steps +## Related content - [Create a publication](/sql/relational-databases/replication/publish/create-a-publication) - [Create a push subscription](/sql/relational-databases/replication/create-a-push-subscription/) |
| azure-sql-edge | Configure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/configure.md | Title: Configure Azure SQL Edge description: Learn about configuring Azure SQL Edge. Previously updated : 09/14/2023 Last updated : 09/21/2024 # Configure Azure SQL Edge -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Azure SQL Edge supports configuration through one of the following two options: Azure SQL Edge supports configuration through one of the following two options: - An mssql.conf file placed in the /var/opt/mssql folder > [!NOTE]-> Setting environment variables overrides the settings specified in the mssql.conf file. +> Setting environment variables overrides the settings specified in the `mssql.conf` file. ## Configure by using environment variables To remove a data volume container, use the `docker volume rm` command. > [!WARNING] > If you delete the data volume container, any Azure SQL Edge data in the container is *permanently* deleted. -## Next steps +## Related content - [Connect to Azure SQL Edge](connect.md) - [Build an end-to-end IoT solution with SQL Edge](tutorial-deploy-azure-resources.md) |
| azure-sql-edge | Connect | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/connect.md | Title: Connect and query Azure SQL Edge description: Learn how to connect to and query Azure SQL Edge. Previously updated : 09/14/2023 Last updated : 09/21/2024 # Connect and query Azure SQL Edge -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. In Azure SQL Edge, after you deploy a container, you can connect to the Database Engine from any of the following locations: To connect to an instance of Azure SQL Edge by using Visual Studio Code on a Win To connect to an instance of Azure SQL Edge by using Azure Data Studio on a Windows, macOS or Linux machine, see [Azure Data Studio](/azure-data-studio/quickstart-sql-server). -## Next steps +## Related content - [Connect and query](/sql/linux/sql-server-linux-configure-docker#connect-and-query) - [Install SQL Server tools on Linux](/sql/linux/sql-server-linux-setup-tools) |
| azure-sql-edge | Create External Stream Transact Sql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/create-external-stream-transact-sql.md | Title: CREATE EXTERNAL STREAM (Transact-SQL) - Azure SQL Edge description: Learn about the CREATE EXTERNAL STREAM statement in Azure SQL Edge Previously updated : 09/14/2023 Last updated : 09/21/2024 # CREATE EXTERNAL STREAM (Transact-SQL) -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. The EXTERNAL STREAM object has a dual purpose of both an input and output stream. It can be used as an input to query streaming data from event ingestion services such as Azure Event Hubs, Azure IoT Hub (or Edge Hub) or Kafka or it can be used as an output to specify where and how to store results from a streaming query. CREATE EXTERNAL STREAM Stream_A ( ); ``` -## See also +## Related content - [DROP EXTERNAL STREAM (Transact-SQL)](drop-external-stream-transact-sql.md) |
| azure-sql-edge | Create Stream Analytics Job | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/create-stream-analytics-job.md | Title: Create a T-SQL streaming job in Azure SQL Edge description: Learn about creating Stream Analytics jobs in Azure SQL Edge. Previously updated : 09/14/2023 Last updated : 09/21/2024 # Create a data streaming job in Azure SQL Edge -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. This article explains how to create a T-SQL streaming job in Azure SQL Edge. You create the external stream input and output objects, and then you define the streaming job query as part of the streaming job creation. The streaming job can have any one of the following statuses: > [!NOTE] > Since the streaming job is executed asynchronously, the job might encounter errors at runtime. In order to troubleshoot a streaming job failure, use the `sys.sp_get_streaming_job` stored procedure, or review the Docker log from the Azure SQL Edge container, which can provide the error details from the streaming job. -## Next steps +## Related content - [View metadata associated with streaming jobs in Azure SQL Edge](streaming-catalog-views.md) - [Create an external stream](create-external-stream-transact-sql.md) |
| azure-sql-edge | Data Retention Cleanup | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/data-retention-cleanup.md | Title: Manage historical data with retention policy - Azure SQL Edge description: Learn how to manage historical data with retention policy in Azure SQL Edge Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # Manage historical data with retention policy -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. After the data retention policy is defined for a database and the underlying table, a background time timer task runs to remove any obsolete records from the table enabled for data retention. Identification of matching rows and their removal from the table occur transparently, in the background task scheduled and run by the system. Age condition for the table rows is checked based on the `filter_column` column specified in the table definition. If retention period is set to one week, for instance, table rows eligible for cleanup satisfy either of the following condition: The following Extended Events help track the state of the cleanup operations. Additionally, a new ring buffer type named `RING_BUFFER_DATA_RETENTION_CLEANUP` has been added to the `sys.dm_os_ring_buffers` dynamic management view. This view can be used to monitor the data retention cleanup operations. -## Next steps +## Related content - [Data Retention Policy](data-retention-overview.md) - [Enable and Disable Data Retention Policies](data-retention-enable-disable.md) |
| azure-sql-edge | Data Retention Enable Disable | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/data-retention-enable-disable.md | Title: Enable and disable data retention policies - Azure SQL Edge description: Learn how to enable and disable data retention policies in Azure SQL Edge Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # Enable and disable data retention policies -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. This article describes how to enable and disable data retention policies for a database and a table. Data retention can be disabled on a table by using [ALTER DATABASE](/sql/t-sql/s ALTER DATABASE [<DatabaseName>] SET DATA_RETENTION OFF; ``` -## Next steps +## Related content - [Data Retention and Automatic Data Purging](data-retention-overview.md) - [Manage historical data with retention policy](data-retention-cleanup.md) |
| azure-sql-edge | Data Retention Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/data-retention-overview.md | Title: Data retention policy overview - Azure SQL Edge description: Learn about the data retention policy in Azure SQL Edge Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # Data retention overview -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Collection and storage of data from connected IoT devices is important to drive and gain operational and business insights. However, with the volume of data originating from these devices, it becomes important for organizations to carefully plan the amount of data they want to retain and at what granularity. While retaining all data at all granularity is desirable, it's not always practical. Additionally, the volume of data that can be retained is constrained by the amount of storage available on the IoT or Edge devices. After data retention is configured for a table, a background task runs to identi - Data Retention can't be enabled for a Temporal History Table - Data Retention filter column can't be altered. To alter the column, disable data retention on the table. -## Next steps +## Related content - [Machine Learning and Artificial Intelligence with ONNX in SQL Edge](onnx-overview.md). - [Building an end to end IoT Solution with SQL Edge using IoT Edge](tutorial-deploy-azure-resources.md). |
| azure-sql-edge | Date Bucket Tsql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/date-bucket-tsql.md | Title: DATE_BUCKET (Transact-SQL) - Azure SQL Edge description: Learn about using DATE_BUCKET in Azure SQL Edge Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # DATE_BUCKET (Transact-SQL) -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. This function returns the datetime value corresponding to the start of each datetime bucket, from the timestamp defined by the `origin` parameter or the default origin value of `1900-01-01 00:00:00.000` if the origin parameter isn't specified. DECLARE @origin DATETIME2 = '2019-01-01 00:00:00'; SELECT DATE_BUCKET(HOUR, 2, @date, @origin); ``` -## See also +## Related content - [CAST and CONVERT (Transact-SQL)](/sql/t-sql/functions/cast-and-convert-transact-sql/) |
| azure-sql-edge | Deploy Dacpac | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/deploy-dacpac.md | Title: Using SQL Database DACPAC and BACPAC packages - Azure SQL Edge description: Learn about using DACPACs and BACPACs in Azure SQL Edge Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # SQL Database DACPAC and BACPAC packages in SQL Edge -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Azure SQL Edge is an optimized relational database engine geared for IoT and edge deployments. It's built on the latest versions of the Microsoft SQL Database Engine, which provides industry-leading performance, security, and query processing capabilities. Along with the industry-leading relational database management capabilities of SQL Server, Azure SQL Edge provides in-built streaming capability for real-time analytics and complex event-processing. On each restart of the Azure SQL Edge container, SQL Edge attempts to download t During some DACPAC or BACPAC deployments users may encounter a command timeout, resulting in the failure of the DACPAC deployment operation. If you encounter this problem, use the SQLPackage.exe (or SQL Client Tools) to apply the DACPAC or BACPAC manually. -## Next steps +## Related content - [Deploy SQL Edge through Azure portal](deploy-portal.md). - [Stream Data](stream-data.md) |
| azure-sql-edge | Deploy Kubernetes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/deploy-kubernetes.md | Title: Deploy an Azure SQL Edge container in Kubernetes - Azure SQL Edge description: Learn about deploying an Azure SQL Edge container in Kubernetes Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # Deploy an Azure SQL Edge container in Kubernetes -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Azure SQL Edge can be deployed on a Kubernetes cluster both as an IoT Edge module through Azure IoT Edge running on Kubernetes, or as a standalone container pod. For the remainder of this article, we will focus on the standalone container deployment on a Kubernetes cluster. For information on deploying Azure IoT Edge on Kubernetes, see [Azure IoT Edge on Kubernetes (preview)](https://microsoft.github.io/iotedge-k8s-doc/introduction.html). In this tutorial, you learned how to deploy Azure SQL Edge containers to a Kuber > * Connect with Azure SQL Edge Management Studios (SSMS) > * Verify failure and recovery -## Next steps +## Related content - [Introduction to Kubernetes](/azure/aks/intro-kubernetes) - [Machine Learning and Artificial Intelligence with ONNX in SQL Edge](onnx-overview.md). |
| azure-sql-edge | Deploy Onnx | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/deploy-onnx.md | description: Learn how to train a model, convert it to ONNX, deploy it to Azure Previously updated : 01/10/2024 Last updated : 09/21/2024 keywords: deploy SQL Edge # Deploy and make predictions with an ONNX model and SQL machine learning -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. In this quickstart, you'll learn how to train a model, convert it to ONNX, deploy it to [Azure SQL Edge](onnx-overview.md), and then run native PREDICT on data using the uploaded ONNX model. SELECT predict_input.id, FROM PREDICT(MODEL = @model, DATA = predict_input, RUNTIME = ONNX) WITH (variable1 FLOAT) AS p; ``` -## Next steps +## Related content - [Machine Learning and AI with ONNX in SQL Edge](onnx-overview.md) |
| azure-sql-edge | Deploy Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/deploy-portal.md | description: Learn how to deploy Azure SQL Edge using the Azure portal Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: deploy SQL Edge # Deploy Azure SQL Edge -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Azure SQL Edge is a relational database engine optimized for IoT and Azure IoT Edge deployments. It provides capabilities to create a high-performance data storage and processing layer for IoT applications and solutions. This quickstart shows you how to get started with creating an Azure SQL Edge module through Azure IoT Edge using the Azure portal. You can connect and run SQL queries against your Azure SQL Edge instance from an In this quickstart, you deployed a SQL Edge Module on an IoT Edge device. -## Next steps +## Related content - [Machine Learning and Artificial Intelligence with ONNX in SQL Edge](onnx-overview.md) - [Building an end to end IoT Solution with SQL Edge using IoT Edge](tutorial-deploy-azure-resources.md) |
| azure-sql-edge | Disconnected Deployment | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/disconnected-deployment.md | Title: Deploy Azure SQL Edge with Docker - Azure SQL Edge description: Learn about deploying Azure SQL Edge with Docker Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: # Deploy Azure SQL Edge with Docker -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. In this quickstart, you use Docker to pull and run the Azure SQL Edge container image. Then connect with **sqlcmd** to create your first database and run queries. sudo docker rm azuresqledge > [!WARNING] > Stopping and removing a container permanently deletes any SQL Edge data in the container. If you need to preserve your data, [create and copy a backup file out of the container](backup-restore.md) or use a [container data persistence technique](configure.md#persist-your-data). -## Next steps +## Related content - [Machine Learning and Artificial Intelligence with ONNX in SQL Edge](onnx-overview.md). - [Building an end to end IoT Solution with SQL Edge using IoT Edge](tutorial-deploy-azure-resources.md). |
| azure-sql-edge | Drop External Stream Transact Sql | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/drop-external-stream-transact-sql.md | Title: DROP EXTERNAL STREAM (Transact-SQL) - Azure SQL Edge description: Learn about the DROP EXTERNAL STREAM statement in Azure SQL Edge Previously updated : 09/14/2023 Last updated : 09/21/2024 # DROP EXTERNAL STREAM (Transact-SQL) ++> [!NOTE] +> Azure SQL Edge no longer supports the ARM64 platform. + Drops a streaming job. ## Syntax Drops a streaming job. DROP EXTERNAL STREAM { external_stream_name } ``` -## See also +## Related content - [CREATE EXTERNAL STREAM (Transact-SQL)](create-external-stream-transact-sql.md) |
| azure-sql-edge | Features | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/features.md | Title: Supported features of Azure SQL Edge description: Learn about details of features supported by Azure SQL Edge. Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # Supported features of Azure SQL Edge -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Azure SQL Edge is built on the latest version of the SQL Database Engine. It supports a subset of the features supported in SQL Server 2022 on Linux, in addition to some features that are currently not supported or available in SQL Server 2022 on Linux (or in SQL Server on Windows). The following list includes the SQL Server 2022 on Linux features that aren't cu | | Distributed Replay | | **Manageability** | SQL Server Utility Control Point | -## Next steps +## Related content - [Deploy Azure SQL Edge](deploy-portal.md) - [Configure Azure SQL Edge](configure.md) |
| azure-sql-edge | High Availability Sql Edge Containers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/high-availability-sql-edge-containers.md | Title: High availability for Azure SQL Edge containers - Azure SQL Edge description: Learn about high availability for Azure SQL Edge containers Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # High availability for Azure SQL Edge containers -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Create and manage your Azure SQL Edge instances natively in Kubernetes. Deploy Azure SQL Edge to containers managed by [Kubernetes](https://kubernetes.io/). In Kubernetes, a container with an Azure SQL Edge instance can automatically recover in case a cluster node fails. You can configure the SQL Edge container image with a Kubernetes persistent volume claim (PVC). Kubernetes monitors the Azure SQL Edge process in the container. If the process, pod, container, or node fail, Kubernetes automatically bootstraps another instance and reconnects to the storage. In the following diagram, the node hosting the `azure-sql-edge` container has fa To create a container in Kubernetes, see [Deploy a Azure SQL Edge container in Kubernetes](deploy-Kubernetes.md) -## Next steps +## Related content To deploy Azure SQL Edge containers in Azure Kubernetes Service (AKS), see the following articles: - [Deploy an Azure SQL Edge container in Kubernetes](deploy-Kubernetes.md) |
| azure-sql-edge | Imputing Missing Values | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/imputing-missing-values.md | Title: Filling time gaps and imputing missing values - Azure SQL Edge description: Learn about filling time gaps and imputing missing values in Azure SQL Edge Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # Fill time gaps and imputing missing values -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. When dealing with time series data, it's often possible that the time series data has missing values for the attributes. It's also possible that, because of the nature of the data, or because of interruptions in data collection, there are time *gaps* in the dataset. timestamp OrigVoltageVals ImputedVoltage OrigPressureVals Imput > [!NOTE] > The above query uses the `FIRST_VALUE()` function to replace missing values with the next observed value. The same result can be achieved by using the `LAST_VALUE()` function with a `ORDER BY <ordering_column> DESC` clause. -## Next steps +## Related content - [FIRST_VALUE (Transact-SQL)](/sql/t-sql/functions/first-value-transact-sql?toc=%2fazure%2fazure-sql-edge%2ftoc.json) - [LAST_VALUE (Transact-SQL)](/sql/t-sql/functions/last-value-transact-sql?toc=%2fazure%2fazure-sql-edge%2ftoc.json) |
| azure-sql-edge | Onnx Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/onnx-overview.md | description: Machine learning in Azure SQL Edge supports models in the Open Neur Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: deploy SQL Edge # Machine learning and AI with ONNX in SQL Edge -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Machine learning in Azure SQL Edge supports models in the [Open Neural Network Exchange (ONNX)](https://onnx.ai/) format. ONNX is an open format you can use to interchange models between various [machine learning frameworks and tools](https://onnx.ai/supported-tools). Other numeric types can be converted to supported types by using [CAST and CONVE The model inputs should be structured so that each input to the model corresponds to a single column in a table. For example, if you're using a pandas dataframe to train a model, then each input should be a separate column to the model. -## Next steps +## Related content - [Deploy SQL Edge through Azure portal](deploy-portal.md) - [Deploy an ONNX model on Azure SQL Edge](deploy-onnx.md) |
| azure-sql-edge | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/overview.md | Title: What is Azure SQL Edge? description: Learn about Azure SQL Edge Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # What is Azure SQL Edge? -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Azure SQL Edge is an optimized relational database engine geared for IoT and IoT Edge deployments. It provides capabilities to create a high-performance data storage and processing layer for IoT applications and solutions. Azure SQL Edge provides capabilities to stream, process, and analyze relational and nonrelational data such as JSON, graph and time-series data, which makes it the right choice for various modern IoT applications. Azure SQL Edge makes developing and maintaining applications easier and more pro - [Azure Data Studio](/azure-data-studio/what-is-azure-data-studio) - A free, downloadable, cross platform database tool for data professional using the Microsoft family of on-premises and cloud data platforms on Windows, macOS, and Linux. - [Visual Studio Code](https://code.visualstudio.com/docs) - A free, downloadable, open-source code editor for Windows, macOS, and Linux. It supports extensions, including the [mssql extension](https://aka.ms/mssql-marketplace) for querying Microsoft SQL Server, Azure SQL Database, and Azure Synapse Analytics. -## Next steps +## Related content - [Deploy SQL Edge through Azure portal](deploy-portal.md) - [Machine Learning and Artificial Intelligence with SQL Edge](onnx-overview.md) |
| azure-sql-edge | Performance Best Practices | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/performance-best-practices.md | Title: Performance best practices and configuration guidelines - Azure SQL Edge description: Learn about performance best practices and configuration guidelines in Azure SQL Edge Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # Performance best practices and configuration guidelines -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Azure SQL Edge offers several features and capabilities that can be used to improve the performance of your SQL Edge deployment. This article provides some best practices and recommendations to maximize performance. |
| azure-sql-edge | Release Notes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/release-notes.md | description: Release notes detailing what's new or what has changed in the Azure Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: release notes SQL Edge # Azure SQL Edge release notes -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. This article describes what's new and what has changed with every new build of Azure SQL Edge. |
| azure-sql-edge | Resources Partners Security | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/resources-partners-security.md | description: Providing details about external partners who are working with Azur Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: security partners Azure SQL Edge # Azure SQL Edge security partners -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. This article highlights Microsoft partners companies with security solutions to provide end to end security solutions for your IoT Edge deployments using Azure SQL Edge. This article highlights Microsoft partners companies with security solutions to | | | | |:::image type="icon" source="media/resources/dh2i-logo.png"::: |DH2i takes an innovative new approach to networking connectivity by enabling organizations with its Software Defined Perimeter (SDP) Always-Secure and Always-On IT Infrastructure. DxOdyssey for IoT extends this to edge devices, allowing seamless access from the edge devices to the data center and cloud. This SDP module runs on any IoT device in a container on x64 and ARM64 architecture. Once enabled, organizations can create secure, private application-level tunnels between devices and hubs without the requirement of a VPN or exposing public, open ports. This SDP module is purpose-built for IoT use cases where edge devices must communicate with any other devices, resources, applications, or clouds. Minimum hardware requirements: Linux x64 and ARM64 OS, 1 GB of RAM, 100 MB of storage| [Website](https://dh2i.com/) [Marketplace](https://portal.azure.com/#blade/Microsoft_Azure_Marketplace/MarketplaceOffersBlade/selectedMenuItemId/home) [Documentation](https://dh2i.com/dxodyssey-for-iot/) [Support](https://support.dh2i.com/) -## Next steps +## Related content - [Deploy SQL Edge through Azure portal](deploy-portal.md) |
| azure-sql-edge | Security Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/security-overview.md | Title: Secure Azure SQL Edge description: Learn about security in Azure SQL Edge Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # Secure Azure SQL Edge -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. With the increase in adoption of IoT and Edge computing across industries, there's an increase in the number of devices and the data generated from these devices. The increased volume of data and the number of device endpoints poses a significant challenge in terms of security of data and the devices. Security information is exposed in several views and functions that are optimize Azure SQL Edge provides the same Auditing mechanisms as SQL Server. For more information, see [SQL Server Audit (Database Engine)](/sql/relational-databases/security/auditing/sql-server-audit-database-engine). -## Next steps +## Related content - [Getting Started with security features](/sql/linux/sql-server-linux-security-get-started) - [Running Azure SQL Edge as a non-root user](configure.md#run-azure-sql-edge-as-non-root-user) |
| azure-sql-edge | Stream Data | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/stream-data.md | Title: Data streaming in Azure SQL Edge description: Learn about data streaming in Azure SQL Edge. Previously updated : 09/14/2023 Last updated : 09/21/2024 # Data streaming in Azure SQL Edge -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Azure SQL Edge provides a native implementation of data streaming capabilities called Transact-SQL (T-SQL) streaming. It provides real-time data streaming, analytics, and event-processing to analyze and process high volumes of fast-streaming data from multiple sources, simultaneously. T-SQL streaming is built by using the same high-performance streaming engine that powers [Azure Stream Analytics](../stream-analytics/stream-analytics-introduction.md) in Microsoft Azure. The feature supports a similar set of capabilities offered by Azure Stream Analytics running on the edge. The following limitations and restrictions apply to T-SQL streaming. - When you stopped a streaming job in Azure SQL Edge, there may be some delay before the next streaming job can be started. This delay is introduced because the underlying streaming process needs to be stopped in response to the stop job request and then restarted in response to the start job request. - T-SQL Streaming upto 32 partitions for a kafka stream. Attempts to configure a higher partition count results in an error. -## Next steps +## Related content - [Create a Stream Analytics job in Azure SQL Edge](create-stream-analytics-job.md) - [Viewing metadata associated with stream jobs in Azure SQL Edge](streaming-catalog-views.md) |
| azure-sql-edge | Streaming Catalog Views | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/streaming-catalog-views.md | Title: Streaming catalog views (Transact-SQL) - Azure SQL Edge description: Learn about the available streaming catalog views and dynamic management views in Azure SQL Edge Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # Streaming catalog views (Transact-SQL) -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. This section contains the available catalog views and functions that are related to Transact-SQL streaming. This section contains the available catalog views and functions that are related | [sys.external_streaming_jobs](sys-external-streaming-jobs.md) | Returns a row for each external streaming job created within the scope of the database. | | [sys.external_job_streams](sys-external-job-streams.md) | Returns a row each for the input or output external stream object mapped to an external streaming job. | -## See also +## Related content - [Catalog views (Transact-SQL)](/sql/relational-databases/system-catalog-views/catalog-views-transact-sql/) - [System views (Transact-SQL)](/sql/t-sql/language-reference/) |
| azure-sql-edge | Sys External Job Streams | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/sys-external-job-streams.md | Title: sys.external_job_streams (Transact-SQL) - Azure SQL Edge description: Learn about using sys.external_job_streams in Azure SQL Edge Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # sys.external_job_streams (Transact-SQL) -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Returns a row each for the input or output external stream object mapped to an external streaming job. INNER JOIN sys.external_streaming_jobs sj The visibility of the metadata in catalog views is limited to securables that a user either owns or on which the user has been granted some permission. For more information, see [Metadata Visibility Configuration](/sql/relational-databases/security/metadata-visibility-configuration/). -## See also +## Related content - [Catalog Views (Transact-SQL)](/sql/relational-databases/system-catalog-views/catalog-views-transact-sql/) - [System Views (Transact-SQL)](/sql/t-sql/language-reference/) |
| azure-sql-edge | Sys External Streaming Jobs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/sys-external-streaming-jobs.md | Title: sys.external_streaming_jobs (Transact-SQL) - Azure SQL Edge description: sys.external_streaming_jobs returns a row for each external streaming job created within the scope of the database. Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # sys.external_streaming_jobs (Transact-SQL) -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Returns a row for each external streaming job created within the scope of the database. Returns a row for each external streaming job created within the scope of the da The visibility of the metadata in catalog views is limited to securables that a user either owns or on which the user has been granted some permission. For more information, see [Metadata Visibility Configuration](/sql/relational-databases/security/metadata-visibility-configuration/). -## See also +## Related content - [T-SQL Streaming Catalog Views](overview.md) - [Catalog Views (Transact-SQL)](/sql/relational-databases/system-catalog-views/catalog-views-transact-sql/) |
| azure-sql-edge | Sys External Streams | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/sys-external-streams.md | Title: sys.external_streams (Transact-SQL) - Azure SQL Edge description: sys.external_streams returns a row for each external stream object created within the scope of the database. Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # sys.external_streams (Transact-SQL) -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Returns a row for each external stream object created within the scope of the database. Returns a row for each external stream object created within the scope of the da The visibility of the metadata in catalog views is limited to securables that a user either owns, or on which the user has been granted some permission. For more information, see [Metadata Visibility Configuration](/sql/relational-databases/security/metadata-visibility-configuration/). -## See also +## Related content - [Catalog Views (Transact-SQL)](/sql/relational-databases/system-catalog-views/catalog-views-transact-sql/) - [System Views (Transact-SQL)](/sql/t-sql/language-reference/) |
| azure-sql-edge | Sys Sp Cleanup Data Retention | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/sys-sp-cleanup-data-retention.md | Title: sys.sp_cleanup_data_retention (Transact-SQL) - Azure SQL Edge description: sys.sp_cleanup_data_retention performs cleanup of obsolete records from tables that have data retention policies enabled. Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # sys.sp_cleanup_data_retention (Transact-SQL) -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Performs cleanup of obsolete records from tables that have data retention policies enabled. For more information, see [Data Retention](data-retention-overview.md). An optional OUTPUT parameter that represents the number of records cleanup from Requires **db_owner** permissions. -## Next steps +## Related content - [Data Retention and Automatic Data Purging](data-retention-overview.md) - [Manage historical data with retention policy](data-retention-cleanup.md) |
| azure-sql-edge | Track Data Changes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/track-data-changes.md | Title: Track data changes in Azure SQL Edge description: Learn about change tracking and change data capture in Azure SQL Edge. Previously updated : 09/14/2023 Last updated : 09/21/2024 # Track data changes in Azure SQL Edge -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. Azure SQL Edge supports the two SQL Server features that track changes to data in a database: [change tracking](/sql/relational-databases/track-changes/track-data-changes-sql-server#Tracking) and [change data capture](/sql/relational-databases/track-changes/track-data-changes-sql-server#Capture). These features enable applications to determine the data modification language changes (insert, update, and delete operations) that were made to user tables in a database. You can enable change data capture and change tracking on the same database. No special considerations are required. In addition to these period columns, a temporal table also contains a reference For more information, see [Temporal tables](/sql/relational-databases/tables/temporal-tables). -## Next steps +## Related content - [Data streaming in Azure SQL Edge](stream-data.md) - [Machine learning and AI with ONNX in Azure SQL Edge](onnx-overview.md) |
| azure-sql-edge | Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/troubleshoot.md | Title: Troubleshoot Azure SQL Edge deployments description: Learn about possible errors when deploying Azure SQL Edge Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # Troubleshoot Azure SQL Edge deployments -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. This article provides information about possible errors seen when deploying and using Azure SQL Edge containers, and provides troubleshooting techniques to help resolve these issues. If the default log level for the streaming engine doesn't provide enough informa > [!NOTE] > The Verbose Logging option should only be used for troubleshooting and not for regular production workload. -## Next steps +## Related content - [Machine Learning and Artificial Intelligence with ONNX in SQL Edge](onnx-overview.md) - [Data Streaming in Azure SQL Edge](stream-data.md) |
| azure-sql-edge | Tutorial Deploy Azure Resources | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/tutorial-deploy-azure-resources.md | description: In part one of this three-part Azure SQL Edge tutorial for predicti Previously updated : 09/14/2023 Last updated : 09/21/2024 -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. In this three-part tutorial, you'll create a machine learning model to predict iron ore impurities as a percentage of Silica, and then deploy the model in Azure SQL Edge. In part one, you'll install the required software and deploy Azure resources. Deploy the Azure resources required by this Azure SQL Edge tutorial. These resou az ml workspace create -w $MyWorkSpace -g $ResourceGroup ``` -## Next steps +## Related content - [Set up IoT Edge modules and connections](tutorial-set-up-iot-edge-modules.md) |
| azure-sql-edge | Tutorial Renewable Energy Demo | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/tutorial-renewable-energy-demo.md | description: This tutorial shows you how to use Azure SQL Edge for wake-detectio Previously updated : 09/14/2023 Last updated : 09/21/2024 # Use Azure SQL Edge to build smarter renewable resources -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. The [Wind Turbine Demo](https://github.com/microsoft/sql-server-samples/tree/master/samples/demos/azure-sql-edge-demos/Wind%20Turbine%20Demo) for Azure SQL Edge is based on Contoso Renewable Energy, a wind turbine farm that uses SQL Edge for data processing onboard the generator. |
| azure-sql-edge | Tutorial Run Ml Model On Sql Edge | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/tutorial-run-ml-model-on-sql-edge.md | description: In part three of this three-part Azure SQL Edge tutorial for predic Previously updated : 09/14/2023 Last updated : 09/21/2024 # Deploy ML model on Azure SQL Edge using ONNX -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. In part three of this three-part tutorial for predicting iron ore impurities in Azure SQL Edge, you'll: In part three of this three-part tutorial for predicting iron ore impurities in 1. Set the kernel to Python 3. -## Next steps +## Related content - For more information on using ONNX models in Azure SQL Edge, see [Machine learning and AI with ONNX in SQL Edge](onnx-overview.md). |
| azure-sql-edge | Tutorial Set Up Iot Edge Modules | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/tutorial-set-up-iot-edge-modules.md | description: In part two of this three-part Azure SQL Edge tutorial for predicti Previously updated : 09/14/2023 Last updated : 09/21/2024 # Set up IoT Edge modules and connections -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. In part two of this three-part tutorial for predicting iron ore impurities in Azure SQL Edge, you'll set up the following IoT Edge modules: Now, specify the container credentials in the IoT Edge module. In this tutorial, we deployed the data generator module and the SQL Edge module. Then we created a streaming job to stream the data generated by the data generation module to SQL. -## Next steps +## Related content - [Deploy ML model on Azure SQL Edge using ONNX](tutorial-run-ml-model-on-sql-edge.md) |
| azure-sql-edge | Tutorial Sync Data Factory | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/tutorial-sync-data-factory.md | Title: Sync data from Azure SQL Edge by using Azure Data Factory description: Learn about syncing data between Azure SQL Edge and Azure Blob storage Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # Tutorial: Sync data from SQL Edge to Azure Blob storage by using Azure Data Factory -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. This tutorial shows you how to use Azure Data Factory to incrementally sync data to Azure Blob storage from a table in an instance of Azure SQL Edge. Create a data factory by following the instructions in [this tutorial](../data-f 1. Switch to the **Monitor** tab on the left. You can see the status of the pipeline run triggered by the manual trigger. Select **Refresh** to refresh the list. -## Next steps +## ## Related content - The Azure Data Factory pipeline in this tutorial copies data from a table on a SQL Edge instance to a location in Azure Blob storage once every hour. To learn about using Data Factory in other scenarios, see these [tutorials](../data-factory/tutorial-copy-data-portal.md). |
| azure-sql-edge | Tutorial Sync Data Sync | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/tutorial-sync-data-sync.md | Title: Sync data from Azure SQL Edge by using SQL Data Sync description: Learn about syncing data from Azure SQL Edge by using Azure SQL Data Sync Previously updated : 09/14/2023 Last updated : 09/21/2024 keywords: keywords: # Tutorial: Sync data from SQL Edge to Azure SQL Database by using SQL Data Sync -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. This tutorial shows you how to use an Azure SQL Data Sync *sync group* to incrementally sync data from Azure SQL Edge to Azure SQL Database. SQL Data Sync is a service built on Azure SQL Database that lets you synchronize the data you select bi-directionally across multiple databases in Azure SQL Database and SQL Server instances. For more information on SQL Data Sync, see [Azure SQL Data Sync](/azure/azure-sql/database/sql-data-sync-data-sql-server-sql-database). For more info about SQL Data Sync, see these articles: - [Update the sync schema with Transact-SQL](/azure/azure-sql/database/sql-data-sync-update-sync-schema) or [PowerShell](/azure/azure-sql/database/scripts/update-sync-schema-in-sync-group) -## Next steps +## Related content - [Use PowerShell to sync between Azure SQL Database and Azure SQL Edge](/azure/azure-sql/database/scripts/sql-data-sync-sync-data-between-azure-onprem). In this tutorial, replace the `OnPremiseServer` database details with the Azure SQL Edge details. |
| azure-sql-edge | Usage And Diagnostics Data Configuration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-sql-edge/usage-and-diagnostics-data-configuration.md | Title: Azure SQL Edge usage and diagnostics data configuration description: Learn how to configure usage and diagnostics data in Azure SQL Edge. Previously updated : 09/14/2023 Last updated : 09/21/2024 # Azure SQL Edge usage and diagnostics data configuration -> [!IMPORTANT] ++> [!NOTE] > Azure SQL Edge no longer supports the ARM64 platform. By default, Azure SQL Edge collects information about how its customers are using the application. Specifically, Azure SQL Edge collects information about the deployment experience, usage, and performance. This information helps Microsoft improve the product to better meet customer needs. For example, Microsoft collects information about what kinds of error codes customers encounter so that we can fix related bugs, improve our documentation about how to use Azure SQL Edge, and determine whether features should be added to the product to better serve customers. To enable Local Audit usage and diagnostics data on Azure SQL Edge: userrequestedlocalauditdirectory = <host mount path>/audit ``` -## Next steps +## Related content - [Connect to Azure SQL Edge](connect.md) - [Build an end-to-end IoT solution with SQL Edge](tutorial-deploy-azure-resources.md) |
| reliability | Reliability Containers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/reliability/reliability-containers.md | To create a Container Instance resource with availability zone enabled, you'll n 4. To verify the container group deployed successfully into an availability zone, view the container group details with the [az container show][az-container-show] command: ```azurecli- az containershow --name acilinuxcontainergroup --resource-group myResourceGroup + az container show --name acilinuxpublicipcontainergroup --resource-group myResourceGroup ``` ### Zonal failover support |
| role-based-access-control | Built In Roles | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles.md | The following table provides a brief description of each built-in role. Click th > | <a name='cdn-profile-reader'></a>[CDN Profile Reader](./built-in-roles/networking.md#cdn-profile-reader) | Can view CDN profiles and their endpoints, but can't make changes. | 8f96442b-4075-438f-813d-ad51ab4019af | > | <a name='classic-network-contributor'></a>[Classic Network Contributor](./built-in-roles/networking.md#classic-network-contributor) | Lets you manage classic networks, but not access to them. | b34d265f-36f7-4a0d-a4d4-e158ca92e90f | > | <a name='dns-zone-contributor'></a>[DNS Zone Contributor](./built-in-roles/networking.md#dns-zone-contributor) | Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. | befefa01-2a29-4197-83a8-272ff33ce314 |-> | <a name='network-contributor'></a>[Network Contributor](./built-in-roles/networking.md#network-contributor) | Lets you manage networks, but not access to them. | 4d97b98b-1d4f-4787-a291-c67834d212e7 | +> | <a name='network-contributor'></a>[Network Contributor](./built-in-roles/networking.md#network-contributor) | Lets you manage networks, but not access to them. This role does not grant you permission to deploy or manage Virtual Machines. | 4d97b98b-1d4f-4787-a291-c67834d212e7 | > | <a name='private-dns-zone-contributor'></a>[Private DNS Zone Contributor](./built-in-roles/networking.md#private-dns-zone-contributor) | Lets you manage private DNS zone resources, but not the virtual networks they are linked to. | b12aa53e-6015-4669-85d0-8515ebb3ae7f | > | <a name='traffic-manager-contributor'></a>[Traffic Manager Contributor](./built-in-roles/networking.md#traffic-manager-contributor) | Lets you manage Traffic Manager profiles, but does not let you control who has access to them. | a4b10055-b0c7-44c2-b00f-c7b5b3550cf7 | The following table provides a brief description of each built-in role. Click th > | <a name='azure-kubernetes-fleet-manager-rbac-cluster-admin'></a>[Azure Kubernetes Fleet Manager RBAC Cluster Admin](./built-in-roles/containers.md#azure-kubernetes-fleet-manager-rbac-cluster-admin) | Grants read/write access to all Kubernetes resources in the fleet-managed hub cluster. | 18ab4d3d-a1bf-4477-8ad9-8359bc988f69 | > | <a name='azure-kubernetes-fleet-manager-rbac-reader'></a>[Azure Kubernetes Fleet Manager RBAC Reader](./built-in-roles/containers.md#azure-kubernetes-fleet-manager-rbac-reader) | Grants read-only access to most Kubernetes resources within a namespace in the fleet-managed hub cluster. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. | 30b27cfc-9c84-438e-b0ce-70e35255df80 | > | <a name='azure-kubernetes-fleet-manager-rbac-writer'></a>[Azure Kubernetes Fleet Manager RBAC Writer](./built-in-roles/containers.md#azure-kubernetes-fleet-manager-rbac-writer) | Grants read/write access to most Kubernetes resources within a namespace in the fleet-managed hub cluster. This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace.  Applying this role at cluster scope will give access across all namespaces. | 5af6afb3-c06c-4fa4-8848-71a8aee05683 |+> | <a name='azure-kubernetes-service-arc-cluster-admin-role'></a>[Azure Kubernetes Service Arc Cluster Admin Role](./built-in-roles/containers.md#azure-kubernetes-service-arc-cluster-admin-role) | List cluster admin credential action. | b29efa5f-7782-4dc3-9537-4d5bc70a5e9f | +> | <a name='azure-kubernetes-service-arc-cluster-user-role'></a>[Azure Kubernetes Service Arc Cluster User Role](./built-in-roles/containers.md#azure-kubernetes-service-arc-cluster-user-role) | List cluster user credential action. | 233ca253-b031-42ff-9fba-87ef12d6b55f | +> | <a name='azure-kubernetes-service-arc-contributor-role'></a>[Azure Kubernetes Service Arc Contributor Role](./built-in-roles/containers.md#azure-kubernetes-service-arc-contributor-role) | Grants access to read and write Azure Kubernetes Services hybrid clusters | 5d3f1697-4507-4d08-bb4a-477695db5f82 | > | <a name='azure-kubernetes-service-cluster-admin-role'></a>[Azure Kubernetes Service Cluster Admin Role](./built-in-roles/containers.md#azure-kubernetes-service-cluster-admin-role) | List cluster admin credential action. | 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8 | > | <a name='azure-kubernetes-service-cluster-monitoring-user'></a>[Azure Kubernetes Service Cluster Monitoring User](./built-in-roles/containers.md#azure-kubernetes-service-cluster-monitoring-user) | List cluster monitoring user credential action. | 1afdec4b-e479-420e-99e7-f82237c7c5e6 | > | <a name='azure-kubernetes-service-cluster-user-role'></a>[Azure Kubernetes Service Cluster User Role](./built-in-roles/containers.md#azure-kubernetes-service-cluster-user-role) | List cluster user credential action. | 4abbcc35-e782-43d8-92c5-2d3f1bd2253f | The following table provides a brief description of each built-in role. Click th > | | | | > | <a name='application-insights-component-contributor'></a>[Application Insights Component Contributor](./built-in-roles/monitor.md#application-insights-component-contributor) | Can manage Application Insights components | ae349356-3a1b-4a5e-921d-050484c6347e | > | <a name='application-insights-snapshot-debugger'></a>[Application Insights Snapshot Debugger](./built-in-roles/monitor.md#application-insights-snapshot-debugger) | Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. Note that these permissions are not included in the [Owner](/azure/role-based-access-control/built-in-roles#owner) or [Contributor](/azure/role-based-access-control/built-in-roles#contributor) roles. When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. The role is not recognized when it is added to a custom role. | 08954f03-6346-4c2e-81c0-ec3a5cfae23b |-> | <a name='grafana-admin'></a>[Grafana Admin](./built-in-roles/monitor.md#grafana-admin) | Perform all Grafana operations, including the ability to manage data sources, create dashboards, and manage role assignments within Grafana. | 22926164-76b3-42b3-bc55-97df8dab3e41 | -> | <a name='grafana-editor'></a>[Grafana Editor](./built-in-roles/monitor.md#grafana-editor) | View and edit a Grafana instance, including its dashboards and alerts. | a79a5197-3a5c-4973-a920-486035ffd60f | +> | <a name='grafana-admin'></a>[Grafana Admin](./built-in-roles/monitor.md#grafana-admin) | Manage server-wide settings and manage access to resources such as organizations, users, and licenses. | 22926164-76b3-42b3-bc55-97df8dab3e41 | +> | <a name='grafana-editor'></a>[Grafana Editor](./built-in-roles/monitor.md#grafana-editor) | Create, edit, delete, or view dashboards; create, edit, or delete folders; and edit or view playlists. | a79a5197-3a5c-4973-a920-486035ffd60f | > | <a name='grafana-limited-viewer'></a>[Grafana Limited Viewer](./built-in-roles/monitor.md#grafana-limited-viewer) | View home page. | 41e04612-9dac-4699-a02b-c82ff2cc3fb5 |-> | <a name='grafana-viewer'></a>[Grafana Viewer](./built-in-roles/monitor.md#grafana-viewer) | View a Grafana instance, including its dashboards and alerts. | 60921a7e-fef1-4a43-9b16-a26c52ad4769 | +> | <a name='grafana-viewer'></a>[Grafana Viewer](./built-in-roles/monitor.md#grafana-viewer) | View dashboards, playlists, and query data sources. | 60921a7e-fef1-4a43-9b16-a26c52ad4769 | > | <a name='monitoring-contributor'></a>[Monitoring Contributor](./built-in-roles/monitor.md#monitoring-contributor) | Can read all monitoring data and edit monitoring settings. See also [Get started with roles, permissions, and security with Azure Monitor](/azure/azure-monitor/roles-permissions-security#built-in-monitoring-roles). | 749f88d5-cbae-40b8-bcfc-e573ddc772fa | > | <a name='monitoring-metrics-publisher'></a>[Monitoring Metrics Publisher](./built-in-roles/monitor.md#monitoring-metrics-publisher) | Enables publishing metrics against Azure resources | 3913510d-42f4-4e42-8a64-420c390055eb | > | <a name='monitoring-reader'></a>[Monitoring Reader](./built-in-roles/monitor.md#monitoring-reader) | Can read all monitoring data (metrics, logs, etc.). See also [Get started with roles, permissions, and security with Azure Monitor](/azure/azure-monitor/roles-permissions-security#built-in-monitoring-roles). | 43d0d8ad-25c7-4714-9337-8ba259a9fe05 | |
| role-based-access-control | Ai Machine Learning | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/ai-machine-learning.md | Lets you manage Search services, but not access to them. ## Next steps -- [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal)+- [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal) |
| role-based-access-control | Analytics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/analytics.md | |
| role-based-access-control | Compute | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/compute.md | View Virtual Machines in the portal and login as administrator > | [Microsoft.Network](../permissions/networking.md#microsoftnetwork)/networkInterfaces/read | Gets a network interface definition. | > | [Microsoft.Compute](../permissions/compute.md#microsoftcompute)/virtualMachines/*/read | | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/*/read | |-> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/listCredentials/action | Gets the endpoint access credentials to the resource. | +> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/listCredentials/action | List the endpoint access credentials to the resource. | > | **NotActions** | | > | *none* | | > | **DataActions** | | View Virtual Machines in the portal and login as a local user configured on the > | Actions | Description | > | | | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/*/read | |-> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/listCredentials/action | Gets the endpoint access credentials to the resource. | +> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/listCredentials/action | List the endpoint access credentials to the resource. | > | **NotActions** | | > | *none* | | > | **DataActions** | | View Virtual Machines in the portal and login as a regular user. > | [Microsoft.Network](../permissions/networking.md#microsoftnetwork)/networkInterfaces/read | Gets a network interface definition. | > | [Microsoft.Compute](../permissions/compute.md#microsoftcompute)/virtualMachines/*/read | | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/*/read | |-> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/listCredentials/action | Gets the endpoint access credentials to the resource. | +> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/listCredentials/action | List the endpoint access credentials to the resource. | > | **NotActions** | | > | *none* | | > | **DataActions** | | Let's you manage the OS of your resource via Windows Admin Center as an administ > | [Microsoft.Network](../permissions/networking.md#microsoftnetwork)/networkWatchers/securityGroupView/action | View the configured and effective network security group rules applied on a VM. | > | [Microsoft.Network](../permissions/networking.md#microsoftnetwork)/networkSecurityGroups/securityRules/read | Gets a security rule definition | > | [Microsoft.Network](../permissions/networking.md#microsoftnetwork)/networkSecurityGroups/securityRules/write | Creates a security rule or updates an existing security rule |-> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/write | Update the endpoint to the target resource. | -> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/read | Gets the endpoint to the resource. | -> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/serviceConfigurations/write | Update the service details in the service configurations of the target resource. | -> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/serviceConfigurations/read | Gets the details about the service to the resource. | -> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/listManagedProxyDetails/action | Fetches the managed proxy details | +> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/write | Create or update the endpoint to the target resource. | +> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/read | Get or list of endpoints to the target resource. | +> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/serviceConfigurations/write | Create or update the serviceConfigurations to the endpoints resource. | +> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/serviceConfigurations/read | Get or list of serviceConfigurations to the endpoints resource. | +> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/listManagedProxyDetails/action | List the managed proxy details to the resource. | > | [Microsoft.Compute](../permissions/compute.md#microsoftcompute)/virtualMachines/read | Get the properties of a virtual machine | > | [Microsoft.Compute](../permissions/compute.md#microsoftcompute)/virtualMachines/patchAssessmentResults/latest/read | Retrieves the summary of the latest patch assessment operation | > | [Microsoft.Compute](../permissions/compute.md#microsoftcompute)/virtualMachines/patchAssessmentResults/latest/softwarePatches/read | Retrieves list of patches assessed during the last patch assessment operation | |
| role-based-access-control | Containers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/containers.md | Grants read/write access to most Kubernetes resources within a namespace in the } ``` +## Azure Kubernetes Service Arc Cluster Admin Role ++List cluster admin credential action. ++[Learn more](/azure/aks/hybrid/concepts-security-access-identity) ++> [!div class="mx-tableFixed"] +> | Actions | Description | +> | | | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/provisionedClusterInstances/read | Gets the Hybrid AKS provisioned cluster instances associated with the connected cluster | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/provisionedClusterInstances/listAdminKubeconfig/action | Lists the admin credentials of a provisioned cluster instance used only in direct mode. | +> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/Read | Read connectedClusters | +> | **NotActions** | | +> | *none* | | +> | **DataActions** | | +> | *none* | | +> | **NotDataActions** | | +> | *none* | | ++```json +{ + "assignableScopes": [ + "/" + ], + "description": "List cluster admin credential action.", + "id": "/providers/Microsoft.Authorization/roleDefinitions/b29efa5f-7782-4dc3-9537-4d5bc70a5e9f", + "name": "b29efa5f-7782-4dc3-9537-4d5bc70a5e9f", + "permissions": [ + { + "actions": [ + "Microsoft.HybridContainerService/provisionedClusterInstances/read", + "Microsoft.HybridContainerService/provisionedClusterInstances/listAdminKubeconfig/action", + "Microsoft.Kubernetes/connectedClusters/Read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "roleName": "Azure Kubernetes Service Arc Cluster Admin Role", + "roleType": "BuiltInRole", + "type": "Microsoft.Authorization/roleDefinitions" +} +``` ++## Azure Kubernetes Service Arc Cluster User Role ++List cluster user credential action. ++[Learn more](/azure/aks/hybrid/concepts-security-access-identity) ++> [!div class="mx-tableFixed"] +> | Actions | Description | +> | | | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/provisionedClusterInstances/read | Gets the Hybrid AKS provisioned cluster instances associated with the connected cluster | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/provisionedClusterInstances/listUserKubeconfig/action | Lists the AAD user credentials of a provisioned cluster instance used only in direct mode. | +> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/Read | Read connectedClusters | +> | **NotActions** | | +> | *none* | | +> | **DataActions** | | +> | *none* | | +> | **NotDataActions** | | +> | *none* | | ++```json +{ + "assignableScopes": [ + "/" + ], + "description": "List cluster user credential action.", + "id": "/providers/Microsoft.Authorization/roleDefinitions/233ca253-b031-42ff-9fba-87ef12d6b55f", + "name": "233ca253-b031-42ff-9fba-87ef12d6b55f", + "permissions": [ + { + "actions": [ + "Microsoft.HybridContainerService/provisionedClusterInstances/read", + "Microsoft.HybridContainerService/provisionedClusterInstances/listUserKubeconfig/action", + "Microsoft.Kubernetes/connectedClusters/Read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "roleName": "Azure Kubernetes Service Arc Cluster User Role", + "roleType": "BuiltInRole", + "type": "Microsoft.Authorization/roleDefinitions" +} +``` ++## Azure Kubernetes Service Arc Contributor Role ++Grants access to read and write Azure Kubernetes Services hybrid clusters ++[Learn more](/azure/aks/hybrid/concepts-security-access-identity) ++> [!div class="mx-tableFixed"] +> | Actions | Description | +> | | | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/Locations/operationStatuses/read | read operationStatuses | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/Operations/read | read Operations | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/kubernetesVersions/read | Lists the supported kubernetes versions from the underlying custom location | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/kubernetesVersions/write | Puts the kubernetes version resource type | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/kubernetesVersions/delete | Delete the kubernetes versions resource type | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/provisionedClusterInstances/read | Gets the Hybrid AKS provisioned cluster instances associated with the connected cluster | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/provisionedClusterInstances/write | Creates the Hybrid AKS provisioned cluster instance | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/provisionedClusterInstances/delete | Deletes the Hybrid AKS provisioned cluster instance | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/provisionedClusterInstances/agentPools/read | Gets the agent pools in the Hybrid AKS provisioned cluster instance | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/provisionedClusterInstances/agentPools/write | Updates the agent pool in the Hybrid AKS provisioned cluster instance | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/provisionedClusterInstances/agentPools/delete | Deletes the agent pool in the Hybrid AKS provisioned cluster instance | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/provisionedClusterInstances/upgradeProfiles/read | read upgradeProfiles | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/skus/read | Lists the supported VM SKUs from the underlying custom location | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/skus/write | Puts the VM SKUs resource type | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/skus/delete | Deletes the Vm Sku resource type | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/virtualNetworks/read | Lists the Hybrid AKS virtual networks by subscription | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/virtualNetworks/write | Patches the Hybrid AKS virtual network | +> | [Microsoft.HybridContainerService](../permissions/hybrid-multicloud.md#microsofthybridcontainerservice)/virtualNetworks/delete | Deletes the Hybrid AKS virtual network | +> | [Microsoft.ExtendedLocation](../permissions/hybrid-multicloud.md#microsoftextendedlocation)/customLocations/deploy/action | Deploy permissions to a Custom Location resource | +> | [Microsoft.ExtendedLocation](../permissions/hybrid-multicloud.md#microsoftextendedlocation)/customLocations/read | Gets an Custom Location resource | +> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/Read | Read connectedClusters | +> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/Write | Writes connectedClusters | +> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/Delete | Deletes connectedClusters | +> | [Microsoft.Kubernetes](../permissions/hybrid-multicloud.md#microsoftkubernetes)/connectedClusters/listClusterUserCredential/action | List clusterUser credential | +> | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/clusters/read | Gets clusters | +> | **NotActions** | | +> | *none* | | +> | **DataActions** | | +> | *none* | | +> | **NotDataActions** | | +> | *none* | | ++```json +{ + "assignableScopes": [ + "/" + ], + "description": "Grants access to read and write Azure Kubernetes Services hybrid clusters", + "id": "/providers/Microsoft.Authorization/roleDefinitions/5d3f1697-4507-4d08-bb4a-477695db5f82", + "name": "5d3f1697-4507-4d08-bb4a-477695db5f82", + "permissions": [ + { + "actions": [ + "Microsoft.HybridContainerService/Locations/operationStatuses/read", + "Microsoft.HybridContainerService/Operations/read", + "Microsoft.HybridContainerService/kubernetesVersions/read", + "Microsoft.HybridContainerService/kubernetesVersions/write", + "Microsoft.HybridContainerService/kubernetesVersions/delete", + "Microsoft.HybridContainerService/provisionedClusterInstances/read", + "Microsoft.HybridContainerService/provisionedClusterInstances/write", + "Microsoft.HybridContainerService/provisionedClusterInstances/delete", + "Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/read", + "Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/write", + "Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/delete", + "Microsoft.HybridContainerService/provisionedClusterInstances/upgradeProfiles/read", + "Microsoft.HybridContainerService/skus/read", + "Microsoft.HybridContainerService/skus/write", + "Microsoft.HybridContainerService/skus/delete", + "Microsoft.HybridContainerService/virtualNetworks/read", + "Microsoft.HybridContainerService/virtualNetworks/write", + "Microsoft.HybridContainerService/virtualNetworks/delete", + "Microsoft.ExtendedLocation/customLocations/deploy/action", + "Microsoft.ExtendedLocation/customLocations/read", + "Microsoft.Kubernetes/connectedClusters/Read", + "Microsoft.Kubernetes/connectedClusters/Write", + "Microsoft.Kubernetes/connectedClusters/Delete", + "Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action", + "Microsoft.AzureStackHCI/clusters/read" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "roleName": "Azure Kubernetes Service Arc Contributor Role", + "roleType": "BuiltInRole", + "type": "Microsoft.Authorization/roleDefinitions" +} +``` + ## Azure Kubernetes Service Cluster Admin Role List cluster admin credential action. Grants access to read and write Azure Kubernetes Service clusters "permissions": [ { "actions": [- "Microsoft.Authorization/*/read", - "Microsoft.ContainerService/locations/*", - "Microsoft.ContainerService/managedClusters/*", - "Microsoft.ContainerService/managedclustersnapshots/*", - "Microsoft.ContainerService/snapshots/*", - "Microsoft.Insights/alertRules/*", - "Microsoft.Resources/deployments/*", - "Microsoft.Resources/subscriptions/resourceGroups/read" + "Microsoft.Authorization/*/read", + "Microsoft.ContainerService/locations/*", + "Microsoft.ContainerService/managedClusters/*", + "Microsoft.ContainerService/managedclustersnapshots/*", + "Microsoft.ContainerService/snapshots/*", + "Microsoft.Insights/alertRules/*", + "Microsoft.Resources/deployments/*", + "Microsoft.Resources/subscriptions/resourceGroups/read" ], "notActions": [], "dataActions": [], Allows read/write access to most objects in a namespace. This role does not allo } ``` -## Azure Kubernetes Service Arc Cluster Admin Role --Lists cluster admin credential actions. --> [!div class="mx-tableFixed"] -> | Actions | Description | -> | | | -> | Microsoft.HybridContainerService/provisionedClusterInstances/read | Gets the Hybrid AKS provisioned cluster instance and instances associated with the connected cluster | -> | Microsoft.HybridContainerService/provisionedClusterInstances/listAdminKubeconfig/action | Lists the admin credentials of a provisioned cluster instance used only in direct mode. | -> | Microsoft.Kubernetes/connectedClusters/Read | Read connectedClusters | -> | **NotActions** | | -> | *none* | | -> | **DataActions** | | -> | *none* | | -> | **NotDataActions** | | -> | *none* | | --```json -{ - "assignableScopes": [ - "/" - ], - "description": "List cluster admin credential action.", - "id": "/subscriptions/586c20df-c465-4f10-8673-65aa4859e7ca/providers/Microsoft.Authorization/roleDefinitions/b29efa5f-7782-4dc3-9537-4d5bc70a5e9f", - "name": "b29efa5f-7782-4dc3-9537-4d5bc70a5e9f", - "permissions": [ - { - "actions": [ - "Microsoft.HybridContainerService/provisionedClusterInstances/read", - "Microsoft.HybridContainerService/provisionedClusterInstances/listAdminKubeconfig/action", - "Microsoft.Kubernetes/connectedClusters/Read" - ], - "condition": null, - "conditionVersion": null, - "dataActions": [], - "notActions": [], - "notDataActions": [] - } - ], - "roleName": "Azure Kubernetes Service Arc Cluster Admin Role", - "roleType": "BuiltInRole", - "type": "Microsoft.Authorization/roleDefinitions" -} -``` --## Azure Kubernetes Service Arc Cluster User Role --Lists cluster user credential actions. --> [!div class="mx-tableFixed"] -> | Actions | Description | -> | | | -> | Microsoft.HybridContainerService/provisionedClusterInstances/read | Gets the Hybrid AKS provisioned cluster instance and instances associated with the connected cluster | -> | Microsoft.HybridContainerService/provisionedClusterInstances/listUserKubeconfig/action | Lists the AAD user credentials of a provisioned cluster instance used only in direct mode. | -> | Microsoft.Kubernetes/connectedClusters/Read | Read connectedClusters | -> | **NotActions** | | -> | *none* | | -> | **DataActions** | | -> | *none* | | -> | **NotDataActions** | | -> | *none* | | --```json -{ - "assignableScopes": [ - "/" - ], - "description": "List cluster user credential action.", - "id": "/subscriptions/586c20df-c465-4f10-8673-65aa4859e7ca/providers/Microsoft.Authorization/roleDefinitions/233ca253-b031-42ff-9fba-87ef12d6b55f", - "name": "233ca253-b031-42ff-9fba-87ef12d6b55f", - "permissions": [ - { - "actions": [ - "Microsoft.HybridContainerService/provisionedClusterInstances/read", - "Microsoft.HybridContainerService/provisionedClusterInstances/listUserKubeconfig/action", - "Microsoft.Kubernetes/connectedClusters/Read" - ], - "condition": null, - "conditionVersion": null, - "dataActions": [], - "notActions": [], - "notDataActions": [] - } - ], - "roleName": "Azure Kubernetes Service Arc Cluster User Role", - "roleType": "BuiltInRole", - "type": "Microsoft.Authorization/roleDefinitions" -} -``` --## Azure Kubernetes Service Arc Contributor Role --Grants access to read and write Azure Kubernetes Services Arc clusters. --> [!div class="mx-tableFixed"] -> | Actions | Description | -> | | | -> | Microsoft.HybridContainerService/Locations/operationStatuses/read | Read operationStatuses | -> | Microsoft.HybridContainerService/Operations/read | Read Operations | -> | Microsoft.HybridContainerService/kubernetesVersions/read | Get the supported kubernetes versions from the underlying custom location | -> | Microsoft.HybridContainerService/kubernetesVersions/write | Put the kubernetes version resource type | -> | Microsoft.HybridContainerService/kubernetesVersions/delete | Delete the kubernetes versions resource type | -> | Microsoft.HybridContainerService/provisionedClusterInstances/read | Get the Hybrid AKS provisioned cluster instance and instances associated with the connected cluster | -> | Microsoft.HybridContainerService/provisionedClusterInstances/write | Create the Hybrid AKS provisioned cluster instance | -> | Microsoft.HybridContainerService/provisionedClusterInstances/delete | Delete the Hybrid AKS provisioned cluster instance | -> | Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/read | Get the agent pools in the Hybrid AKS provisioned cluster instance | -> | Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/write | Create and update the agent pool in the Hybrid AKS provisioned cluster instance | -> | Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/delete | Delete the agent pool in the Hybrid AKS provisioned cluster instance | -> | Microsoft.HybridContainerService/provisionedClusterInstances/upgradeProfiles/read | read operationStatuses | -> | Microsoft.HybridContainerService/skus/read | Get the supported VM skus from the underlying custom location | -> | Microsoft.HybridContainerService/skus/write | Puts the VM SKUs resource type | -> | Microsoft.HybridContainerService/skus/delete | Deletes the Vm Sku resource type | -> | Microsoft.HybridContainerService/virtualNetworks/read | List the Hybrid AKS virtual networks by resource group and subscription | -> | Microsoft.HybridContainerService/virtualNetworks/write | Put and patch the Hybrid AKS virtual network | -> | Microsoft.HybridContainerService/virtualNetworks/delete | Deletes the Hybrid AKS virtual network | -> | Microsoft.ExtendedLocation/customLocations/deploy/action | Deploy permissions to a Custom Location resource | -> | Microsoft.ExtendedLocation/customLocations/read | Gets an Custom Location resource | -> | Microsoft.Kubernetes/connectedClusters/Read | Read connectedClusters | -> | Microsoft.Kubernetes/connectedClusters/Write | Writes connectedClusters | -> | Microsoft.Kubernetes/connectedClusters/Delete | Deletes connectedClusters | -> | Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action | List clusterUser credential | -> | Microsoft.AzureStackHCI/clusters/read | Gets clusters | -> | **NotActions** | | -> | *none* | | -> | **DataActions** | | -> | *none* | | -> | **NotDataActions** | | -> | *none* | | --```json -{ - "assignableScopes": [ - "/" - ], - "description": "Grants access to read and write Azure Kubernetes Services Arc clusters", - "id": "/subscriptions/586c20df-c465-4f10-8673-65aa4859e7ca/providers/Microsoft.Authorization/roleDefinitions/5d3f1697-4507-4d08-bb4a-477695db5f82", - "name": "5d3f1697-4507-4d08-bb4a-477695db5f82", - "permissions": [ - { - "actions": [ - "Microsoft.HybridContainerService/Locations/operationStatuses/read", - "Microsoft.HybridContainerService/Operations/read", - "Microsoft.HybridContainerService/kubernetesVersions/read", - "Microsoft.HybridContainerService/kubernetesVersions/write", - "Microsoft.HybridContainerService/kubernetesVersions/delete", - "Microsoft.HybridContainerService/provisionedClusterInstances/read", - "Microsoft.HybridContainerService/provisionedClusterInstances/write", - "Microsoft.HybridContainerService/provisionedClusterInstances/delete", - "Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/read", - "Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/write", - "Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/delete", - "Microsoft.HybridContainerService/provisionedClusterInstances/upgradeProfiles/read", - "Microsoft.HybridContainerService/skus/read", - "Microsoft.HybridContainerService/skus/write", - "Microsoft.HybridContainerService/skus/delete", - "Microsoft.HybridContainerService/virtualNetworks/read", - "Microsoft.HybridContainerService/virtualNetworks/write", - "Microsoft.HybridContainerService/virtualNetworks/delete", - "Microsoft.ExtendedLocation/customLocations/deploy/action", - "Microsoft.ExtendedLocation/customLocations/read", - "Microsoft.Kubernetes/connectedClusters/Read", - "Microsoft.Kubernetes/connectedClusters/Write", - "Microsoft.Kubernetes/connectedClusters/Delete", - "Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action", - "Microsoft.AzureStackHCI/clusters/read" - ], - "condition": null, - "conditionVersion": null, - "dataActions": [], - "notActions": [], - "notDataActions": [] - } - ], - "roleName": "Azure Kubernetes Service Arc Contributor Role", - "roleType": "BuiltInRole", - "type": "Microsoft.Authorization/roleDefinitions", -} -``` - ## Kubernetes Agentless Operator Grants Microsoft Defender for Cloud access to Azure Kubernetes Services Can create, update, get, list and delete Kubernetes Extensions, and get extensio ## Next steps -- [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal)+- [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal) |
| role-based-access-control | Databases | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/databases.md | |
| role-based-access-control | Devops | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/devops.md | View, create, update, delete and execute load tests. View and list load test res > | *none* | | > | **DataActions** | | > | [Microsoft.LoadTestService](../permissions/devops.md#microsoftloadtestservice)/loadtests/* | Create and manage load tests |+> | [Microsoft.LoadTestService](../permissions/devops.md#microsoftloadtestservice)/testProfiles/* | | +> | [Microsoft.LoadTestService](../permissions/devops.md#microsoftloadtestservice)/testProfileRuns/* | | > | **NotDataActions** | | > | *none* | | View, create, update, delete and execute load tests. View and list load test res ], "notActions": [], "dataActions": [- "Microsoft.LoadTestService/loadtests/*" + "Microsoft.LoadTestService/loadtests/*", + "Microsoft.LoadTestService/testProfiles/*", + "Microsoft.LoadTestService/testProfileRuns/*" ], "notDataActions": [] } View and list all load tests and load test resources but can not make any change > | *none* | | > | **DataActions** | | > | [Microsoft.LoadTestService](../permissions/devops.md#microsoftloadtestservice)/loadtests/readTest/action | Read Load Tests |+> | [Microsoft.LoadTestService](../permissions/devops.md#microsoftloadtestservice)/testProfiles/read | Read Test Profiles | +> | [Microsoft.LoadTestService](../permissions/devops.md#microsoftloadtestservice)/testProfileRuns/read | Read Test Profile Runs | > | **NotDataActions** | | > | *none* | | View and list all load tests and load test resources but can not make any change ], "notActions": [], "dataActions": [- "Microsoft.LoadTestService/loadtests/readTest/action" + "Microsoft.LoadTestService/loadtests/readTest/action", + "Microsoft.LoadTestService/testProfiles/read", + "Microsoft.LoadTestService/testProfileRuns/read" ], "notDataActions": [] } |
| role-based-access-control | General | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/general.md | Grants full access to manage all resources, but does not allow you to assign rol > | [Microsoft.Compute](../permissions/compute.md#microsoftcompute)/galleries/share/action | Shares a Gallery to different scopes | > | [Microsoft.Purview](../permissions/analytics.md#microsoftpurview)/consents/write | Create or Update a Consent Resource. | > | [Microsoft.Purview](../permissions/analytics.md#microsoftpurview)/consents/delete | Delete the Consent Resource. |+> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deploymentStacks/manageDenySetting/action | Manage the denySettings property of a deployment stack. | > | **DataActions** | | > | *none* | | > | **NotDataActions** | | Grants full access to manage all resources, but does not allow you to assign rol "Microsoft.Blueprint/blueprintAssignments/delete", "Microsoft.Compute/galleries/share/action", "Microsoft.Purview/consents/write",- "Microsoft.Purview/consents/delete" + "Microsoft.Purview/consents/delete", + "Microsoft.Resources/deploymentStacks/manageDenySetting/action" ], "dataActions": [], "notDataActions": [] |
| role-based-access-control | Hybrid Multicloud | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/hybrid-multicloud.md | Grants full access to the cluster and its resources, including the ability to re > | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/register/action | Registers the subscription for the Azure Stack HCI resource provider and enables the creation of Azure Stack HCI resources. | > | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/Unregister/Action | Unregisters the subscription for the Azure Stack HCI resource provider. | > | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/clusters/* | |+> | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/NetworkSecurityGroups/Read | Gets/Lists a network security group resource | +> | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/NetworkSecurityGroups/SecurityRules/Read | Gets/Lists security rule resource | +> | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/NetworkSecurityGroups/Write | Creates/Updates a network security group resource | +> | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/NetworkSecurityGroups/SecurityRules/Write | Creates/Updates security rule resource | +> | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/NetworkSecurityGroups/Delete | Deletes a network security group resource | +> | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/NetworkSecurityGroups/SecurityRules/Delete | Deletes a security rule resource | +> | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/NetworkSecurityGroups/join/action | Joins network security group resource | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/register/action | Registers the subscription for the Microsoft.HybridCompute Resource Provider | > | [Microsoft.GuestConfiguration](../permissions/management-and-governance.md#microsoftguestconfiguration)/register/action | Registers the subscription for the Microsoft.GuestConfiguration resource provider. | > | [Microsoft.GuestConfiguration](../permissions/management-and-governance.md#microsoftguestconfiguration)/guestConfigurationAssignments/read | Get guest configuration assignment. | Grants full access to the cluster and its resources, including the ability to re "Microsoft.AzureStackHCI/register/action", "Microsoft.AzureStackHCI/Unregister/Action", "Microsoft.AzureStackHCI/clusters/*",+ "Microsoft.AzureStackHCI/NetworkSecurityGroups/Read", + "Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read", + "Microsoft.AzureStackHCI/NetworkSecurityGroups/Write", + "Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Write", + "Microsoft.AzureStackHCI/NetworkSecurityGroups/Delete", + "Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Delete", + "Microsoft.AzureStackHCI/NetworkSecurityGroups/join/action", "Microsoft.HybridCompute/register/action", "Microsoft.GuestConfiguration/register/action", "Microsoft.GuestConfiguration/guestConfigurationAssignments/read", Grants permissions to perform all VM actions > | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/MarketPlaceGalleryImages/deploy/action | Deploys market place gallery images resource | > | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/Clusters/Read | Gets clusters | > | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/Clusters/ArcSettings/Read | Gets arc resource of HCI cluster |+> | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/NetworkSecurityGroups/Read | Gets/Lists a network security group resource | +> | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/NetworkSecurityGroups/SecurityRules/Read | Gets/Lists security rule resource | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/AlertRules/Write | Create or update a classic metric alert | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/AlertRules/Delete | Delete a classic metric alert | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/AlertRules/Read | Read a classic metric alert | Grants permissions to perform all VM actions "Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action", "Microsoft.AzureStackHCI/Clusters/Read", "Microsoft.AzureStackHCI/Clusters/ArcSettings/Read",+ "Microsoft.AzureStackHCI/NetworkSecurityGroups/Read", + "Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read", "Microsoft.Insights/AlertRules/Write", "Microsoft.Insights/AlertRules/Delete", "Microsoft.Insights/AlertRules/Read", Grants permissions to view VMs > | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/StorageContainers/Read | Gets/Lists storage containers resource | > | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/GalleryImages/Read | Gets/Lists gallery images resource | > | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/MarketplaceGalleryImages/Read | Gets/Lists market place gallery images resource |+> | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/NetworkSecurityGroups/Read | Gets/Lists a network security group resource | +> | [Microsoft.AzureStackHCI](../permissions/hybrid-multicloud.md#microsoftazurestackhci)/NetworkSecurityGroups/SecurityRules/Read | Gets/Lists security rule resource | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/licenses/read | Reads any Azure Arc licenses | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/extensions/read | Reads any Azure Arc extensions | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/licenseProfiles/read | Reads any Azure Arc licenseProfiles | Grants permissions to view VMs "Microsoft.AzureStackHCI/StorageContainers/Read", "Microsoft.AzureStackHCI/GalleryImages/Read", "Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",+ "Microsoft.AzureStackHCI/NetworkSecurityGroups/Read", + "Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read", "Microsoft.HybridCompute/licenses/read", "Microsoft.HybridCompute/machines/extensions/read", "Microsoft.HybridCompute/machines/licenseProfiles/read", |
| role-based-access-control | Identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/identity.md | |
| role-based-access-control | Integration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/integration.md | Has read access to tags and products and write access to allow: assigning APIs t > | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/products/read | Lists a collection of products in the specified service instance. or Gets the details of the product specified by its identifier. | > | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/products/apiLinks/* | | > | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/read | Read metadata for an API Management Service instance |+> | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/authorizationServers/read | Lists a collection of authorization servers defined within a service instance. or Gets the details of the authorization server without secrets. | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | **NotActions** | | > | *none* | | Has read access to tags and products and write access to allow: assigning APIs t "Microsoft.ApiManagement/service/products/read", "Microsoft.ApiManagement/service/products/apiLinks/*", "Microsoft.ApiManagement/service/read",+ "Microsoft.ApiManagement/service/authorizationServers/read", "Microsoft.Authorization/*/read" ], "notActions": [], Has the same access as API Management Service Workspace API Developer as well as > | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/groups/read | Lists a collection of groups defined within a service instance. or Gets the details of the group specified by its identifier. | > | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/groups/users/* | | > | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/read | Read metadata for an API Management Service instance |+> | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/authorizationServers/read | Lists a collection of authorization servers defined within a service instance. or Gets the details of the authorization server without secrets. | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | **NotActions** | | > | *none* | | Has the same access as API Management Service Workspace API Developer as well as "Microsoft.ApiManagement/service/groups/read", "Microsoft.ApiManagement/service/groups/users/*", "Microsoft.ApiManagement/service/read",+ "Microsoft.ApiManagement/service/authorizationServers/read", "Microsoft.Authorization/*/read" ], "notActions": [], Has read access to entities in the workspace and read and write access to entiti > | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/workspaces/policyFragments/* | | > | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/workspaces/namedValues/* | | > | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/workspaces/tags/* | |+> | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/workspaces/backends/* | | +> | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/workspaces/certificates/* | | +> | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/workspaces/diagnostics/* | | +> | [Microsoft.ApiManagement](../permissions/integration.md#microsoftapimanagement)/service/workspaces/loggers/* | | > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | > | **NotActions** | | > | *none* | | Has read access to entities in the workspace and read and write access to entiti "Microsoft.ApiManagement/service/workspaces/policyFragments/*", "Microsoft.ApiManagement/service/workspaces/namedValues/*", "Microsoft.ApiManagement/service/workspaces/tags/*",+ "Microsoft.ApiManagement/service/workspaces/backends/*", + "Microsoft.ApiManagement/service/workspaces/certificates/*", + "Microsoft.ApiManagement/service/workspaces/diagnostics/*", + "Microsoft.ApiManagement/service/workspaces/loggers/*", "Microsoft.Authorization/*/read" ], "notActions": [], Allows for access to Azure API Center data plane read operations. > | *none* | | > | **DataActions** | | > | [Microsoft.ApiCenter](../permissions/integration.md#microsoftapicenter)/services/*/read | |+> | [Microsoft.ApiCenter](../permissions/integration.md#microsoftapicenter)/services/workspaces/apis/versions/definitions/exportSpecification/action | Exports API definition file. | > | **NotDataActions** | | > | *none* | | Allows for access to Azure API Center data plane read operations. "actions": [], "notActions": [], "dataActions": [- "Microsoft.ApiCenter/services/*/read" + "Microsoft.ApiCenter/services/*/read", + "Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action" ], "notDataActions": [] } |
| role-based-access-control | Internet Of Things | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/internet-of-things.md | |
| role-based-access-control | Management And Governance | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/management-and-governance.md | Can read, write, delete and re-onboard Azure Connected Machines. > [!div class="mx-tableFixed"] > | Actions | Description | > | | |-> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/read | Read any Azure Arc machines | -> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/write | Writes an Azure Arc machines | -> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/delete | Deletes an Azure Arc machines | +> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/* | | +> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/extensions/* | | +> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/licenseProfiles/* | | +> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/runCommands/* | | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/UpgradeExtensions/action | Upgrades Extensions on Azure Arc machines |-> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/extensions/read | Reads any Azure Arc extensions | -> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/extensions/write | Installs or Updates an Azure Arc extensions | -> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/extensions/delete | Deletes an Azure Arc extensions | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/privateLinkScopes/* | |+> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/licenses/* | | +> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/locations/* | | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/*/read | | > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment |-> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/licenses/write | Installs or Updates an Azure Arc licenses | -> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/licenses/delete | Deletes an Azure Arc licenses | -> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/licenseProfiles/read | Reads any Azure Arc licenseProfiles | -> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/licenseProfiles/write | Installs or Updates an Azure Arc licenseProfiles | -> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/licenseProfiles/delete | Deletes an Azure Arc licenseProfiles | -> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/runCommands/read | Reads any Azure Arc runcommands | -> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/runCommands/write | Installs or Updates an Azure Arc runcommands | -> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/runCommands/delete | Deletes an Azure Arc runcommands | > | **NotActions** | | > | *none* | | > | **DataActions** | | Can read, write, delete and re-onboard Azure Connected Machines. "permissions": [ { "actions": [- "Microsoft.HybridCompute/machines/read", - "Microsoft.HybridCompute/machines/write", - "Microsoft.HybridCompute/machines/delete", + "Microsoft.HybridCompute/machines/*", + "Microsoft.HybridCompute/machines/extensions/*", + "Microsoft.HybridCompute/machines/licenseProfiles/*", + "Microsoft.HybridCompute/machines/runCommands/*", "Microsoft.HybridCompute/machines/UpgradeExtensions/action",- "Microsoft.HybridCompute/machines/extensions/read", - "Microsoft.HybridCompute/machines/extensions/write", - "Microsoft.HybridCompute/machines/extensions/delete", "Microsoft.HybridCompute/privateLinkScopes/*",+ "Microsoft.HybridCompute/licenses/*", + "Microsoft.HybridCompute/locations/*", "Microsoft.HybridCompute/*/read",- "Microsoft.Resources/deployments/*", - "Microsoft.HybridCompute/licenses/write", - "Microsoft.HybridCompute/licenses/delete", - "Microsoft.HybridCompute/machines/licenseProfiles/read", - "Microsoft.HybridCompute/machines/licenseProfiles/write", - "Microsoft.HybridCompute/machines/licenseProfiles/delete", - "Microsoft.HybridCompute/machines/runCommands/read", - "Microsoft.HybridCompute/machines/runCommands/write", - "Microsoft.HybridCompute/machines/runCommands/delete" + "Microsoft.Resources/deployments/*" ], "notActions": [], "dataActions": [], Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid co > [!div class="mx-tableFixed"] > | Actions | Description | > | | |-> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/read | Gets the endpoint to the resource. | -> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/write | Update the endpoint to the target resource. | -> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/serviceConfigurations/read | Gets the details about the service to the resource. | -> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/serviceConfigurations/write | Update the service details in the service configurations of the target resource. | +> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments | +> | [Microsoft.GuestConfiguration](../permissions/management-and-governance.md#microsoftguestconfiguration)/guestConfigurationAssignments/*/read | | +> | [Microsoft.GuestConfiguration](../permissions/management-and-governance.md#microsoftguestconfiguration)/guestConfigurationAssignments/read | Get guest configuration assignment. | +> | [Microsoft.GuestConfiguration](../permissions/management-and-governance.md#microsoftguestconfiguration)/guestConfigurationAssignments/write | Create new guest configuration assignment. | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/read | Read any Azure Arc machines |-> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/write | Writes an Azure Arc machines | -> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/delete | Deletes an Azure Arc machines | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/extensions/read | Reads any Azure Arc extensions |-> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/extensions/write | Installs or Updates an Azure Arc extensions | -> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/extensions/delete | Deletes an Azure Arc extensions | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/*/read | |-> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/UpgradeExtensions/action | Upgrades Extensions on Azure Arc machines | +> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/delete | Deletes an Azure Arc machines | +> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/extensions/delete | Deletes an Azure Arc extensions | +> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/extensions/write | Installs or Updates an Azure Arc extensions | +> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/licenseProfiles/delete | Deletes an Azure Arc licenseProfiles | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/licenseProfiles/read | Reads any Azure Arc licenseProfiles | > | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/licenseProfiles/write | Installs or Updates an Azure Arc licenseProfiles |-> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/licenseProfiles/delete | Deletes an Azure Arc licenseProfiles | -> | [Microsoft.GuestConfiguration](../permissions/management-and-governance.md#microsoftguestconfiguration)/guestConfigurationAssignments/read | Get guest configuration assignment. | -> | [Microsoft.GuestConfiguration](../permissions/management-and-governance.md#microsoftguestconfiguration)/guestConfigurationAssignments/*/read | | -> | [Microsoft.GuestConfiguration](../permissions/management-and-governance.md#microsoftguestconfiguration)/guestConfigurationAssignments/write | Create new guest configuration assignment. | +> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/UpgradeExtensions/action | Upgrades Extensions on Azure Arc machines | +> | [Microsoft.HybridCompute](../permissions/hybrid-multicloud.md#microsofthybridcompute)/machines/write | Writes an Azure Arc machines | +> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/read | Get or list of endpoints to the target resource. | +> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/serviceConfigurations/read | Get or list of serviceConfigurations to the endpoints resource. | +> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/serviceConfigurations/write | Create or update the serviceConfigurations to the endpoints resource. | +> | [Microsoft.HybridConnectivity](../permissions/hybrid-multicloud.md#microsofthybridconnectivity)/endpoints/write | Create or update the endpoint to the target resource. | +> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. | +> | Microsoft.EdgeMarketplace/locations/operationStatuses/read | read operationStatuses | +> | Microsoft.EdgeMarketPlace/offers/getAccessToken/action | get access token. | +> | Microsoft.EdgeMarketPlace/offers/generateAccessToken/action | A long-running resource action. | +> | Microsoft.EdgeMarketplace/publishers/read | Get a Publisher | +> | Microsoft.EdgeMarketplace/offers/read | Get a Offer | +> | [Microsoft.ExtendedLocation](../permissions/hybrid-multicloud.md#microsoftextendedlocation)/customLocations/read | Gets an Custom Location resource | +> | Microsoft.Attestation/attestationProviders/write | Adds attestation service. | +> | Microsoft.Attestation/attestationProviders/read | Gets the attestation service status. | +> | Microsoft.Attestation/attestationProviders/delete | Removes attestation service. | +> | Microsoft.Attestation/attestationProviders/attestation/read | Gets the attestation service status. | +> | Microsoft.Attestation/attestationProviders/attestation/write | Adds attestation service. | +> | Microsoft.Attestation/attestationProviders/attestation/delete | Removes attestation service. | > | **NotActions** | | > | *none* | | > | **DataActions** | | Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid co "permissions": [ { "actions": [- "Microsoft.HybridConnectivity/endpoints/read", - "Microsoft.HybridConnectivity/endpoints/write", - "Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read", - "Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write", + "Microsoft.Authorization/*/read", + "Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read", + "Microsoft.GuestConfiguration/guestConfigurationAssignments/read", + "Microsoft.GuestConfiguration/guestConfigurationAssignments/write", "Microsoft.HybridCompute/machines/read",- "Microsoft.HybridCompute/machines/write", - "Microsoft.HybridCompute/machines/delete", "Microsoft.HybridCompute/machines/extensions/read",- "Microsoft.HybridCompute/machines/extensions/write", - "Microsoft.HybridCompute/machines/extensions/delete", "Microsoft.HybridCompute/*/read",- "Microsoft.HybridCompute/machines/UpgradeExtensions/action", + "Microsoft.HybridCompute/machines/delete", + "Microsoft.HybridCompute/machines/extensions/delete", + "Microsoft.HybridCompute/machines/extensions/write", + "Microsoft.HybridCompute/machines/licenseProfiles/delete", "Microsoft.HybridCompute/machines/licenseProfiles/read", "Microsoft.HybridCompute/machines/licenseProfiles/write",- "Microsoft.HybridCompute/machines/licenseProfiles/delete", - "Microsoft.GuestConfiguration/guestConfigurationAssignments/read", - "Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read", - "Microsoft.GuestConfiguration/guestConfigurationAssignments/write" + "Microsoft.HybridCompute/machines/UpgradeExtensions/action", + "Microsoft.HybridCompute/machines/write", + "Microsoft.HybridConnectivity/endpoints/read", + "Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read", + "Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write", + "Microsoft.HybridConnectivity/endpoints/write", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.EdgeMarketplace/locations/operationStatuses/read", + "Microsoft.EdgeMarketPlace/offers/getAccessToken/action", + "Microsoft.EdgeMarketPlace/offers/generateAccessToken/action", + "Microsoft.EdgeMarketplace/publishers/read", + "Microsoft.EdgeMarketplace/offers/read", + "Microsoft.ExtendedLocation/customLocations/read", + "Microsoft.Attestation/attestationProviders/write", + "Microsoft.Attestation/attestationProviders/read", + "Microsoft.Attestation/attestationProviders/delete", + "Microsoft.Attestation/attestationProviders/attestation/read", + "Microsoft.Attestation/attestationProviders/attestation/write", + "Microsoft.Attestation/attestationProviders/attestation/delete" ], "notActions": [], "dataActions": [], |
| role-based-access-control | Mixed Reality | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/mixed-reality.md | |
| role-based-access-control | Monitor | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/monitor.md | Gives user permission to view and download debug snapshots collected with the Ap ## Grafana Admin -Perform all Grafana operations, including the ability to manage data sources, create dashboards, and manage role assignments within Grafana. +Manage server-wide settings and manage access to resources such as organizations, users, and licenses. [Learn more](/azure/managed-grafana/concept-role-based-access-control) Perform all Grafana operations, including the ability to manage data sources, cr "assignableScopes": [ "/" ],- "description": "Built-in Grafana admin role", + "description": "Manage server-wide settings and manage access to resources such as organizations, users, and licenses.", "id": "/providers/Microsoft.Authorization/roleDefinitions/22926164-76b3-42b3-bc55-97df8dab3e41", "name": "22926164-76b3-42b3-bc55-97df8dab3e41", "permissions": [ Perform all Grafana operations, including the ability to manage data sources, cr ## Grafana Editor -View and edit a Grafana instance, including its dashboards and alerts. +Create, edit, delete, or view dashboards; create, edit, or delete folders; and edit or view playlists. [Learn more](/azure/managed-grafana/concept-role-based-access-control) View and edit a Grafana instance, including its dashboards and alerts. "assignableScopes": [ "/" ],- "description": "Built-in Grafana Editor role", + "description": "Create, edit, delete, or view dashboards; create, edit, or delete folders; and edit or view playlists.", "id": "/providers/Microsoft.Authorization/roleDefinitions/a79a5197-3a5c-4973-a920-486035ffd60f", "name": "a79a5197-3a5c-4973-a920-486035ffd60f", "permissions": [ View and edit a Grafana instance, including its dashboards and alerts. ## Grafana Limited Viewer -View a Grafana home page. +View home page. [Learn more](/azure/managed-grafana/concept-role-based-access-control) View a Grafana home page. ```json {- "id": "/providers/Microsoft.Authorization/roleDefinitions/41e04612-9dac-4699-a02b-c82ff2cc3fb5", - "properties": { - "roleName": "Grafana Limited Viewer", - "description": "View home page.", - "assignableScopes": [ - "/" - ], - "permissions": [ - { - "actions": [], - "notActions": [], - "dataActions": [ - "Microsoft.Dashboard/grafana/ActAsGrafanaLimitedViewer/action" - ], - "notDataActions": [] - } - ] + "assignableScopes": [ + "/" + ], + "description": "View home page.", + "id": "/providers/Microsoft.Authorization/roleDefinitions/41e04612-9dac-4699-a02b-c82ff2cc3fb5", + "name": "41e04612-9dac-4699-a02b-c82ff2cc3fb5", + "permissions": [ + { + "actions": [], + "notActions": [], + "dataActions": [ + "Microsoft.Dashboard/grafana/ActAsGrafanaLimitedViewer/action" + ], + "notDataActions": [] }+ ], + "roleName": "Grafana Limited Viewer", + "roleType": "BuiltInRole", + "type": "Microsoft.Authorization/roleDefinitions" } ``` ## Grafana Viewer -View a Grafana instance, including its dashboards and alerts. +View dashboards, playlists, and query data sources. [Learn more](/azure/managed-grafana/concept-role-based-access-control) View a Grafana instance, including its dashboards and alerts. "assignableScopes": [ "/" ],- "description": "Built-in Grafana Viewer role", + "description": "View dashboards, playlists, and query data sources.", "id": "/providers/Microsoft.Authorization/roleDefinitions/60921a7e-fef1-4a43-9b16-a26c52ad4769", "name": "60921a7e-fef1-4a43-9b16-a26c52ad4769", "permissions": [ Can read all monitoring data and edit monitoring settings. See also [Get started > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/workbooktemplates/* | | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/privateLinkScopes/* | | > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/privateLinkScopeOperationStatuses/* | |+> | [Microsoft.Monitor](../permissions/monitor.md#microsoftmonitor)/accounts/* | | > | [Microsoft.OperationalInsights](../permissions/monitor.md#microsoftoperationalinsights)/workspaces/write | Creates a new workspace or links to an existing workspace by providing the customer id from the existing workspace. | > | [Microsoft.OperationalInsights](../permissions/monitor.md#microsoftoperationalinsights)/workspaces/intelligencepacks/* | Read/write/delete log analytics solution packs. | > | [Microsoft.OperationalInsights](../permissions/monitor.md#microsoftoperationalinsights)/workspaces/savedSearches/* | Read/write/delete log analytics saved searches. | Can read all monitoring data and edit monitoring settings. See also [Get started > | [Microsoft.AlertsManagement](../permissions/monitor.md#microsoftalertsmanagement)/smartGroups/* | | > | [Microsoft.AlertsManagement](../permissions/monitor.md#microsoftalertsmanagement)/migrateFromSmartDetection/* | | > | [Microsoft.AlertsManagement](../permissions/monitor.md#microsoftalertsmanagement)/investigations/* | |+> | [Microsoft.AlertsManagement](../permissions/monitor.md#microsoftalertsmanagement)/prometheusRuleGroups/* | | > | [Microsoft.Monitor](../permissions/monitor.md#microsoftmonitor)/investigations/* | | > | **NotActions** | | > | *none* | | Can read all monitoring data and edit monitoring settings. See also [Get started "Microsoft.Insights/workbooktemplates/*", "Microsoft.Insights/privateLinkScopes/*", "Microsoft.Insights/privateLinkScopeOperationStatuses/*",+ "Microsoft.Monitor/accounts/*", "Microsoft.OperationalInsights/workspaces/write", "Microsoft.OperationalInsights/workspaces/intelligencepacks/*", "Microsoft.OperationalInsights/workspaces/savedSearches/*", Can read all monitoring data and edit monitoring settings. See also [Get started "Microsoft.AlertsManagement/smartGroups/*", "Microsoft.AlertsManagement/migrateFromSmartDetection/*", "Microsoft.AlertsManagement/investigations/*",+ "Microsoft.AlertsManagement/prometheusRuleGroups/*", "Microsoft.Monitor/investigations/*" ], "notActions": [], |
| role-based-access-control | Networking | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/networking.md | Lets you manage Traffic Manager profiles, but does not let you control who has a ## Next steps -- [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal)+- [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal) |
| role-based-access-control | Security | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/security.md | Can read the attestation provider properties > | Actions | Description | > | | | > | Microsoft.Attestation/attestationProviders/attestation/read | Gets the attestation service status. |+> | Microsoft.Attestation/attestationProviders/read | Gets the attestation service status. | > | **NotActions** | | > | *none* | | > | **DataActions** | | Can read the attestation provider properties "permissions": [ { "actions": [- "Microsoft.Attestation/attestationProviders/attestation/read" + "Microsoft.Attestation/attestationProviders/attestation/read", + "Microsoft.Attestation/attestationProviders/read" ], "notActions": [], "dataActions": [], |
| role-based-access-control | Storage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/storage.md | Lets you manage backup service, but can't create vaults and give access to other > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/findRestorableTimeRanges/action | Finds Restorable Time Ranges |+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/operationResults/read | Returns Backup Operation Result for Backup Vault. | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/write | Update BackupVault operation updates an Azure resource of type 'Backup Vault' | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/operationResults/read | Gets Operation Result of a Patch Operation for a Backup Vault | Lets you manage backup service, but can't create vaults and give access to other > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/locations/operationResults/read | Returns Backup Operation Result for Backup Vault. | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/validateForBackup/action | Validates for backup of Backup Instance | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/operations/read | Operation returns the list of Operations for a Resource Provider |+> | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/backupResourceGuardProxies/delete | The Delete ResourceGuard proxy operation deletes the specified Azure resource of type 'ResourceGuard proxy' | +> | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/backupResourceGuardProxies/read | Get the list of ResourceGuard proxies for a resource | +> | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/backupResourceGuardProxies/unlockDelete/action | Unlock delete ResourceGuard proxy operation unlocks the next delete critical operation | +> | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/backupResourceGuardProxies/write | Create ResourceGuard proxy operation creates an Azure resource of type 'ResourceGuard Proxy' | +> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupResourceGuardProxies/read | Get ResourceGuard proxy operation gets an object representing the Azure resource of type 'ResourceGuard proxy' | +> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupResourceGuardProxies/write | Create ResourceGuard proxy operation creates an Azure resource of type 'ResourceGuard Proxy' | +> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupResourceGuardProxies/delete | The Delete ResourceGuard proxy operation deletes the specified Azure resource of type 'ResourceGuard proxy' | +> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupResourceGuardProxies/unlockDelete/action | Unlock delete ResourceGuard proxy operation unlocks the next delete critical operation | > | **NotActions** | | > | *none* | | > | **DataActions** | | Lets you manage backup service, but can't create vaults and give access to other "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read", "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read", "Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",+ "Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read", "Microsoft.DataProtection/backupVaults/write", "Microsoft.DataProtection/backupVaults/read", "Microsoft.DataProtection/backupVaults/operationResults/read", Lets you manage backup service, but can't create vaults and give access to other "Microsoft.DataProtection/locations/operationStatus/read", "Microsoft.DataProtection/locations/operationResults/read", "Microsoft.DataProtection/backupVaults/validateForBackup/action",- "Microsoft.DataProtection/operations/read" + "Microsoft.DataProtection/operations/read", + "Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete", + "Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read", + "Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action", + "Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write", + "Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read", + "Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write", + "Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete", + "Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action" ], "notActions": [], "dataActions": [], Lets you manage backup services, except removal of backup, vault creation and gi > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/read | Returns all Backup Instances | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/read | Returns all Backup Instances |+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/operationResults/read | Returns Backup Operation Result for Backup Vault. | +> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/write | Creates a Backup Instance | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/deletedBackupInstances/read | List soft-deleted Backup Instances in a Backup Vault. | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies | Lets you manage backup services, except removal of backup, vault creation and gi > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action | Get cross region restore job details from secondary region. | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action | Returns recovery points from secondary region for cross region restore enabled Backup Vaults. | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/locations/checkFeatureSupport/action | Validates if a feature is supported |+> | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/backupResourceGuardProxies/delete | The Delete ResourceGuard proxy operation deletes the specified Azure resource of type 'ResourceGuard proxy' | +> | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/backupResourceGuardProxies/read | Get the list of ResourceGuard proxies for a resource | +> | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/backupResourceGuardProxies/unlockDelete/action | Unlock delete ResourceGuard proxy operation unlocks the next delete critical operation | +> | [Microsoft.RecoveryServices](../permissions/management-and-governance.md#microsoftrecoveryservices)/Vaults/backupResourceGuardProxies/write | Create ResourceGuard proxy operation creates an Azure resource of type 'ResourceGuard Proxy' | +> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupResourceGuardProxies/read | Get ResourceGuard proxy operation gets an object representing the Azure resource of type 'ResourceGuard proxy' | +> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupResourceGuardProxies/write | Create ResourceGuard proxy operation creates an Azure resource of type 'ResourceGuard Proxy' | +> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupResourceGuardProxies/delete | The Delete ResourceGuard proxy operation deletes the specified Azure resource of type 'ResourceGuard proxy' | +> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupResourceGuardProxies/unlockDelete/action | Unlock delete ResourceGuard proxy operation unlocks the next delete critical operation | > | **NotActions** | | > | *none* | | > | **DataActions** | | Lets you manage backup services, except removal of backup, vault creation and gi "Microsoft.Support/*", "Microsoft.DataProtection/backupVaults/backupInstances/read", "Microsoft.DataProtection/backupVaults/backupInstances/read",+ "Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read", + "Microsoft.DataProtection/backupVaults/backupInstances/write", "Microsoft.DataProtection/backupVaults/deletedBackupInstances/read", "Microsoft.DataProtection/backupVaults/backupPolicies/read", "Microsoft.DataProtection/backupVaults/backupPolicies/read", Lets you manage backup services, except removal of backup, vault creation and gi "Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action", "Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action", "Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action",- "Microsoft.DataProtection/locations/checkFeatureSupport/action" + "Microsoft.DataProtection/locations/checkFeatureSupport/action", + "Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete", + "Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read", + "Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action", + "Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write", + "Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read", + "Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write", + "Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete", + "Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action" ], "notActions": [], "dataActions": [], Can view backup services, but can't make changes > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupPolicies/read | Returns all Backup Policies | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/recoveryPoints/read | Returns all Recovery Points |+> | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/operationResults/read | Returns Backup Operation Result for Backup Vault. | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/backupInstances/findRestorableTimeRanges/action | Finds Restorable Time Ranges | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/read | Gets list of Backup Vaults in a Resource Group | > | [Microsoft.DataProtection](../permissions/security.md#microsoftdataprotection)/backupVaults/operationResults/read | Gets Operation Result of a Patch Operation for a Backup Vault | Can view backup services, but can't make changes "Microsoft.DataProtection/backupVaults/backupPolicies/read", "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read", "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",+ "Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read", "Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action", "Microsoft.DataProtection/backupVaults/read", "Microsoft.DataProtection/backupVaults/operationResults/read", Allows for read, write, delete, and modify ACLs on files/directories in Azure fi > | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/fileServices/fileshares/files/write | Returns the result of writing a file or creating a folder | > | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/fileServices/fileshares/files/delete | Returns the result of deleting a file/folder | > | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/fileServices/fileshares/files/modifypermissions/action | Returns the result of modifying permission on a file/folder |-> | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/fileServices/readFileBackupSemantics/action | Read File Backup Sematics Privilege | -> | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/fileServices/writeFileBackupSemantics/action | Write File Backup Sematics Privilege | +> | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/fileServices/readFileBackupSemantics/action | Read File Backup Semantics Privilege | +> | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/fileServices/writeFileBackupSemantics/action | Write File Backup Semantics Privilege | > | **NotDataActions** | | > | *none* | | Allows for read access on files/directories in Azure file shares by overriding e > | *none* | | > | **DataActions** | | > | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/fileServices/fileshares/files/read | Returns a file/folder or a list of files/folders |-> | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/fileServices/readFileBackupSemantics/action | Read File Backup Sematics Privilege | +> | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/fileServices/readFileBackupSemantics/action | Read File Backup Semantics Privilege | > | **NotDataActions** | | > | *none* | | |
| role-based-access-control | Web And Mobile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/built-in-roles/web-and-mobile.md | Manage websites, but not web plans. Does not allow you to assign roles in Azure > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket | > | [Microsoft.Web](../permissions/web-and-mobile.md#microsoftweb)/certificates/* | Create and manage website certificates | > | [Microsoft.Web](../permissions/web-and-mobile.md#microsoftweb)/listSitesAssignedToHostName/read | Get names of sites assigned to hostname. |+> | [Microsoft.Web](../permissions/web-and-mobile.md#microsoftweb)/register/action | Register Microsoft.Web resource provider for the subscription. | > | [Microsoft.Web](../permissions/web-and-mobile.md#microsoftweb)/serverFarms/join/action | Joins an App Service Plan | > | [Microsoft.Web](../permissions/web-and-mobile.md#microsoftweb)/serverFarms/read | Get the properties on an App Service Plan | > | [Microsoft.Web](../permissions/web-and-mobile.md#microsoftweb)/sites/* | Create and manage websites (site creation also requires write permissions to the associated App Service Plan) | Manage websites, but not web plans. Does not allow you to assign roles in Azure "Microsoft.Support/*", "Microsoft.Web/certificates/*", "Microsoft.Web/listSitesAssignedToHostName/read",+ "Microsoft.Web/register/action", "Microsoft.Web/serverFarms/join/action", "Microsoft.Web/serverFarms/read", "Microsoft.Web/sites/*" |
| role-based-access-control | Ai Machine Learning | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/ai-machine-learning.md | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/joinPerimeter/action | Allow to join CognitiveServices account to an given perimeter. | > | Microsoft.CognitiveServices/accounts/listKeys/action | List keys | > | Microsoft.CognitiveServices/accounts/regenerateKey/action | Regenerate Key |+> | Microsoft.CognitiveServices/accounts/privateEndpointConnectionsApproval/action | Approves Private Endpoint | > | Microsoft.CognitiveServices/accounts/commitmentplans/read | Reads commitment plans. | > | Microsoft.CognitiveServices/accounts/commitmentplans/write | Writes commitment plans. | > | Microsoft.CognitiveServices/accounts/commitmentplans/delete | Deletes commitment plans. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/locations/deleteVirtualNetworkOrSubnets/action | Notification from Microsoft.Network of deleting VirtualNetworks or Subnets. | > | Microsoft.CognitiveServices/locations/notifyNetworkSecurityPerimeterUpdatesAvailable/action | Notification from Microsoft.Network of NetworkSecurityPerimeter updates. | > | Microsoft.CognitiveServices/locations/commitmentTiers/read | Reads available commitment tiers. |+> | Microsoft.CognitiveServices/locations/modelCapacities/read | Reads available capacities of a model. | > | Microsoft.CognitiveServices/locations/models/read | Reads available models. | > | Microsoft.CognitiveServices/locations/networkSecurityPerimeterProxies/read | Reads a network security perimeter. | > | Microsoft.CognitiveServices/locations/networkSecurityPerimeterProxies/write | Writes a network security perimeter. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/locations/networkSecurityPerimeterProxies/profileProxies/write | Writes a network security perimeter rule. | > | Microsoft.CognitiveServices/locations/networkSecurityPerimeterProxies/profileProxies/delete | Deletes a network security perimeter rule. | > | Microsoft.CognitiveServices/locations/operationresults/read | Read the status of an asynchronous operation. |+> | Microsoft.CognitiveServices/locations/raiContentFilters/read | List all available content filters | > | Microsoft.CognitiveServices/locations/resourceGroups/deletedAccounts/read | Get deleted account. | > | Microsoft.CognitiveServices/locations/resourceGroups/deletedAccounts/delete | Purge deleted account. | > | Microsoft.CognitiveServices/locations/usages/read | Read all usages data |+> | Microsoft.CognitiveServices/modelCapacities/read | Reads available capacities of a model. | > | Microsoft.CognitiveServices/models/read | Reads available models. | > | Microsoft.CognitiveServices/Operations/read | List all available operations | > | Microsoft.CognitiveServices/skus/read | Reads available SKUs for Cognitive Services. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/ComputerVision/batch/write | This internal operation creates a new batch with the specified name. | > | Microsoft.CognitiveServices/accounts/ComputerVision/batch/read | This internal operation returns the list of batches. | > | Microsoft.CognitiveServices/accounts/ComputerVision/batch/analyzestatus/read | This internal operation returns the status of the specified batch. |+> | Microsoft.CognitiveServices/accounts/ComputerVision/batch/imageretrieval/write | This internal operation ingests image vector and metadata to retrieval service. | +> | Microsoft.CognitiveServices/accounts/ComputerVision/batch/searchmetadata/write | This internal operation ingests image metadata to retrieval service. | +> | Microsoft.CognitiveServices/accounts/ComputerVision/batch/segmentation/write | This internal operation creates a new video segmentation batch with the specified name. | > | Microsoft.CognitiveServices/accounts/ComputerVision/batch/status/read | This internal operation returns the status of the specified batch. | > | Microsoft.CognitiveServices/accounts/ComputerVision/datasets/read | Get information about a specific dataset. Get a list of datasets that have been registered. | > | Microsoft.CognitiveServices/accounts/ComputerVision/datasets/write | Register a new dataset. Update the properties of an existing dataset. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/ComputerVision/retrieval/publickey/read | Gets a public key from certificate service in order to encrypt data. | > | Microsoft.CognitiveServices/accounts/ComputerVision/store/delete | Perform a delete user operation for ODC. | > | Microsoft.CognitiveServices/accounts/ComputerVision/textoperations/read | This interface is used for getting recognize text operation result. The URL to this interface should be retrieved from <b>"Operation-Location"</b> field returned from Recognize Text interface. |+> | Microsoft.CognitiveServices/accounts/ComputerVision/videoanalysis/indexes/write | This method creates a video index manager task, which can then be used to manipulate AI Search Indexes. | +> | Microsoft.CognitiveServices/accounts/ComputerVision/videoanalysis/indexes/delete | Deletes a video index manager task independent of the task status. | +> | Microsoft.CognitiveServices/accounts/ComputerVision/videoanalysis/indexes/read | Retrieves the video index manager task with the specified task id. Retrieves a list of all video index manager tasks.* | +> | Microsoft.CognitiveServices/accounts/ComputerVision/videoanalysis/videodescriptions/write | This method creates an video description task, which can then be used to generate video insights. | +> | Microsoft.CognitiveServices/accounts/ComputerVision/videoanalysis/videodescriptions/delete | Deletes a video description task independent of the task status. | +> | Microsoft.CognitiveServices/accounts/ComputerVision/videoanalysis/videodescriptions/read | Retrieves the video description task with the specified task id. Retrieves a list of all video description tasks.* | > | Microsoft.CognitiveServices/accounts/ContentModerator/imagelists/action | Create image list. | > | Microsoft.CognitiveServices/accounts/ContentModerator/termlists/action | Create term list. | > | Microsoft.CognitiveServices/accounts/ContentModerator/image:analyze/action | A sync API for harmful content analysis for image | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/ContentSafety/text:shieldprompt/action | A synchronous API for the analysis of text prompt injection attacks. | > | Microsoft.CognitiveServices/accounts/ContentSafety/text:detectgroundedness/action | A synchronous API for the analysis of language model outputs to determine alignment with user-provided information or identify fictional content. | > | Microsoft.CognitiveServices/accounts/ContentSafety/analyze/action | A synchronous API for the unified analysis of input content |+> | Microsoft.CognitiveServices/accounts/ContentSafety/image:detectincidents/action | A synchronous API for the analysis of image detect incidents. | +> | Microsoft.CognitiveServices/accounts/ContentSafety/text:detectincidents/action | A synchronous API for the analysis of text detect incidents. | +> | Microsoft.CognitiveServices/accounts/ContentSafety/text:analyzecustomcategory/action | A synchronous API for the analysis of text on custom category. | +> | Microsoft.CognitiveServices/accounts/ContentSafety/text:autoreview/action | A synchronous API for the automatic review of harmful content | +> | Microsoft.CognitiveServices/accounts/ContentSafety/analyzebysafetypolicy/action | A synchronous API for the safety policy analysis of input content | +> | Microsoft.CognitiveServices/accounts/ContentSafety/text:detectprotectedmaterialforcode/action | Detect protected material for code | +> | Microsoft.CognitiveServices/accounts/ContentSafety/image:detectwatermark/action | A synchronous API for decoding the content credentials from assets. | > | Microsoft.CognitiveServices/accounts/ContentSafety/blocklisthitcalls/read | Show blocklist hit request count at different timestamps. | > | Microsoft.CognitiveServices/accounts/ContentSafety/blocklisttopterms/read | List top terms hit in blocklist at different timestamps. | > | Microsoft.CognitiveServices/accounts/ContentSafety/categories/severities/requestcounts/read | List API request count number of a specific category and a specific severity given a time range. Default maxpagesize is 1000. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/ContentSafety/metrics/requestLatencies/read | List API request latencies at different timestamps given a time range. Default maxpagesize is 1000. | > | Microsoft.CognitiveServices/accounts/ContentSafety/requestcounts/read | List API request counts at different timestamps given a time range. Default maxpagesize is 1000. | > | Microsoft.CognitiveServices/accounts/ContentSafety/requestlatencies/read | List API request latencies at different timestamps given a time range. Default maxpagesize is 1000. |+> | Microsoft.CognitiveServices/accounts/ContentSafety/safetypolicies/write | Create or update safety policy | +> | Microsoft.CognitiveServices/accounts/ContentSafety/safetypolicies/delete | Delete a safety policy by policyName | +> | Microsoft.CognitiveServices/accounts/ContentSafety/safetypolicies/read | Get or List Safety Policy | +> | Microsoft.CognitiveServices/accounts/ContentSafety/text/autoreviewers/delete | Delete an auto reviewer or a specific version of it. | +> | Microsoft.CognitiveServices/accounts/ContentSafety/text/autoreviewers/read | Get a auto reviewer or a specific version of it. List latest versions of auto reviewers.* | +> | Microsoft.CognitiveServices/accounts/ContentSafety/text/autoreviewers/write | Create new auto reviewer or a new version of existing auto reviewer. | +> | Microsoft.CognitiveServices/accounts/ContentSafety/text/autoreviewers/operations/read | Get an auto reviewer operation. | > | Microsoft.CognitiveServices/accounts/ContentSafety/text/blocklists/read | Get or List Text Blocklist | > | Microsoft.CognitiveServices/accounts/ContentSafety/text/blocklists/write | Updates a text blocklist, if blocklistName does not exist, create a new blocklist. | > | Microsoft.CognitiveServices/accounts/ContentSafety/text/blocklists/delete | Deletes a text blocklist. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/ContentSafety/text/categories/read | Get or List Text Categories | > | Microsoft.CognitiveServices/accounts/ContentSafety/text/categories/write | Create or replace operation template. | > | Microsoft.CognitiveServices/accounts/ContentSafety/text/categories/delete | Resource delete operation template. |+> | Microsoft.CognitiveServices/accounts/ContentSafety/text/categories/operations/read | Get an custom category operation. | > | Microsoft.CognitiveServices/accounts/ContentSafety/text/incidents/read | Get or List Text Incidents | > | Microsoft.CognitiveServices/accounts/ContentSafety/text/incidents/write | Updates a text incident. If the text incident does not exist, a new text incident will be created. | > | Microsoft.CognitiveServices/accounts/ContentSafety/text/incidents/delete | Deletes a text incident. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/CustomVoice/endpoints/action | Operations (disable/suspend/resume etc.) on an existing voice endpoint | > | Microsoft.CognitiveServices/accounts/CustomVoice/models/action | Operations like model copy or model saveas. | > | Microsoft.CognitiveServices/accounts/CustomVoice/evaluations/action | Creates a new evaluation. |+> | Microsoft.CognitiveServices/accounts/CustomVoice/chatbot/read | Chat with chatbot. | > | Microsoft.CognitiveServices/accounts/CustomVoice/datasets/write | Create or update a dataset. | > | Microsoft.CognitiveServices/accounts/CustomVoice/datasets/delete | Deletes the voice dataset with the given id. | > | Microsoft.CognitiveServices/accounts/CustomVoice/datasets/read | Gets one or more datasets. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/CustomVoice/speakerauthorizations/delete | Deletes the specified speaker authorization. | > | Microsoft.CognitiveServices/accounts/CustomVoice/speakerauthorizations/read | Get the list of speaker authorizations for specified project. | > | Microsoft.CognitiveServices/accounts/CustomVoice/speakerauthorizations/write | Updates the mutable details of the voice speaker authorization identified by its ID. |+> | Microsoft.CognitiveServices/accounts/CustomVoice/speakerauthorizations/templates/read | Get Consent Templates. | > | Microsoft.CognitiveServices/accounts/EntitySearch/search/action | Get entities and places results for a given query. | > | Microsoft.CognitiveServices/accounts/Face/detect/action | Detect human faces in an image, return face rectangles, and optionally with faceIds, landmarks, and attributes. | > | Microsoft.CognitiveServices/accounts/Face/findsimilars/action | Given query face's faceId, to search the similar-looking faces from a faceId array, a face list or a large face list. faceId | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels:compose/action | Creates a new model from document types of existing models. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels:copyto/action | Copies model to the target resource, region, and modelId. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels:authorizecopy/action | Generates authorization to copy a model to this location with specified modelId and optional description. |+> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentclassifiers:authorizecopy/action | Generates authorization to copy a document classifier to this location with | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentclassifiers:analyze/action | Classifies document with document classifier. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentclassifiers:copyto/action | Copies document classifier to the target resource, region, and classifierId. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels:analyzebatch/action | Analyzes batch documents with document model. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels:analyze/action | Analyzes document with document model. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels:authorizecopy/action | Generates authorization to copy a document model to this location with | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels:copyto/action | Copies document model to the target resource, region, and modelId. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/analysis/analyze/document/action | Analyze Document. Support prebuilt models or custom trained model. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/analysis/batchanalyze/document/action | Batch Analyze Documents. Support prebuilt models or custom trained model. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/analysis/get/analyze/result/read | Gets the result of document analysis. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/FormRecognizer/custom/models/copyresults/read | Obtain current status and the result of the custom form model copy operation. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/custom/models/copyresults/read | Obtain current status and the result of the custom form model copy operation. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/custom/models/keys/read | Retrieve the keys for the model. |+> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentclassifiers/delete | Deletes document classifier. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentclassifiers/read | Gets detailed document classifier information. List all document classifiers.* | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentclassifiers/analyzeresults/read | Gets the result of document classifier. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentclassifiers:build/write | Builds a custom document classifier. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels/delete | Mark model for deletion. Model artifacts will be permanently removed within 48 hours. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels/read | Get detailed information about a custom model. Get information about all custom models* |+> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels/delete | Deletes document model. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels/read | Gets detailed document model information. List all document models* | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels/write | Updates document model information. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels/analyzebatchresults/read | Gets the result of batch document analysis. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels/analyzeresults/read | Get document analyze result from specified {modelId} and {resultId} |+> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels/analyzeresults/read | Gets the result of document analysis. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels/analyzeresults/figures/read | Gets the generated cropped image of specified figure from document analysis. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels/analyzeresults/pdf/read | Gets the generated searchable PDF output from document analysis. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels:build/write | Builds a custom document analysis model. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/documentmodels:compose/write | Creates a new document model from document types of existing document models. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/info/read | Return basic info about the current resource. |+> | Microsoft.CognitiveServices/accounts/FormRecognizer/info/read | Return information about the current resource. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/write | Create labeling project. Fail if projectId already exists. Update lableing project. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/read | Get lableing project. List lableing projects. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/delete | Delete lableing project. The project and metadata will be deleted. Documents/labels in user provided storage account will NOT be deleted. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/schema:suggest/action | Suggest schema based on existing documents associated with labeling project. Returns suggested schema without updating actual project schema. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/schema:edit/action | Set/edit field schema. Update all existing labels in the project to reflect edits. Field schema is initially empty. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/labels:analyze/action | Analyze labeling project document. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/labels/write | Create label of a labeling project. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/labels/read | Get label of a labeling project. List labels of a labeling project. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/labels/delete | Delete a label of a labeling project. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/labels/document/write | Set input document. Cannot be updated. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/labels/document/read | Get input document. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/labels/ocr/read | Get OCR result. OCR result does not contain predicted document fields. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/labels/operations/read | List analyze document results. Get analyze document result. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/schema/read | Get current schema. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/schema/operations/read | Get suggested schema. List suggested schemas. | +> | Microsoft.CognitiveServices/accounts/FormRecognizer/labelingprojects/stats/read | Get project level labeling statistics. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/layout/analyze/action | Extract text and layout information from a given document.<br>The input document must be of one of the supported content types - 'application/pdf', 'image/jpeg', 'image/png' or 'image/tiff'.<br>Alternatively, use 'application/json' type to specify the Url location of the document to be analyzed. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/layout/analyzeresults/read | Track the progress and obtain the result of the analyze layout operation | > | Microsoft.CognitiveServices/accounts/FormRecognizer/management/classifier/delete | Deletes document classifier. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/FormRecognizer/operation/get/operation/read | Gets operation. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/operation/list/operations/read | Lists operations. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/operations/read | Gets operation info. Lists all operations.* |+> | Microsoft.CognitiveServices/accounts/FormRecognizer/operations/read | Gets operation info. Lists all operations.* | > | Microsoft.CognitiveServices/accounts/FormRecognizer/prebuilt/businesscard/analyze/action | Extract field text and semantic values from a given business card document. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/prebuilt/businesscard/analyzeresults/read | Query the status and retrieve the result of an Analyze Business Card operation. The URL to this interface can be obtained from the 'Operation-Location' header in the Analyze Business Card response. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/prebuilt/iddocument/analyze/action | Extract field text and semantic values from a given Id document. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/FormRecognizer/prebuilt/receipt/asyncbatchanalyze/action | Extract field text and semantic values from a given receipt document. The input document must be of one of the supported | > | Microsoft.CognitiveServices/accounts/FormRecognizer/prebuilt/receipt/analyzeresults/read | Query the status and retrieve the result of an Analyze Receipt operation. The URL to this interface can be obtained from the 'Operation-Location' header in the Analyze Receipt response. | > | Microsoft.CognitiveServices/accounts/FormRecognizer/prebuilt/receipt/operations/read | Query the status and retrieve the result of an Analyze Receipt operation. The URL to this interface can be obtained from the 'Operation-Location' header in the Analyze Receipt response. |+> | Microsoft.CognitiveServices/accounts/HealthInsights/onco-phenotype/jobs/write | Creates an Onco Phenotype job with the given request body. | +> | Microsoft.CognitiveServices/accounts/HealthInsights/onco-phenotype/jobs/read | Gets the status and details of the Onco Phenotype job. | +> | Microsoft.CognitiveServices/accounts/HealthInsights/patient-timeline/jobs/write | Creates a Patient Timeline job with the given request body. | +> | Microsoft.CognitiveServices/accounts/HealthInsights/patient-timeline/jobs/read | Gets the status and details of the Patient Timeline job. | +> | Microsoft.CognitiveServices/accounts/HealthInsights/radiology-insights/jobs/write | Creates a Radiology Insights job with the given request body. | +> | Microsoft.CognitiveServices/accounts/HealthInsights/radiology-insights/jobs/read | Gets the status and details of the Radiology Insights job. | +> | Microsoft.CognitiveServices/accounts/HealthInsights/trial-matcher/cosmosdb/executeAction/action | Trial Matcher CosmosDB Proxy POST | +> | Microsoft.CognitiveServices/accounts/HealthInsights/trial-matcher/cosmosdb/read | Trial Matcher CosmosDB Proxy GET | +> | Microsoft.CognitiveServices/accounts/HealthInsights/trial-matcher/jobs/write | Creates a Trial Matcher job with the given request body. | +> | Microsoft.CognitiveServices/accounts/HealthInsights/trial-matcher/jobs/read | Gets the status and details of the Trial Matcher job. | > | Microsoft.CognitiveServices/accounts/ImageSearch/details/action | Returns insights about an image, such as webpages that include the image. | > | Microsoft.CognitiveServices/accounts/ImageSearch/search/action | Get relevant images for a given query. | > | Microsoft.CognitiveServices/accounts/ImageSearch/trending/action | Get currently trending images. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/Language/generate-questionanswers/action | Submit a Generate question answers Job request. | > | Microsoft.CognitiveServices/accounts/Language/analyze-conversations/action | Analyzes the input conversation. | > | Microsoft.CognitiveServices/accounts/Language/analyze-text/action | Submit a collection of text documents for analysis. Specify a single unique task to be executed immediately. |+> | Microsoft.CognitiveServices/accounts/Language/analyze-documents/action | Submit a collection of documents for analysis. | > | Microsoft.CognitiveServices/accounts/Language/:migratefromluis/action | Triggers a job to migrate one or more LUIS apps. | > | Microsoft.CognitiveServices/accounts/Language/generate/action | Language generation. | > | Microsoft.CognitiveServices/accounts/Language/analyze-conversation/jobscancel/action | Cancel a long-running analysis job on conversation. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/Language/analyze-conversations/projects/resources/unassign/jobs/read | Gets the status of an existing unassign deployment resources job. | > | Microsoft.CognitiveServices/accounts/Language/analyze-conversations/projects/train/jobs/read | Get training jobs. Get training job status and result details.* | > | Microsoft.CognitiveServices/accounts/Language/analyze-conversations/projects/train/jobs/cancel/action | Cancels a running training job. |+> | Microsoft.CognitiveServices/accounts/Language/analyze-documents/jobs/action | Submit documents analysis job. | +> | Microsoft.CognitiveServices/accounts/Language/analyze-documents/jobscancel/action | Cancel a long-running Documents Analysis job. | +> | Microsoft.CognitiveServices/accounts/Language/analyze-documents/jobs/read | Get the status of an analysis job. A job may consist of one or more tasks. Once all tasks are completed, the job will transition to the completed state and results will be available for each task. | > | Microsoft.CognitiveServices/accounts/Language/analyze-text/jobs/action | Submit a collection of text documents for analysis. Specify one or more unique tasks to be executed. | > | Microsoft.CognitiveServices/accounts/Language/analyze-text/jobscancel/action | Cancel a long-running Text Analysis job. | > | Microsoft.CognitiveServices/accounts/Language/analyze-text/internal/projects/autotag/action | Trigger auto tagging job. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/NewsSearch/categorysearch/action | Returns news for a provided category. | > | Microsoft.CognitiveServices/accounts/NewsSearch/search/action | Get news articles relevant for a given query. | > | Microsoft.CognitiveServices/accounts/NewsSearch/trendingtopics/action | Get trending topics identified by Bing. These are the same topics shown in the banner at the bottom of the Bing home page. |+> | Microsoft.CognitiveServices/accounts/OpenAI/batches/action | Creates a batch job | +> | Microsoft.CognitiveServices/accounts/OpenAI/issuetoken/action | Issue Cognitive Services jwt token for authentication. | +> | Microsoft.CognitiveServices/accounts/OpenAI/issuescopedtoken/action | Issue scoped Cognitive Services jwt token for authentication. | +> | Microsoft.CognitiveServices/accounts/OpenAI/1p-jobs/write | Creates or cancels First party Fine-tune jobs like RLHF jobs (SupervisedFineTuning, RewardModel, ProximalPolicyOptimisation). | +> | Microsoft.CognitiveServices/accounts/OpenAI/1p-jobs/read | Gets information about First party Fine-tune jobs. | > | Microsoft.CognitiveServices/accounts/OpenAI/assistants/write | Create or update assistants. | > | Microsoft.CognitiveServices/accounts/OpenAI/assistants/read | Get assistants. | > | Microsoft.CognitiveServices/accounts/OpenAI/assistants/delete | Delete assistants. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/runs/write | Create or update assistant thread run. | > | Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/runs/read | Retrieve assistant thread run. | > | Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/runs/steps/read | Retrieve assistant thread run step. |+> | Microsoft.CognitiveServices/accounts/OpenAI/assistants/vector_stores/write | Create or update vector stores. | +> | Microsoft.CognitiveServices/accounts/OpenAI/assistants/vector_stores/read | Get vector stores. | +> | Microsoft.CognitiveServices/accounts/OpenAI/assistants/vector_stores/delete | Delete vector stores. | +> | Microsoft.CognitiveServices/accounts/OpenAI/assistants/vector_stores/file_batches/write | Update vector store file batches | +> | Microsoft.CognitiveServices/accounts/OpenAI/assistants/vector_stores/file_batches/read | Read vector store file batches | +> | Microsoft.CognitiveServices/accounts/OpenAI/assistants/vector_stores/files/write | Write vector stores files | +> | Microsoft.CognitiveServices/accounts/OpenAI/assistants/vector_stores/files/read | Read vector stores files | +> | Microsoft.CognitiveServices/accounts/OpenAI/assistants/vector_stores/files/delete | Delete vector stores files | +> | Microsoft.CognitiveServices/accounts/OpenAI/batches/read | List or get batch jobs. | +> | Microsoft.CognitiveServices/accounts/OpenAI/batches/delete | Delete a batch job. | +> | Microsoft.CognitiveServices/accounts/OpenAI/batches/cancel/action | Cancel a batch job. | > | Microsoft.CognitiveServices/accounts/OpenAI/batch-jobs/write | Creates Batch Inference jobs. | > | Microsoft.CognitiveServices/accounts/OpenAI/batch-jobs/delete | Deletes Batch Inference jobs. | > | Microsoft.CognitiveServices/accounts/OpenAI/batch-jobs/read | Gets information about batch jobs. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/OpenAI/deployments/rainbow/action | Creates a completion for the provided prompt, consisting of text and images | > | Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action | Creates a completion for the chat message | > | Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action | Creates a completion for the chat message with extensions |+> | Microsoft.CognitiveServices/accounts/OpenAI/deployments/usage/read | Gets enqueued token usage for a specified batch deployment. | > | Microsoft.CognitiveServices/accounts/OpenAI/engines/read | Read engine information. | > | Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action | Create a completion from a chosen model | > | Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action | Search for the most relevant documents using the current engine. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action | (Intended for browsers only.) Stream generated text from the model via GET request.<br>This method is provided because the browser-native EventSource method can only send GET requests.<br>It supports a more limited set of configuration options than the POST variant. | > | Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action | Create a completion from a chosen model | > | Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/browser_stream/action | (Intended for browsers only.) Stream generated text from the model via GET request.<br>This method is provided because the browser-native EventSource method can only send GET requests.<br>It supports a more limited set of configuration options than the POST variant. |+> | Microsoft.CognitiveServices/accounts/OpenAI/evals/write | Creates or cancels evaluation of a model. | +> | Microsoft.CognitiveServices/accounts/OpenAI/evals/read | Gets information about evaluation runs. | > | Microsoft.CognitiveServices/accounts/OpenAI/extensions/on-your-data/ingestion/read | Read Operations related to on-your-data feature | > | Microsoft.CognitiveServices/accounts/OpenAI/extensions/on-your-data/ingestion/write | Write Operations related to on-your-data feature | > | Microsoft.CognitiveServices/accounts/OpenAI/files/write | Upload or import files. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/OpenAI/management/modelscaleset/deployment/write | Modify Modelscale set deployment status and info. | > | Microsoft.CognitiveServices/accounts/OpenAI/models/read | Gets information about models | > | Microsoft.CognitiveServices/accounts/OpenAI/openapi/read | Get OpenAI Info |+> | Microsoft.CognitiveServices/accounts/OpenAI/uploads/write | Capabilities for uploading large files. Includes capabilities for cancelling an in progress upload. | > | Microsoft.CognitiveServices/accounts/Personalizer/rank/action | A personalization rank request. | > | Microsoft.CognitiveServices/accounts/Personalizer/evaluations/action | Submit a new evaluation. | > | Microsoft.CognitiveServices/accounts/Personalizer/configurations/client/action | Get the client configuration. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read | Download the knowledgebase. | > | Microsoft.CognitiveServices/accounts/QnAMaker/operations/read | Gets details of a specific long running operation. | > | Microsoft.CognitiveServices/accounts/SpeechServices/issuetoken/action | Issue Cognitive Services jwt token for authentication. |-> | Microsoft.CognitiveServices/accounts/SpeechServices/models:authorizecopy/action | This method can be used to allow copying a model from another speech resource. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/models:copyto/action | This method is obsolete and will be removed in future API version. Please use models/{id}:copy instead. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/models:copy/action | This method can be used to copy a model from this speech resource to a target one. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/evaluations/action | Creates a new evaluation. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/models/action | Creates a new model. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/projects/action | Creates a new project. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/webhooks:ping/action | The request body of the POST request sent to the registered web hook URL is of the same shape as in the GET request for a specific hook. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/webhooks:test/action | The payload will be generated from the last entity that would have invoked the web hook. If no entity is present for none of the registered event types, | -> | Microsoft.CognitiveServices/accounts/SpeechServices/datasets/blocks:commit/action | Commit block list to complete the upload of the dataset. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/datasets/delete | Deletes the specified dataset. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/datasets/read | Gets a list of datasets for the authenticated subscription. Gets the dataset identified by the given ID.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/datasets/write | Updates the mutable details of the dataset identified by its ID. Uploads and creates a new dataset by getting the data from a specified URL or starts waiting for data blocks to be uploaded.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/datasets/upload/action | Uploads data and creates a new dataset. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/datasets/blocks/read | Gets the list of uploaded blocks for this dataset. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/datasets/blocks/write | Upload a block of data for the dataset. The maximum size of the block is 8MiB. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/datasets/files/read | Gets one specific file (identified with fileId) from a dataset (identified with id). Gets the files of the dataset identified by the given ID.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/datasets/locales/read | Gets a list of supported locales for datasets. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/endpoints/write | Creates a new endpoint. Updates the metadata of the endpoint identified by the given ID.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/endpoints/delete | Deletes the endpoint identified by the given ID. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/endpoints/read | Gets the endpoint identified by the given ID. Gets the list of endpoints for the authenticated subscription.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/endpoints/base/files/logs/delete | Deletes one audio or transcription log that have been stored when using the default base model of a given language. Deletion process is done asynchronously and can take up to one day depending on the amount of log files.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/endpoints/base/files/logs/read | Gets a specific audio or transcription log for the default base model in a given language. Gets the list of audio and transcription logs that have been stored when using the default base model of a given language.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/endpoints/files/logs/delete | Deletes one audio or transcription log that have been stored for a given endpoint. The deletion process is done asynchronously and can take up to one day depending on the amount of log files.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/endpoints/files/logs/read | Gets a specific audio or transcription log for a given endpoint. Gets the list of audio and transcription logs that have been stored for a given endpoint.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/endpoints/locales/read | Gets a list of supported locales for endpoint creations. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/evaluations/delete | Deletes the evaluation identified by the given ID. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/evaluations/read | Gets the evaluation identified by the given ID. Gets the list of evaluations for the authenticated subscription.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/evaluations/write | Updates the mutable details of the evaluation identified by its id. Creates a new evaluation.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/evaluations/files/read | Gets one specific file (identified with fileId) from an evaluation (identified with id). Gets the files of the evaluation identified by the given ID.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/evaluations/locales/read | Gets a list of supported locales for evaluations. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/healthstatus/read | Returns the overall health of the service and optionally of the different subcomponents. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/models/delete | Deletes the model identified by the given ID. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/models/read | Gets the list of custom models for the authenticated subscription. Gets the model identified by the given ID.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/models/write | Updates the metadata of the model identified by the given ID. Creates a new model.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/models/base/read | Gets the base model identified by the given ID. Gets the list of base models for the authenticated subscription.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/models/base/manifest/read | Returns an manifest for this base model which can be used in an on-premise container. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/models/files/read | Gets one specific file (identified with fileId) from a model (identified with id). Gets the files of the model identified by the given ID.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/models/locales/read | Gets a list of supported locales for model adaptation. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/models/manifest/read | Returns an manifest for this model which can be used in an on-premise container. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/operations/models/copy/read | Gets the operation identified by the given ID. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/projects/delete | Deletes the project identified by the given ID. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/projects/read | Gets the list of projects for the authenticated subscription. Gets the project identified by the given ID.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/projects/write | Updates the project identified by the given ID. Creates a new project.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/projects/datasets/read | Gets the list of datasets for specified project. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/projects/endpoints/read | Gets the list of endpoints for specified project. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/projects/evaluations/read | Gets the list of evaluations for specified project. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/projects/locales/read | Gets the list of supported locales. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/projects/models/read | Gets the list of models for specified project. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/projects/transcriptions/read | Gets the list of transcriptions for specified project. | > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/models/action | This method can be used to copy a model from one location to another. If the target subscription |+> | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/transcriptions/action | Transcribe audio | > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/webhooks/action | Web hooks operations | > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/datasets/write | Create or update a dataset | > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/datasets/delete | Delete a dataset | > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/datasets/read | Get one or more datasets |-> | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/datasets/blocks/read | Get one or more uploaded blocks | -> | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/datasets/blocks/write | Create or update a dataset blocks | > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/datasets/files/read | Get one or more dataset files | > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/endpoints/write | Create or update an endpoint | > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/endpoints/delete | Delete an endpoint | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/models/write | Create or update a model. | > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/models/delete | Delete a model | > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/models/read | Get one or more models |-> | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/models/base/manifest/read | Returns an manifest for this base model which can be used in an on-premise container. | > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/models/files/read | Returns files for this model. |-> | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/models/manifest/read | Returns an manifest for this model which can be used in an on-premise container. | > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/projects/write | Create or update a project | > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/projects/delete | Delete a project | > | Microsoft.CognitiveServices/accounts/SpeechServices/speechrest/projects/read | Get one or more projects | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/SpeechServices/text-independent/profiles/enrollments/write | Adds an enrollment to existing profile. | > | Microsoft.CognitiveServices/accounts/SpeechServices/text-independent/profiles/reset/write | Resets existing profile to its original creation state. The reset operation does the following: | > | Microsoft.CognitiveServices/accounts/SpeechServices/text-independent/profiles:reset/write | Resets existing profile to its original creation state. The reset operation does the following: |-> | Microsoft.CognitiveServices/accounts/SpeechServices/transcriptions/write | Creates a new transcription. Updates the mutable details of the transcription identified by its ID.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/transcriptions/delete | Deletes the specified transcription task. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/transcriptions/read | Gets a list of transcriptions for the authenticated subscription. Gets the transcription identified by the given ID.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/transcriptions/files/read | Gets one specific file (identified with fileId) from a transcription (identified with id). Gets the files of the transcription identified by the given ID.* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/transcriptions/locales/read | Gets a list of supported locales for offline transcriptions. | > | Microsoft.CognitiveServices/accounts/SpeechServices/unified-speech/frontend/action | This endpoint manages the Speech Frontend | > | Microsoft.CognitiveServices/accounts/SpeechServices/unified-speech/management/action | This endpoint manages the Speech Frontend | > | Microsoft.CognitiveServices/accounts/SpeechServices/unified-speech/probes/action | This endpoint monitors the Speech Frontend health | > | Microsoft.CognitiveServices/accounts/SpeechServices/unified-speech/languages/action | This endpoint provides the REST language api. | > | Microsoft.CognitiveServices/accounts/SpeechServices/unified-speech/legacy/query/action | The Speech Service legacy REST api. |-> | Microsoft.CognitiveServices/accounts/SpeechServices/webhooks/write | If the property secret in the configuration is present and contains a non-empty string, it will be used to create a SHA256 hash of the payload with If the property secret in the configuration is omitted or contains an empty string, future callbacks won't contain X-MicrosoftSpeechServices-Signature* | -> | Microsoft.CognitiveServices/accounts/SpeechServices/webhooks/delete | Deletes the web hook identified by the given ID. | -> | Microsoft.CognitiveServices/accounts/SpeechServices/webhooks/read | Gets the list of web hooks for the authenticated subscription. Gets the web hook identified by the given ID.* | > | Microsoft.CognitiveServices/accounts/SpellCheck/spellcheck/action | Get result of a spell check query through GET or POST. | > | Microsoft.CognitiveServices/accounts/TextAnalytics/languages/action | The API returns the detected language and a numeric score between 0 and 1. Scores close to 1 indicate 100% certainty that the identified language is true. A total of 120 languages are supported. | > | Microsoft.CognitiveServices/accounts/TextAnalytics/entities/action | The API returns a list of known entities and general named entities (\"Person\", \"Location\", \"Organization\" etc) in a given document. | Azure service: [Cognitive Services](/azure/cognitive-services/) > | Microsoft.CognitiveServices/accounts/VideoSearch/trending/action | Get currently trending videos. | > | Microsoft.CognitiveServices/accounts/VideoSearch/details/action | Get insights about a video, such as related videos. | > | Microsoft.CognitiveServices/accounts/VideoSearch/search/action | Get videos relevant for a given query. |-> | Microsoft.CognitiveServices/accounts/VideoTranslation/Metadata/read | Query video translation metadata. | -> | Microsoft.CognitiveServices/accounts/VideoTranslation/Translations/write | Create or update video files. | -> | Microsoft.CognitiveServices/accounts/VideoTranslation/Translations/read | Read video files. | -> | Microsoft.CognitiveServices/accounts/VideoTranslation/Translations/write | Create or update video files. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/Consents/write | Create consent. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/Consents/read | Read consent. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/Consents/delete | Delete consent. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/DefaultConsentTemplates/read | Read default consent template. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/Iterations/write | Create iteration. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/Iterations/read | Read iteration. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/metadata/read | Query video translation metadata. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/Operations/read | Read operation. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/TargetLocales/read | Read target locales. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/TargetLocales/delete | Delete target locale. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/Translations/write | Create translation. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/Translations/read | Read translation. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/Translations/delete | Delete translation. | > | Microsoft.CognitiveServices/accounts/VideoTranslation/VideoFiles/write | Create or update video files. | > | Microsoft.CognitiveServices/accounts/VideoTranslation/VideoFiles/read | Read video files. | > | Microsoft.CognitiveServices/accounts/VideoTranslation/VideoFiles/delete | Delete video files. |-> | Microsoft.CognitiveServices/accounts/VideoTranslation/VideoFileTargetLocale/delete | Delete target locale. | -> | Microsoft.CognitiveServices/accounts/VideoTranslation/WebVttFiles/read | Read webvtt files. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/VideoFileTranslations/write | Create video file translation. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/VideoFileTranslations/read | Read video file translations. | +> | Microsoft.CognitiveServices/accounts/VideoTranslation/VideoFileTranslations/delete | Delete video file translations. | > | Microsoft.CognitiveServices/accounts/VideoTranslation/WebVttFiles/write | Create or update webvtt files. | > | Microsoft.CognitiveServices/accounts/VisualSearch/search/action | Returns a list of tags relevant to the provided image | > | Microsoft.CognitiveServices/accounts/WebSearch/search/action | Get web, image, news, & videos results for a given query. | -## Microsoft.MachineLearning --Access and manage the predictive models that you created and deployed as web services. --Azure service: [Machine Learning Studio (classic)](/azure/machine-learning/classic/) ---> [!div class="mx-tableFixed"] -> | Action | Description | -> | | | -> | Microsoft.MachineLearning/register/action | Registers the subscription for the machine learning web service resource provider and enables the creation of web services. | -> | Microsoft.MachineLearning/webServices/action | Create regional Web Service Properties for supported regions | -> | Microsoft.MachineLearning/commitmentPlans/read | Read any Machine Learning Commitment Plan | -> | Microsoft.MachineLearning/commitmentPlans/write | Create or Update any Machine Learning Commitment Plan | -> | Microsoft.MachineLearning/commitmentPlans/delete | Delete any Machine Learning Commitment Plan | -> | Microsoft.MachineLearning/commitmentPlans/join/action | Join any Machine Learning Commitment Plan | -> | Microsoft.MachineLearning/commitmentPlans/commitmentAssociations/read | Read any Machine Learning Commitment Plan Association | -> | Microsoft.MachineLearning/commitmentPlans/commitmentAssociations/move/action | Move any Machine Learning Commitment Plan Association | -> | Microsoft.MachineLearning/locations/operationresults/read | Get result of a Machine Learning Operation | -> | Microsoft.MachineLearning/locations/operationsstatus/read | Get status of an ongoing Machine Learning Operation | -> | Microsoft.MachineLearning/operations/read | Get Machine Learning Operations | -> | Microsoft.MachineLearning/skus/read | Get Machine Learning Commitment Plan SKUs | -> | Microsoft.MachineLearning/webServices/read | Read any Machine Learning Web Service | -> | Microsoft.MachineLearning/webServices/write | Create or Update any Machine Learning Web Service | -> | Microsoft.MachineLearning/webServices/delete | Delete any Machine Learning Web Service | -> | Microsoft.MachineLearning/webServices/listkeys/read | Get keys to a Machine Learning Web Service | -> | Microsoft.MachineLearning/Workspaces/read | Read any Machine Learning Workspace | -> | Microsoft.MachineLearning/Workspaces/write | Create or Update any Machine Learning Workspace | -> | Microsoft.MachineLearning/Workspaces/delete | Delete any Machine Learning Workspace | -> | Microsoft.MachineLearning/Workspaces/listworkspacekeys/action | List keys for a Machine Learning Workspace | -> | Microsoft.MachineLearning/Workspaces/resyncstoragekeys/action | Resync keys of storage account configured for a Machine Learning Workspace | - ## Microsoft.MachineLearningServices Enterprise-grade machine learning service to build and deploy models faster. Azure service: [Machine Learning](/azure/machine-learning/) > | Microsoft.MachineLearningServices/workspaces/computes/updateSchedules/action | Edit compute start/stop schedules | > | Microsoft.MachineLearningServices/workspaces/computes/applicationaccessuilinks/action | Enable compute instance UI links | > | Microsoft.MachineLearningServices/workspaces/computes/reimage/action | Reimages compute resource in Machine Learning Services Workspace |+> | Microsoft.MachineLearningServices/workspaces/computes/enableSso/action | Enables SSO on compute instance in Machine Learning Services Workspace | > | Microsoft.MachineLearningServices/workspaces/connections/read | Gets the Machine Learning Services Workspace connection(s) | > | Microsoft.MachineLearningServices/workspaces/connections/write | Creates or updates a Machine Learning Services connection(s) | > | Microsoft.MachineLearningServices/workspaces/connections/delete | Deletes the Machine Learning Services connection(s) | Azure service: [Machine Learning](/azure/machine-learning/) > | Microsoft.MachineLearningServices/workspaces/connections/deployments/write | Creates or Updates the Machine Learning Services AzureOpenAI Connection deployment | > | Microsoft.MachineLearningServices/workspaces/connections/deployments/delete | Deletes the Machine Learning Services AzureOpenAI Connection deployment | > | Microsoft.MachineLearningServices/workspaces/connections/models/read | Gets the Machine Learning Services AzureOpenAI Connection model |+> | Microsoft.MachineLearningServices/workspaces/connections/raiBlocklists/read | Read RAI Blocklists to the Machine Learning Services connection | +> | Microsoft.MachineLearningServices/workspaces/connections/raiBlocklists/write | Write RAI Blocklists to the Machine Learning Services connection | +> | Microsoft.MachineLearningServices/workspaces/connections/raiBlocklists/delete | Delete RAI Blocklists to the Machine Learning Services connection | +> | Microsoft.MachineLearningServices/workspaces/connections/raiBlocklists/addRaiBlocklistItems/action | Adds RAI blocklist items to the Machine Learning Services connection | +> | Microsoft.MachineLearningServices/workspaces/connections/raiBlocklists/deleteRaiBlocklistItems/action | Deletes RAI blocklist items to the Machine Learning Services connection | +> | Microsoft.MachineLearningServices/workspaces/connections/raiBlocklists/raiBlocklistItems/read | Read RAI Blocklist Items to the Machine Learning Services connection | +> | Microsoft.MachineLearningServices/workspaces/connections/raiBlocklists/raiBlocklistItems/write | Write RAI Blocklist Items to the Machine Learning Services connection | +> | Microsoft.MachineLearningServices/workspaces/connections/raiBlocklists/raiBlocklistItems/delete | Delete RAI Blocklist Items to the Machine Learning Services connection | +> | Microsoft.MachineLearningServices/workspaces/connections/raiPolicies/read | Read RAI Policies to the Machine Learning Services connection | +> | Microsoft.MachineLearningServices/workspaces/connections/raiPolicies/write | Write RAI Policies to the Machine Learning Services connection | +> | Microsoft.MachineLearningServices/workspaces/connections/raiPolicies/delete | Delete RAI Policies to the Machine Learning Services connection | > | Microsoft.MachineLearningServices/workspaces/data/read | Reads Data container in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/data/write | Writes Data container in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/data/delete | Deletes Data container in Machine Learning Services Workspace(s) | Azure service: [Machine Learning](/azure/machine-learning/) > | Microsoft.MachineLearningServices/workspaces/marketplaceSubscriptions/read | Gets the Machine Learning Service Workspaces Marketplace Subscription(s) | > | Microsoft.MachineLearningServices/workspaces/marketplaceSubscriptions/write | Creates or Updates the Machine Learning Service Workspaces Marketplace Subscription(s) | > | Microsoft.MachineLearningServices/workspaces/marketplaceSubscriptions/delete | Deletes the Machine Learning Service Workspaces Marketplace Subscription(s) |+> | Microsoft.MachineLearningServices/workspaces/metadata/listsecrets/action | List secrets in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/metadata/artifacts/read | Gets artifacts in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/metadata/artifacts/write | Creates or updates artifacts in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/metadata/artifacts/delete | Deletes artifacts in Machine Learning Services Workspace(s) | Azure service: [Machine Learning](/azure/machine-learning/) > | Microsoft.MachineLearningServices/workspaces/onlineendpoints/operationresults/read | Checks Online Endpoint Operation Result for an online inference endpoint in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/onlineendpoints/operationsstatus/read | Checks Online Endpoint Operation Status for an online inference endpoint in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/outboundNetworkDependenciesEndpoints/read | Read all external outbound dependencies (FQDNs) programmatically |+> | Microsoft.MachineLearningServices/workspaces/outboundRules/read | Gets outbound rules in the Machine Learning Service Workspace(s) | +> | Microsoft.MachineLearningServices/workspaces/outboundRules/write | Creates or updates outbound rules in the Machine Learning Service Workspace(s) | +> | Microsoft.MachineLearningServices/workspaces/outboundRules/delete | Deletes outbound rules in the Machine Learning Service Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/pipelinedrafts/read | Gets pipeline drafts in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/pipelinedrafts/write | Creates or updates pipeline drafts in Machine Learning Services Workspace(s) | > | Microsoft.MachineLearningServices/workspaces/pipelinedrafts/delete | Deletes pipeline drafts in Machine Learning Services Workspace(s) | |
| role-based-access-control | Analytics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/analytics.md | Azure service: [Azure Databricks](/azure/databricks/) > | Microsoft.Databricks/locations/getNetworkPolicies/action | Get Network Intent Polices for a subnet based on the location used by NRP | > | Microsoft.Databricks/locations/operationstatuses/read | Reads the operation status for the resource. | > | Microsoft.Databricks/operations/read | Gets the list of operations. |-> | Microsoft.Databricks/workspaces/assignWorkspaceAdmin/action | Makes the user a workspace Admin within Databricks. | > | Microsoft.Databricks/workspaces/read | Retrieves a list of Databricks workspaces. | > | Microsoft.Databricks/workspaces/write | Creates a Databricks workspace. | > | Microsoft.Databricks/workspaces/delete | Removes a Databricks workspace. | Azure service: [Azure Databricks](/azure/databricks/) > | Microsoft.Databricks/workspaces/updateDenyAssignment/action | Update deny assignment not actions for a managed resource group of a workspace | > | Microsoft.Databricks/workspaces/refreshWorkspaces/action | Refresh a workspace with new details like URL | > | Microsoft.Databricks/workspaces/privateEndpointConnectionsApproval/action | Approve or reject a connection to a Private Endpoint resource. |+> | Microsoft.Databricks/workspaces/assignWorkspaceAdmin/action | Makes the user a Workspace Admin within Databricks | > | Microsoft.Databricks/workspaces/dbWorkspaces/write | Initializes the Databricks workspace (internal only) | > | Microsoft.Databricks/workspaces/outboundNetworkDependenciesEndpoints/read | Gets a list of egress endpoints (network endpoints of all outbound dependencies) for an Azure Databricks Workspace. The operation returns properties of each egress endpoint | > | Microsoft.Databricks/workspaces/privateEndpointConnectionProxies/read | Get Private Endpoint Connection Proxy | Azure service: [Azure Databricks](/azure/databricks/) > | Microsoft.Databricks/workspaces/virtualNetworkPeerings/write | Add or modify virtual network peering | > | Microsoft.Databricks/workspaces/virtualNetworkPeerings/delete | Deletes a virtual network peering | -## Microsoft.DataCatalog --Get more value from your enterprise data assets. --Azure service: [Data Catalog](/azure/data-catalog/) --> [!div class="mx-tableFixed"] -> | Action | Description | -> | | | -> | Microsoft.DataCatalog/checkNameAvailability/action | Checks catalog name availability for tenant. | -> | Microsoft.DataCatalog/register/action | Registers subscription with Microsoft.DataCatalog resource provider. | -> | Microsoft.DataCatalog/unregister/action | Unregisters subscription from Microsoft.DataCatalog resource provider. | -> | Microsoft.DataCatalog/catalogs/read | Get properties for catalog or catalogs under subscription or resource group. | -> | Microsoft.DataCatalog/catalogs/write | Creates catalog or updates the tags and properties for the catalog. | -> | Microsoft.DataCatalog/catalogs/delete | Deletes the catalog. | -> | Microsoft.DataCatalog/operations/read | Lists operations available on Microsoft.DataCatalog resource provider. | - ## Microsoft.DataFactory Hybrid data integration at enterprise scale, made easy. Azure service: [HDInsight](/azure/hdinsight/) > | Microsoft.HDInsight/clusterPools/clusters/resize/action | Resize a HDInsight on AKS Cluster | > | Microsoft.HDInsight/clusterPools/clusters/runjob/action | Run HDInsight on AKS Cluster Job | > | Microsoft.HDInsight/clusterPools/clusters/upgrade/action | Upgrade HDInsight on AKS Cluster |+> | Microsoft.HDInsight/clusterPools/clusters/rollback/action | Rollback HDInsight on AKS Cluster Upgrade | +> | Microsoft.HDInsight/clusterPools/clusters/managelibraries/action | Manage HDInsight on AKS Cluster Libaries | > | Microsoft.HDInsight/clusterPools/clusters/availableupgrades/read | Get Avaliable Upgrades for HDInsight on AKS Cluster | > | Microsoft.HDInsight/clusterPools/clusters/instanceviews/read | Get details about HDInsight on AKS Cluster Instance View | > | Microsoft.HDInsight/clusterPools/clusters/jobs/read | List HDInsight on AKS Cluster Jobs |+> | Microsoft.HDInsight/clusterPools/clusters/libraries/read | Read HDInsight on AKS Cluster Libaries | > | Microsoft.HDInsight/clusterPools/clusters/serviceconfigs/read | Get details about HDInsight on AKS Cluster Service Configurations |+> | Microsoft.HDInsight/clusterPools/clusters/upgradehistories/read | Read HDInsight on AKS Cluster Upgrade Histories | +> | Microsoft.HDInsight/clusterPools/upgradehistories/read | Read HDInsight on AKS Cluster Pool Upgrade Histories | > | Microsoft.HDInsight/clusters/write | Create or Update HDInsight Cluster | > | Microsoft.HDInsight/clusters/read | Get details about HDInsight Cluster | > | Microsoft.HDInsight/clusters/delete | Delete a HDInsight Cluster | Azure service: [HDInsight](/azure/hdinsight/) > | Microsoft.HDInsight/clusters/executeScriptActions/action | Execute Script Actions for HDInsight Cluster | > | Microsoft.HDInsight/clusters/resolvePrivateLinkServiceId/action | Resolve Private Link Service ID for HDInsight Cluster | > | Microsoft.HDInsight/clusters/privateEndpointConnectionsApproval/action | Auto Approve Private Endpoint Connections for HDInsight Cluster |+> | MICROSOFT.HDINSIGHT/CLUSTERS/LISTHOSTS/ACTION | List hosts | +> | MICROSOFT.HDINSIGHT/CLUSTERS/RESTARTHOSTS/ACTION | Restart Hosts | > | Microsoft.HDInsight/clusters/applications/read | Get Application for HDInsight Cluster | > | Microsoft.HDInsight/clusters/applications/write | Create or Update Application for HDInsight Cluster | > | Microsoft.HDInsight/clusters/applications/delete | Delete Application for HDInsight Cluster |+> | MICROSOFT.HDINSIGHT/CLUSTERS/AVAILABLEUPGRADES/READ | Read Available Upgrades | +> | Microsoft.HDInsight/clusters/azureasyncoperations/read | Read Async Operations for HDInsight Cluster | > | Microsoft.HDInsight/clusters/configurations/read | Get HDInsight Cluster Configurations | > | Microsoft.HDInsight/clusters/executeScriptActions/azureasyncoperations/read | Get Script Action status for HDInsight Cluster | > | Microsoft.HDInsight/clusters/executeScriptActions/operationresults/read | Get Script Action status for HDInsight Cluster | > | Microsoft.HDInsight/clusters/extensions/write | Create Cluster Extension for HDInsight Cluster | > | Microsoft.HDInsight/clusters/extensions/read | Get Cluster Extension for HDInsight Cluster | > | Microsoft.HDInsight/clusters/extensions/delete | Delete Cluster Extension for HDInsight Cluster |+> | MICROSOFT.HDINSIGHT/CLUSTERS/OPERATIONRESULTS/READ | Read Operation Results | > | Microsoft.HDInsight/clusters/outboundNetworkDependenciesEndpoints/read | List Outbound Network Dependencies Endpoints for HDInsight Cluster | > | Microsoft.HDInsight/clusters/privateEndpointConnections/read | Get Private Endpoint Connections for HDInsight Cluster | > | Microsoft.HDInsight/clusters/privateEndpointConnections/write | Update Private Endpoint Connections for HDInsight Cluster | Azure service: [HDInsight](/azure/hdinsight/) > | Microsoft.HDInsight/clusters/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource HDInsight Cluster | > | Microsoft.HDInsight/clusters/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for HDInsight Cluster | > | Microsoft.HDInsight/clusters/roles/resize/action | Resize a HDInsight Cluster |+> | MICROSOFT.HDINSIGHT/CLUSTERS/ROLES/AUTOSCALE/ACTION | Update Autoscale Configurations | > | Microsoft.HDInsight/clusters/scriptActions/read | Get persisted Script Actions for HDInsight Cluster | > | Microsoft.HDInsight/clusters/scriptActions/delete | Delete persisted Script Actions for HDInsight Cluster | > | Microsoft.HDInsight/clusters/scriptExecutionHistory/read | Get Script Actions history for HDInsight Cluster | > | Microsoft.HDInsight/clusters/scriptExecutionHistory/promote/action | Promote Script Action for HDInsight Cluster |+> | MICROSOFT.HDINSIGHT/CLUSTERS/UPGRADES/READ | Read Upgrades | +> | MICROSOFT.HDINSIGHT/LOCATIONS/CHECKNAMEAVAILABILITY/ACTION | Check Name Availability | +> | MICROSOFT.HDINSIGHT/LOCATIONS/VALIDATECREATEREQUEST/ACTION | Validate Create Requests | +> | MICROSOFT.HDINSIGHT/LOCATIONS/AVAILABLECLUSTERPOOLVERSIONS/READ | Get Avaliable versions for HDInsight on AKS Cluster Pool | +> | MICROSOFT.HDINSIGHT/LOCATIONS/AVAILABLECLUSTERVERSIONS/READ | Get Avaliable versions for HDInsight on AKS Cluster | +> | Microsoft.HDInsight/locations/azureasyncoperations/read | Read Async Operations | +> | MICROSOFT.HDINSIGHT/LOCATIONS/BILLINGSPECS/READ | Get Billing Specs | > | Microsoft.HDInsight/locations/capabilities/read | Get Subscription Capabilities | > | Microsoft.HDInsight/locations/checkNameAvailability/read | Check Name Availability |+> | MICROSOFT.HDINSIGHT/LOCATIONS/OPERATIONRESULTS/READ | Read Operation Results | +> | MICROSOFT.HDINSIGHT/LOCATIONS/OPERATIONSTATUSES/READ | Read Operation Status | +> | MICROSOFT.HDINSIGHT/LOCATIONS/OPERATIONSTATUSES/WRITE | Write Operation Status | +> | MICROSOFT.HDINSIGHT/LOCATIONS/USAGES/READ | Read Usage | +> | MICROSOFT.HDINSIGHT/OPERATIONS/READ | Read Operations | +> | MICROSOFT.HDINSIGHT/RESOURCETYPES/READ | Read Resource Types | ## Microsoft.Kusto Azure service: [Azure Data Explorer](/azure/data-explorer/) > | Microsoft.Kusto/Clusters/Migrate/action | Migrates the cluster data to another cluster. | > | Microsoft.Kusto/Clusters/DetachFollowerDatabases/action | Detaches follower's databases. | > | Microsoft.Kusto/Clusters/ListFollowerDatabases/action | Lists the follower's databases. |+> | Microsoft.Kusto/Clusters/AddCalloutPolicy/action | Add callout policies. | +> | Microsoft.Kusto/Clusters/RemovePrincipals/action | Remove callout policy. | +> | Microsoft.Kusto/Clusters/ListCalloutPolicies/action | Lists the service callout policies. | > | Microsoft.Kusto/Clusters/DiagnoseVirtualNetwork/action | Diagnoses network connectivity status for external resources on which the service is dependent. | > | Microsoft.Kusto/Clusters/ListLanguageExtensions/action | Lists language extensions. | > | Microsoft.Kusto/Clusters/AddLanguageExtensions/action | Add language extensions. | Azure service: [Azure Data Explorer](/azure/data-explorer/) > | Microsoft.Kusto/Clusters/PrivateEndpointConnectionProxies/read | Reads a private endpoint connection proxy | > | Microsoft.Kusto/Clusters/PrivateEndpointConnectionProxies/write | Writes a private endpoint connection proxy | > | Microsoft.Kusto/Clusters/PrivateEndpointConnectionProxies/delete | Deletes a private endpoint connection proxy |+> | Microsoft.Kusto/Clusters/PrivateEndpointConnectionProxies/Validate/action | Validates a private endpoint connection proxy | > | Microsoft.Kusto/Clusters/PrivateEndpointConnections/read | Reads a private endpoint connection | > | Microsoft.Kusto/Clusters/PrivateEndpointConnections/write | Writes a private endpoint connection | > | Microsoft.Kusto/Clusters/PrivateEndpointConnections/delete | Deletes a private endpoint connection | Azure service: [Microsoft Purview](/purview/) > | Microsoft.Purview/getDefaultAccount/read | Gets the default account for the scope. | > | Microsoft.Purview/locations/operationResults/read | Monitor async operations. | > | Microsoft.Purview/operations/read | Reads all available operations for Microsoft Purview provider. |-> | Microsoft.Purview/policies/read | Read Policy Resource. | > | **DataAction** | **Description** | > | Microsoft.Purview/accounts/data/read | Permission is deprecated. | > | Microsoft.Purview/accounts/data/write | Permission is deprecated. | |
| role-based-access-control | Compute | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/compute.md | Azure service: [Azure Container Apps](/azure/container-apps/) > | microsoft.app/builders/write | Create or update a Builder | > | microsoft.app/builders/read | Get a Builder | > | microsoft.app/builders/delete | Delete a Builder |-> | microsoft.app/builders/patches/read | Get a Builder's Patch | -> | microsoft.app/builders/patches/delete | Delete a Builder's Patch | -> | microsoft.app/builders/patches/skip/action | Skip a Builder's Patch | -> | microsoft.app/builders/patches/apply/action | Apply a Builder's Patch | > | microsoft.app/builds/write | Create or update a Build's build | > | microsoft.app/builds/read | Get a Builder's Build | > | microsoft.app/builds/delete | Delete a Managed Environment's Build | > | microsoft.app/builds/listauthtoken/action | Gets the token used to connect to the build endpoints, such as source code upload or build log streaming. | > | microsoft.app/connectedenvironments/join/action | Allows to create a Container App or Container Apps Job in a Connected Environment |+> | microsoft.app/connectedenvironments/checknameavailability/action | Check reource name availability for a Connected Environment | +> | microsoft.app/connectedenvironments/write | Create or update a Connected Environment | +> | microsoft.app/connectedenvironments/delete | Delete a Connected Environment | +> | microsoft.app/connectedenvironments/read | Get a Connected Environment | +> | microsoft.app/connectedenvironments/certificates/write | Create or update a Connected Environment Certificate | +> | microsoft.app/connectedenvironments/certificates/read | Get a Connected Environment's Certificate | +> | microsoft.app/connectedenvironments/certificates/delete | Delete a Connected Environment's Certificate | +> | microsoft.app/connectedenvironments/daprcomponents/write | Create or Update Connected Environment Dapr Component | +> | microsoft.app/connectedenvironments/daprcomponents/read | Read Connected Environment Dapr Component | +> | microsoft.app/connectedenvironments/daprcomponents/delete | Delete Connected Environment Dapr Component | +> | microsoft.app/connectedenvironments/daprcomponents/listsecrets/action | List Secrets of a Dapr Component | +> | microsoft.app/connectedenvironments/storages/read | Get storage for a Connected Environment. | +> | microsoft.app/connectedenvironments/storages/write | Create or Update a storage of Connected Environment. | +> | microsoft.app/connectedenvironments/storages/delete | Delete a storage of Connected Environment. | +> | microsoft.app/containerapp/appresiliency/write | Create or Update App Resiliency Policy | +> | microsoft.app/containerapp/appresiliency/delete | Delete App Resiliency Policy | +> | microsoft.app/containerapp/appresiliency/read | Get App Resiliency Policy | > | microsoft.app/containerapp/resiliencypolicies/read | Get App Resiliency Policy | > | microsoft.app/containerapps/write | Create or update a Container App | > | microsoft.app/containerapps/delete | Delete a Container App | Azure service: [Azure Container Apps](/azure/container-apps/) > | microsoft.app/containerapps/authconfigs/write | Create or update auth config of a container app | > | microsoft.app/containerapps/authconfigs/delete | Delete auth config of a container app | > | microsoft.app/containerapps/detectors/read | Get detector of a container app |+> | microsoft.app/containerapps/labelhistory/read | Get a Container App's label history | > | microsoft.app/containerapps/privateendpointconnectionproxies/validate/action | Validate Container App Private Endpoint Connection Proxy | > | microsoft.app/containerapps/privateendpointconnectionproxies/write | Create or Update Container App Private Endpoint Connection Proxy | > | microsoft.app/containerapps/privateendpointconnectionproxies/read | Get Container App Private Endpoint Connection Proxy | Azure service: [Azure Container Apps](/azure/container-apps/) > | microsoft.app/jobs/stop/action | Stop multiple Container Apps Job executions | > | microsoft.app/jobs/read | Get a Container Apps Job | > | microsoft.app/jobs/listsecrets/action | List secrets of a container apps job |+> | microsoft.app/jobs/authtoken/action | Get Auth Token for Container App Dev APIs to get log stream, exec or port forward from a container. This operation will be deprecated. | +> | microsoft.app/jobs/getauthtoken/action | Get Auth Token for Container App Dev APIs to get log stream, exec or port forward from a container. | > | microsoft.app/jobs/detectors/read | Get detector of a container apps job | > | microsoft.app/jobs/execution/read | Get a single execution from a Container Apps Job | > | microsoft.app/jobs/executions/read | Get a Container Apps Job's execution history | Azure service: [Azure Container Apps](/azure/container-apps/) > | microsoft.app/jobs/stop/execution/backport/action | Stop a Container Apps Job's specific execution | > | microsoft.app/locations/availablemanagedenvironmentsworkloadprofiletypes/read | Get Available Workload Profile Types in a Region | > | microsoft.app/locations/billingmeters/read | Get Billing Meters in a Region |+> | microsoft.app/locations/connectedenvironmentoperationresults/read | Get a Connected Environment Long Running Operation Result | +> | microsoft.app/locations/connectedenvironmentoperationstatuses/read | Get a Connected Environment Long Running Operation Status | > | microsoft.app/locations/containerappoperationresults/read | Get a Container App Long Running Operation Result | > | microsoft.app/locations/containerappoperationstatuses/read | Get a Container App Long Running Operation Status | > | microsoft.app/locations/containerappsjoboperationresults/read | Get a Container Apps Job Long Running Operation Result | Azure service: [Azure Container Apps](/azure/container-apps/) > | microsoft.app/managedenvironments/workloadprofilestates/read | Get Current Workload Profile States | > | microsoft.app/microsoft.app/containerapps/builds/read | Get a ContainerApp's Build by Build name | > | microsoft.app/microsoft.app/containerapps/builds/delete | Delete a Container App's Build |+> | microsoft.app/microsoft.app/containerapps/patches/read | Get a ContainerApp's Patch | +> | microsoft.app/microsoft.app/containerapps/patches/delete | Delete a ContainerApp's Patch | +> | microsoft.app/microsoft.app/containerapps/patches/skip/action | Skip a ContainerApp's Patch | +> | microsoft.app/microsoft.app/containerapps/patches/apply/action | Apply a ContainerApp's Patch | > | microsoft.app/operations/read | Get a list of supported container app operations | > | microsoft.app/sessionpools/write | Create or Update a Session Pool | > | microsoft.app/sessionpools/read | Get a Session Pool | Azure service: [Azure Container Apps](/azure/container-apps/) > | microsoft.app/sessionpools/sessions/generatesessions/action | Generate sessions | > | microsoft.app/sessionpools/sessions/read | Get a Session | > | **DataAction** | **Description** |+> | microsoft.app/containerApps/logstream/action | View log stream of a container app | +> | microsoft.app/containerApps/exec/action | Connect to console of a container app | +> | microsoft.app/containerApps/debug/action | Connect to debug console of a container app | +> | microsoft.app/jobs/logstream/action | View log stream of a container app job | +> | microsoft.app/jobs/exec/action | Connect to console of a container app job | > | microsoft.app/sessionpools/interpreters/execute/action | Execute Code |+> | microsoft.app/sessionPools/sessions/write | Operate a session | ## Microsoft.AppPlatform Azure service: [Azure Spring Apps](/azure/spring-apps/) > | Microsoft.AppPlatform/Spring/certificates/read | Get the certificates for a specific Azure Spring Apps service instance | > | Microsoft.AppPlatform/Spring/configServers/read | Get the config server for a specific Azure Spring Apps service instance | > | Microsoft.AppPlatform/Spring/configServers/write | Create or update the config server for a specific Azure Spring Apps service instance |+> | Microsoft.AppPlatform/Spring/configServers/delete | Delete the config server for a specific Azure Spring Apps service instance | > | Microsoft.AppPlatform/Spring/configServers/operationResults/read | Read resource operation result | > | Microsoft.AppPlatform/Spring/configServers/operationStatuses/read | Read resource operation Status | > | Microsoft.AppPlatform/Spring/configurationServices/read | Get the Application Configuration Services for a specific Azure Spring Apps service instance | Azure service: [Azure Spring Apps](/azure/spring-apps/) > | Microsoft.AppPlatform/Spring/configService/read | Read the configuration content(for example, application.yaml) for a specific Azure Spring Apps service instance | > | Microsoft.AppPlatform/Spring/configService/write | Write config server content for a specific Azure Spring Apps service instance | > | Microsoft.AppPlatform/Spring/configService/delete | Delete config server content for a specific Azure Spring Apps service instance |+> | Microsoft.AppPlatform/Spring/configService/logstream/action | Read the streaming log of Config Server from a specific Azure Spring Apps service instance | > | Microsoft.AppPlatform/Spring/eurekaService/read | Read the user app(s) registration information for a specific Azure Spring Apps service instance | > | Microsoft.AppPlatform/Spring/eurekaService/write | Write the user app(s) registration information for a specific Azure Spring Apps service instance | > | Microsoft.AppPlatform/Spring/eurekaService/delete | Delete the user app registration information for a specific Azure Spring Apps service instance | Azure service: [Batch](/azure/batch/) > | Microsoft.Batch/locations/checkNameAvailability/action | Checks that the account name is valid and not in use. | > | Microsoft.Batch/locations/notifyNetworkSecurityPerimeterUpdatesAvailable/action | Notifies the NSP updates available at the given location | > | Microsoft.Batch/locations/accountOperationResults/read | Gets the results of a long running Batch account operation |-> | Microsoft.Batch/locations/cloudServiceSkus/read | Lists available Batch supported Cloud Service VM sizes at the given location | > | Microsoft.Batch/locations/quotas/read | Gets Batch quotas of the specified subscription at the specified Azure region | > | Microsoft.Batch/locations/virtualMachineSkus/read | Lists available Batch supported Virtual Machine VM sizes at the given location | > | Microsoft.Batch/operations/read | Lists operations available on Microsoft.Batch resource provider | Azure service: [Virtual Machines](/azure/virtual-machines/), [Virtual Machine Sc > | Microsoft.Compute/galleries/images/versions/read | Gets the properties of Gallery Image Version | > | Microsoft.Compute/galleries/images/versions/write | Creates a new Gallery Image Version or updates an existing one | > | Microsoft.Compute/galleries/images/versions/delete | Deletes the Gallery Image Version |+> | Microsoft.Compute/galleries/remoteContainerImages/read | Gets the properties of Gallery Remote Container Image | +> | Microsoft.Compute/galleries/remoteContainerImages/write | Creates a new Gallery Remote Container Image or updates an existing one | +> | Microsoft.Compute/galleries/remoteContainerImages/delete | Deletes the Gallery Remote Container Image | +> | Microsoft.Compute/galleries/remoteContainerImages/beginGetAccess/action | Get the SAS URI of the Gallery Remote Container Image for blob access | > | Microsoft.Compute/galleries/serviceArtifacts/read | Gets the properties of Gallery Service Artifact | > | Microsoft.Compute/galleries/serviceArtifacts/write | Creates a new Gallery Service Artifact or updates an existing one | > | Microsoft.Compute/galleries/serviceArtifacts/delete | Deletes the Gallery Service Artifact | Azure service: [Virtual Machines](/azure/virtual-machines/), [Virtual Machine Sc > | Microsoft.Compute/locations/communityGalleries/images/read | Get the properties of a Community Gallery Image | > | Microsoft.Compute/locations/communityGalleries/images/versions/read | Get the properties of a Community Gallery Image Version | > | Microsoft.Compute/locations/diagnosticOperations/read | Gets status of a Compute Diagnostic operation |-> | Microsoft.Compute/locations/diagnostics/diskInspection/action | Create a request for executing DiskInspection Diagnostic | +> | Microsoft.Compute/locations/diagnostics/run/action | Create a request for running Diagnostics | > | Microsoft.Compute/locations/diagnostics/read | Gets the properties of all available Compute Disgnostics |+> | Microsoft.Compute/locations/diagnostics/generate/action | Create a request for generating recommendations | > | Microsoft.Compute/locations/diagnostics/diskInspection/read | Gets the properties of DiskInspection Diagnostic | > | Microsoft.Compute/locations/diskOperations/read | Gets the status of an asynchronous Disk operation | > | Microsoft.Compute/locations/edgeZones/publishers/read | Get the properties of a Publisher in an edge zone | > | Microsoft.Compute/locations/edgeZones/publishers/artifacttypes/offers/read | Get the properties of a Platform Image Offer in an edge zone | > | Microsoft.Compute/locations/edgeZones/publishers/artifacttypes/offers/skus/read | Get the properties of a Platform Image Sku in an edge zone | > | Microsoft.Compute/locations/edgeZones/publishers/artifacttypes/offers/skus/versions/read | Get the properties of a Platform Image Version in an edge zone |+> | Microsoft.Compute/locations/edgeZones/vmimages/read | Get the properties of Platform Image Version in an edge zone across publishers | > | Microsoft.Compute/locations/logAnalytics/getRequestRateByInterval/action | Create logs to show total requests by time interval to aid throttling diagnostics. | > | Microsoft.Compute/locations/logAnalytics/getThrottledRequests/action | Create logs to show aggregates of throttled requests grouped by ResourceName, OperationName, or the applied Throttle Policy. | > | Microsoft.Compute/locations/operations/read | Gets the status of an asynchronous operation |+> | Microsoft.Compute/locations/placementScores/generate/action | Create a request for generating Placement Scores | > | Microsoft.Compute/locations/privateEndpointConnectionProxyAzureAsyncOperation/read | Get the status of asynchronous Private Endpoint Connection Proxy operation | > | Microsoft.Compute/locations/privateEndpointConnectionProxyOperationResults/read | Get the results of Private Endpoint Connection Proxy operation | > | Microsoft.Compute/locations/publishers/read | Get the properties of a Publisher | Azure service: [Virtual Machines](/azure/virtual-machines/), [Virtual Machine Sc > | Microsoft.Compute/virtualMachines/rollbackOSDisk/action | Rollback OSDisk on Virtual Machine after failed OS Upgrade invoked by Virtual Machine Scale Set with Flexible Orchestration Mode. | > | Microsoft.Compute/virtualMachines/deletePreservedOSDisk/action | Deletes PreservedOSDisk on the Virtual Machine which belongs to Virtual Machine Scale Set with Flexible Orchestration Mode. | > | Microsoft.Compute/virtualMachines/upgradeVMAgent/action | Upgrade version of VM Agent on Virtual Machine |+> | Microsoft.Compute/virtualMachines/attachDetachDataDisks/action | Attaches Detaches existing data disks to a virtual machine | > | Microsoft.Compute/virtualMachines/extensions/read | Get the properties of a virtual machine extension | > | Microsoft.Compute/virtualMachines/extensions/write | Creates a new virtual machine extension or updates an existing one | > | Microsoft.Compute/virtualMachines/extensions/delete | Deletes the virtual machine extension | Azure service: [Virtual Machines](/azure/virtual-machines/), [Virtual Machine Sc > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/performMaintenance/action | Performs planned maintenance on a Virtual Machine instance in a Virtual Machine Scale Set | > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommand/action | Executes a predefined script on a Virtual Machine instance in a Virtual Machine Scale Set. | > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/simulateEviction/action | Simulates the eviction of spot Virtual Machine in Virtual Machine Scale Set |+> | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/attachDetachDataDisks/action | Attaches Detaches existing data disks to a Virtual Machine instance in a VM Scale Set | > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/read | Get the properties of an extension for Virtual Machine in Virtual Machine Scale Set | > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/write | Creates a new extension for Virtual Machine in Virtual Machine Scale Set or updates an existing one | > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/delete | Deletes the extension for Virtual Machine in Virtual Machine Scale Set | > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/instanceView/read | Retrieves the instance view of a Virtual Machine in a VM Scale Set. | > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/read | Get properties of one or all network interfaces of a virtual machine created using Virtual Machine Scale Set |+> | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/getEffectiveRouteTable/action | Get properties of effective route table on network interface of a virtual machine created using Virtual Machine Scale Set | +> | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/getEffectiveSecurityGroups/action | Get properties of effective security groups on network interface of a virtual machine created using Virtual Machine Scale Set | > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/read | Get properties of one or all IP configurations of a network interface created using Virtual Machine Scale Set. IP configurations represent private IPs | > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/publicIPAddresses/read | Get properties of public IP address created using Virtual Machine Scale Set. Virtual Machine Scale Set can create at most one public IP per ipconfiguration (private IP) | > | Microsoft.Compute/virtualMachineScaleSets/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read | Reads Virtual Machine in Scale Set Metric Definitions | Azure service: [Azure Virtual Desktop](/azure/virtual-desktop/) > | Microsoft.DesktopVirtualization/hostpools/controlUpdate/action | | > | Microsoft.DesktopVirtualization/hostpools/update/action | Action on update | > | Microsoft.DesktopVirtualization/hostpools/retrieveRegistrationToken/action | Retrieve registration token for host pool |+> | Microsoft.DesktopVirtualization/hostpools/retrieveRegistrationToken/action | List registration tokens for host pool | > | Microsoft.DesktopVirtualization/hostpools/move/action | Move a hostpools to another resource group | > | Microsoft.DesktopVirtualization/hostpools/expandmsiximage/action | Expand an expandmsiximage to see MSIX Packages present | > | Microsoft.DesktopVirtualization/hostpools/doNotUseInternalAPI/action | Internal operation that is not meant to be called by customers. This will be removed in a future version. Do not use it. | Azure service: [Azure Virtual Desktop](/azure/virtual-desktop/) > | Microsoft.DesktopVirtualization/hostpools/sessionhostconfigurations/delete | Delete hostpools/sessionhostconfigurations | > | Microsoft.DesktopVirtualization/hostpools/sessionhostconfigurations/operationresults/read | Read the operationresults to see results present. | > | Microsoft.DesktopVirtualization/hostpools/sessionhostconfigurations/operationstatuses/read | Read the operationstatuses to see statuses present. |+> | Microsoft.DesktopVirtualization/hostpools/sessionhostmanagements/controlSessionHostProvisioning/action | Action on controlSessionHostProvisioning. | > | Microsoft.DesktopVirtualization/hostpools/sessionhostmanagements/controlSessionHostUpdate/action | Action on controlSessionHostUpdate. | > | Microsoft.DesktopVirtualization/hostpools/sessionhostmanagements/initiateSessionHostUpdate/action | Action on initiateSessionHostUpdate. | > | Microsoft.DesktopVirtualization/hostpools/sessionhostmanagements/read | Read sessionhostmanagements. | > | Microsoft.DesktopVirtualization/hostpools/sessionhostmanagements/write | Write to sessionhostmanagements to update. | > | Microsoft.DesktopVirtualization/hostpools/sessionhostmanagements/operationstatuses/read | Read operationstatuses to get statuses. |+> | Microsoft.DesktopVirtualization/hostpools/sessionhostmanagements/sessionHostProvisioningStatuses/read | Read the sessionHostProvisioningStatuses to see statuses present. | +> | Microsoft.DesktopVirtualization/hostpools/sessionhostmanagements/sessionHostUpdateStatuses/read | Read the sessionHostUpdateStatuses to see statuses present. | > | Microsoft.DesktopVirtualization/hostpools/sessionhosts/read | Read hostpools/sessionhosts | > | Microsoft.DesktopVirtualization/hostpools/sessionhosts/write | Write hostpools/sessionhosts | > | Microsoft.DesktopVirtualization/hostpools/sessionhosts/delete | Delete hostpools/sessionhosts | |
| role-based-access-control | Containers | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/containers.md | Azure service: [Container Instances](/azure/container-instances/) > | Microsoft.ContainerInstance/containerGroups/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for container group. | > | Microsoft.ContainerInstance/containerScaleSets/read | Get details of a container scale set. | > | Microsoft.ContainerInstance/containerScaleSets/write | Create or update a specific container scale set. |-> | Microsoft.ContainerInstance/containerScaleSets/delete | Delete Container Scale Set | +> | Microsoft.ContainerInstance/containerScaleSets/delete | Deletes a specific container scale set. | > | Microsoft.ContainerInstance/containerScaleSets/containerGroups/restart/action | Restart specific container groups in a container scale set. | > | Microsoft.ContainerInstance/containerScaleSets/containerGroups/start/action | Start specific container groups in a container scale set. | > | Microsoft.ContainerInstance/containerScaleSets/containerGroups/stop/action | Stop specific container groups in a container scale set. | Azure service: [Azure Kubernetes Service (AKS)](/azure/aks/intro-kubernetes) > | Microsoft.ContainerService/fleets/certificates.k8s.io/certificatesigningrequests/read | Reads certificatesigningrequests | > | Microsoft.ContainerService/fleets/certificates.k8s.io/certificatesigningrequests/write | Writes certificatesigningrequests | > | Microsoft.ContainerService/fleets/certificates.k8s.io/certificatesigningrequests/delete | Deletes certificatesigningrequests |+> | Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/internalmemberclusters/read | Read fleet internalmembercluster resource | +> | Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/internalmemberclusters/write | Write fleet internalmembercluster resource | +> | Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/internalmemberclusters/delete | Delete fleet internalmembercluster resource | +> | Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/memberclusters/read | Read fleet membercluster resource | +> | Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/memberclusters/write | Write fleet membercluster resource | +> | Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/memberclusters/delete | Delete fleet membercluster resource | > | Microsoft.ContainerService/fleets/componentstatuses/read | Reads componentstatuses | > | Microsoft.ContainerService/fleets/componentstatuses/write | Writes componentstatuses | > | Microsoft.ContainerService/fleets/componentstatuses/delete | Deletes componentstatuses | Azure service: [Azure Kubernetes Service (AKS)](/azure/aks/intro-kubernetes) > | Microsoft.ContainerService/fleets/persistentvolumes/read | Reads persistentvolumes | > | Microsoft.ContainerService/fleets/persistentvolumes/write | Writes persistentvolumes | > | Microsoft.ContainerService/fleets/persistentvolumes/delete | Deletes persistentvolumes |+> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourcebindings/read | Read fleet clusterresourcebinding resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourcebindings/write | Create/Update fleet clusterresourcebinding resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourcebindings/delete | Delete fleet clusterresourcebinding resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverrides/read | Read fleet clusterresourceoverride resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverrides/write | Write fleet clusterresourceoverride resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverrides/delete | Delete fleet clusterresourceoverride resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverridesnapshots/read | Read fleet clusterresourceoverridesnapshot resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverridesnapshots/write | Write fleet clusterresourceoverridesnapshot resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverridesnapshots/delete | Delete fleet clusterresourceoverridesnapshot resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceplacements/read | Read fleet clusterresourceplacement resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceplacements/write | Write fleet clusterresourceplacement resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceplacements/delete | Delete fleet clusterresourceplacement resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourcesnapshots/read | Read fleet clusterresourcesnapshot resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourcesnapshots/write | Write fleet clusterresourcesnapshot resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourcesnapshots/delete | Delete fleet clusterresourcesnapshot resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterschedulingpolicysnapshots/read | Read fleet clusterschedulingpolicysnapshot resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterschedulingpolicysnapshots/write | Write fleet clusterschedulingpolicysnapshot resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterschedulingpolicysnapshots/delete | Delete fleet clusterschedulingpolicysnapshot resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverrides/read | Read fleet resourceoverride resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverrides/write | Write fleet resourceoverride resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverrides/delete | Delete fleet resourceoverride resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverridesnapshots/read | Read fleet resourceoverridesnapshot resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverridesnapshots/write | Write fleet resourceoverridesnapshot resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverridesnapshots/delete | Delete fleet resourceoverridesnapshot resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/works/read | Read fleet work resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/works/write | Write fleet work resource | +> | Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/works/delete | Delete fleet work resource | > | Microsoft.ContainerService/fleets/podtemplates/read | Reads podtemplates | > | Microsoft.ContainerService/fleets/podtemplates/write | Writes podtemplates | > | Microsoft.ContainerService/fleets/podtemplates/delete | Deletes podtemplates | Azure service: [Azure Kubernetes Service (AKS)](/azure/aks/intro-kubernetes) > | Microsoft.ContainerService/managedClusters/certificates.k8s.io/certificatesigningrequests/read | Reads certificatesigningrequests | > | Microsoft.ContainerService/managedClusters/certificates.k8s.io/certificatesigningrequests/write | Writes certificatesigningrequests | > | Microsoft.ContainerService/managedClusters/certificates.k8s.io/certificatesigningrequests/delete | Deletes certificatesigningrequests |+> | Microsoft.ContainerService/managedClusters/cluster.kubernetes-fleet.io/internalmemberclusters/read | Read fleet internalmembercluster resource | +> | Microsoft.ContainerService/managedClusters/cluster.kubernetes-fleet.io/internalmemberclusters/write | Write fleet internalmembercluster resource | +> | Microsoft.ContainerService/managedClusters/cluster.kubernetes-fleet.io/internalmemberclusters/delete | Delete fleet internalmembercluster resource | +> | Microsoft.ContainerService/managedClusters/cluster.kubernetes-fleet.io/memberclusters/read | Read fleet membercluster resource | +> | Microsoft.ContainerService/managedClusters/cluster.kubernetes-fleet.io/memberclusters/write | Write fleet membercluster resource | +> | Microsoft.ContainerService/managedClusters/cluster.kubernetes-fleet.io/memberclusters/delete | Delete fleet membercluster resource | > | Microsoft.ContainerService/managedClusters/componentstatuses/read | Reads componentstatuses | > | Microsoft.ContainerService/managedClusters/componentstatuses/write | Writes componentstatuses | > | Microsoft.ContainerService/managedClusters/componentstatuses/delete | Deletes componentstatuses | Azure service: [Azure Kubernetes Service (AKS)](/azure/aks/intro-kubernetes) > | Microsoft.ContainerService/managedClusters/livez/poststarthook/start-kube-apiserver-admission-initializer/read | Reads start-kube-apiserver-admission-initializer | > | Microsoft.ContainerService/managedClusters/logs/read | Reads logs | > | Microsoft.ContainerService/managedClusters/metrics/read | Reads metrics |-> | Microsoft.ContainerService/managedClusters/metrics.k8s.io/nodes/read | Reads nodes metrics | -> | Microsoft.ContainerService/managedClusters/metrics.k8s.io/pods/read | Reads pods metrics | +> | Microsoft.ContainerService/managedClusters/metrics.k8s.io/nodes/read | Reads nodes | +> | Microsoft.ContainerService/managedClusters/metrics.k8s.io/pods/read | Reads pods | > | Microsoft.ContainerService/managedClusters/namespaces/read | Reads namespaces | > | Microsoft.ContainerService/managedClusters/namespaces/write | Writes namespaces | > | Microsoft.ContainerService/managedClusters/namespaces/delete | Deletes namespaces | Azure service: [Azure Kubernetes Service (AKS)](/azure/aks/intro-kubernetes) > | Microsoft.ContainerService/managedClusters/persistentvolumes/read | Reads persistentvolumes | > | Microsoft.ContainerService/managedClusters/persistentvolumes/write | Writes persistentvolumes | > | Microsoft.ContainerService/managedClusters/persistentvolumes/delete | Deletes persistentvolumes |+> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourcebindings/read | Read fleet clusterresourcebinding resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourcebindings/write | Create/Update fleet clusterresourcebinding resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourcebindings/delete | Delete fleet clusterresourcebinding resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourceoverrides/read | Read fleet clusterresourceoverride resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourceoverrides/write | Write fleet clusterresourceoverride resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourceoverrides/delete | Delete fleet clusterresourceoverride resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourceoverridesnapshots/read | Read fleet clusterresourceoverridesnapshot resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourceoverridesnapshots/write | Write fleet clusterresourceoverridesnapshot resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourceoverridesnapshots/delete | Delete fleet clusterresourceoverridesnapshot resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourceplacements/read | Read fleet clusterresourceplacement resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourceplacements/write | Write fleet clusterresourceplacement resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourceplacements/delete | Delete fleet clusterresourceplacement resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourcesnapshots/read | Read fleet clusterresourcesnapshot resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourcesnapshots/write | Write fleet clusterresourcesnapshot resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterresourcesnapshots/delete | Delete fleet clusterresourcesnapshot resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterschedulingpolicysnapshots/read | Read fleet clusterschedulingpolicysnapshot resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterschedulingpolicysnapshots/write | Write fleet clusterschedulingpolicysnapshot resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/clusterschedulingpolicysnapshots/delete | Delete fleet clusterschedulingpolicysnapshot resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/resourceoverrides/read | Read fleet resourceoverride resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/resourceoverrides/write | Write fleet resourceoverride resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/resourceoverrides/delete | Delete fleet resourceoverride resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/resourceoverridesnapshots/read | Read fleet resourceoverridesnapshot resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/resourceoverridesnapshots/write | Write fleet resourceoverridesnapshot resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/resourceoverridesnapshots/delete | Delete fleet resourceoverridesnapshot resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/works/read | Read fleet work resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/works/write | Write fleet work resource | +> | Microsoft.ContainerService/managedClusters/placement.kubernetes-fleet.io/works/delete | Delete fleet work resource | > | Microsoft.ContainerService/managedClusters/pods/read | Reads pods | > | Microsoft.ContainerService/managedClusters/pods/write | Writes pods | > | Microsoft.ContainerService/managedClusters/pods/delete | Deletes pods | Azure service: [Azure Red Hat OpenShift](/azure/openshift/) ## Next steps -- [Azure resource providers and types](/azure/azure-resource-manager/management/resource-providers-and-types)+- [Azure resource providers and types](/azure/azure-resource-manager/management/resource-providers-and-types) |
| role-based-access-control | Databases | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/databases.md | Azure service: [Azure Database for MySQL](/azure/mysql/) > | Microsoft.DBforMySQL/privateEndpointConnectionsApproval/action | Determines if user is allowed to approve a private endpoint connection | > | Microsoft.DBforMySQL/register/action | Register MySQL Resource Provider | > | Microsoft.DBforMySQL/checkNameAvailability/action | Verify whether given server name is available for provisioning worldwide for a given subscription. |+> | Microsoft.DBforMySQL/acceleratedLogsFeatureSwitches/read | | > | Microsoft.DBforMySQL/flexibleServers/read | Returns the list of servers or gets the properties for the specified server. | > | Microsoft.DBforMySQL/flexibleServers/write | Creates a server with the specified parameters or updates the properties or tags for the specified server. | > | Microsoft.DBforMySQL/flexibleServers/delete | Deletes an existing server. | Azure service: [Azure Database for MySQL](/azure/mysql/) > | Microsoft.DBforMySQL/flexibleServers/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for MySQL servers | > | Microsoft.DBforMySQL/flexibleServers/providers/Microsoft.Insights/metricDefinitions/read | Return types of metrics that are available for databases | > | Microsoft.DBforMySQL/flexibleServers/replicas/read | Returns the list of read replicas for a MySQL server |+> | Microsoft.DBforMySQL/flexibleServers/supportAcceleratedLogs/read | | > | Microsoft.DBforMySQL/flexibleServers/supportedFeatures/read | Return the list of the MySQL Server Supported Features | > | Microsoft.DBforMySQL/locations/checkVirtualNetworkSubnetUsage/action | Checks the subnet usage for speicifed delegated virtual network. | > | Microsoft.DBforMySQL/locations/checkNameAvailability/action | Verify whether given server name is available for provisioning worldwide for a given subscription. | Azure service: [Azure Database for PostgreSQL](/azure/postgresql/) > | Microsoft.DBforPostgreSQL/flexibleServers/advisors/read | | > | Microsoft.DBforPostgreSQL/flexibleServers/advisors/recommendedActions/read | | > | Microsoft.DBforPostgreSQL/flexibleServers/backups/read | |+> | Microsoft.DBforPostgreSQL/flexibleServers/backups/write | | +> | Microsoft.DBforPostgreSQL/flexibleServers/backups/delete | | > | Microsoft.DBforPostgreSQL/flexibleServers/capabilities/read | Gets the capabilities for this subscription in a given location | > | Microsoft.DBforPostgreSQL/flexibleServers/configurations/read | Returns the list of PostgreSQL server configurations or gets the configurations for the specified server. | > | Microsoft.DBforPostgreSQL/flexibleServers/configurations/write | Updates the configuration of a PostgreSQL server. | Azure service: [Azure Database for PostgreSQL](/azure/postgresql/) > | Microsoft.DBforPostgreSQL/flexibleServers/queryTexts/read | | > | Microsoft.DBforPostgreSQL/flexibleServers/replicas/read | | > | Microsoft.DBforPostgreSQL/flexibleServers/topQueryStatistics/read | |+> | Microsoft.DBforPostgreSQL/flexibleServers/tuningOptions/read | Returns the list of Tuning Options available for the Azure Database for PostgreSQL Flexible Server | +> | Microsoft.DBforPostgreSQL/flexibleServers/tuningOptions/read | | +> | Microsoft.DBforPostgreSQL/flexibleServers/tuningOptions/recommendations/read | Returns the list of recommended indexes for the Azure Database for PostgreSQL Flexible Server | > | Microsoft.DBforPostgreSQL/flexibleServers/virtualendpoints/write | Creates or Updates VirtualEndpoint | > | Microsoft.DBforPostgreSQL/flexibleServers/virtualendpoints/write | Patches the VirtualEndpoint. Currently patch does a full replace | > | Microsoft.DBforPostgreSQL/flexibleServers/virtualendpoints/delete | Deletes the VirtualEndpoint | > | Microsoft.DBforPostgreSQL/flexibleServers/virtualendpoints/read | Gets the VirtualEndpoint details | > | Microsoft.DBforPostgreSQL/flexibleServers/virtualendpoints/read | Lists the VirtualEndpoints |+> | Microsoft.DBforPostgreSQL/locations/getAutoMigrationFreeSlots/action | Returns the list of free / available slots for auto migration of PostgreSQL server | +> | Microsoft.DBforPostgreSQL/locations/getLatestAutoMigrationSchedule/action | Returns the instance of the latest auto migration schedule for PostgreSQL server | +> | Microsoft.DBforPostgreSQL/locations/updateAutoMigrationSchedule/action | Update auto migration schedule for the PostgreSQL server | > | Microsoft.DBforPostgreSQL/locations/administratorAzureAsyncOperation/read | Gets in-progress operations on PostgreSQL server administrators | > | Microsoft.DBforPostgreSQL/locations/administratorOperationResults/read | Return PostgreSQL Server administrator operation results | > | Microsoft.DBforPostgreSQL/locations/azureAsyncOperation/read | Return PostgreSQL Server Operation Results | Azure service: [Azure Cosmos DB](/azure/cosmos-db/) > | Microsoft.DocumentDB/databaseAccounts/joinPerimeter/action | Joins a database account to a Network Security Perimeter | > | Microsoft.DocumentDB/databaseAccounts/restore/action | Submit a restore request | > | Microsoft.DocumentDB/databaseAccounts/backup/action | Submit a request to configure backup |+> | Microsoft.DocumentDB/databaseAccounts/chaosFault/action | Enable, Disable and GetStatus of Chaos Fault | > | Microsoft.DocumentDB/databaseAccounts/apis/databases/write | (Deprecated. Please use resource paths without '/apis/' segment) Create a database. Only applicable to API types: 'sql', 'mongodb', 'gremlin'. | > | Microsoft.DocumentDB/databaseAccounts/apis/databases/read | (Deprecated. Please use resource paths without '/apis/' segment) Read a database or list all the databases. Only applicable to API types: 'sql', 'mongodb', 'gremlin'. | > | Microsoft.DocumentDB/databaseAccounts/apis/databases/delete | (Deprecated. Please use resource paths without '/apis/' segment) Delete a database. Only applicable to API types: 'sql', 'mongodb', 'gremlin'. | Azure service: [Azure Cosmos DB](/azure/cosmos-db/) > | Microsoft.DocumentDB/mongoClusters/users/delete | Deletes an existing user for the specified Mongo Cluster. | > | Microsoft.DocumentDB/operationResults/read | Read status of the asynchronous operation | > | Microsoft.DocumentDB/operations/read | Read operations available for the Microsoft DocumentDB |-> | Microsoft.DocumentDB/throughputPool/throughputPoolAccounts/read | Read throughputPool account in throughputPool | -> | Microsoft.DocumentDB/throughputPool/throughputPoolAccounts/write | Create throughputPool account in throughputPool | +> | Microsoft.DocumentDB/throughputPool/read | Read/List throughputPool | +> | Microsoft.DocumentDB/throughputPool/write | Create/Update/Delete throughputPool | +> | Microsoft.DocumentDB/throughputPool/throughputPoolAccounts/read | Read/List throughputPool account in throughputPool | +> | Microsoft.DocumentDB/throughputPool/throughputPoolAccounts/write | Create/Update/Delete throughputPool account in throughputPool | ## Microsoft.Sql Azure service: [Azure SQL Database](/azure/azure-sql/database/index), [Azure SQL > | Microsoft.Sql/instancePools/read | Gets an instance pool | > | Microsoft.Sql/instancePools/write | Creates or updates an instance pool | > | Microsoft.Sql/instancePools/delete | Deletes an instance pool |+> | Microsoft.Sql/instancePools/operations/read | Get instance pool operations | > | Microsoft.Sql/instancePools/usages/read | Gets an instance pool's usage info | > | Microsoft.Sql/locations/notifyNetworkSecurityPerimeterUpdatesAvailable/action | Notify of NSP Update | > | Microsoft.Sql/locations/deleteVirtualNetworkOrSubnets/action | Deletes Virtual network rules associated to a virtual network or subnet | Azure service: [Azure SQL Database](/azure/azure-sql/database/index), [Azure SQL > | Microsoft.Sql/servers/providers/Microsoft.Insights/metricDefinitions/read | Return types of metrics that are available for servers | > | Microsoft.Sql/servers/recommendedElasticPools/read | Retrieve recommendation for elastic database pools to reduce cost or improve performance based on historical resource utilization | > | Microsoft.Sql/servers/recommendedElasticPools/databases/read | Retrieve metrics for recommended elastic database pools for a given server |+> | Microsoft.Sql/servers/recommendedElasticPools/metrics/read | Retrieve metrics for recommended elastic database pools for a given server | > | Microsoft.Sql/servers/recoverableDatabases/read | Return the list of recoverable databases or gets the properties for the specified recoverable database. | > | Microsoft.Sql/servers/replicationLinks/read | Return the list of replication links or gets the properties for the specified replication links. | > | Microsoft.Sql/servers/restorableDroppedDatabases/read | Get a list of databases that were dropped on a given server that are still within retention policy. | Azure service: [SQL Server on Azure Virtual Machines](/azure/azure-sql/virtual-m > | Microsoft.SqlVirtualMachine/sqlVirtualMachineGroups/availabilityGroupListeners/write | Create a new or changes properties of existing SQL availability group listener | > | Microsoft.SqlVirtualMachine/sqlVirtualMachineGroups/availabilityGroupListeners/delete | Delete existing availability group listener | > | Microsoft.SqlVirtualMachine/sqlVirtualMachineGroups/sqlVirtualMachines/read | List Sql virtual machines by a particular sql virtual virtual machine group |+> | Microsoft.SqlVirtualMachine/sqlVirtualMachines/PostUpdateValidation/action | | +> | Microsoft.SqlVirtualMachine/sqlVirtualMachines/PreUpdateValidation/action | | > | Microsoft.SqlVirtualMachine/sqlVirtualMachines/startAssessment/action | Start SQL best practices Assessment on SQL virtual machine | > | Microsoft.SqlVirtualMachine/sqlVirtualMachines/redeploy/action | Redeploy existing SQL virtual machine | > | Microsoft.SqlVirtualMachine/sqlVirtualMachines/read | Retrieve details of SQL virtual machine | |
| role-based-access-control | Devops | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/devops.md | Azure service: [Azure Load Testing](/azure/load-testing/) > | Microsoft.LoadTestService/loadtests/writeTest/action | Create or Update Load Tests | > | Microsoft.LoadTestService/loadtests/deleteTest/action | Delete Load Tests | > | Microsoft.LoadTestService/loadtests/readTest/action | Read Load Tests |--## Microsoft.SecurityDevOps --Azure service: [Microsoft Defender for Cloud](/azure/defender-for-cloud/) --> [!div class="mx-tableFixed"] -> | Action | Description | -> | | | -> | Microsoft.SecurityDevOps/register/action | Register the subscription for Microsoft.SecurityDevOps | -> | Microsoft.SecurityDevOps/unregister/action | Unregister the subscription for Microsoft.SecurityDevOps | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/read | read azureDevOpsConnectors | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/read | read azureDevOpsConnectors | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/write | write azureDevOpsConnectors | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/delete | delete azureDevOpsConnectors | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/write | write azureDevOpsConnectors | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/configure/action | action configure | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/read | read azureDevOpsConnectors | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/read | read orgs | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/write | write orgs | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/write | write orgs | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/read | read orgs | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/read | read projects | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/write | write projects | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/write | write projects | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/read | read projects | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos/read | read repos | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos/write | write repos | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos/write | write repos | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos/read | read repos | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/repos/read | read repos | -> | Microsoft.SecurityDevOps/azureDevOpsConnectors/stats/read | read stats | -> | Microsoft.SecurityDevOps/gitHubConnectors/read | read gitHubConnectors | -> | Microsoft.SecurityDevOps/gitHubConnectors/read | read gitHubConnectors | -> | Microsoft.SecurityDevOps/gitHubConnectors/write | write gitHubConnectors | -> | Microsoft.SecurityDevOps/gitHubConnectors/delete | delete gitHubConnectors | -> | Microsoft.SecurityDevOps/gitHubConnectors/write | write gitHubConnectors | -> | Microsoft.SecurityDevOps/gitHubConnectors/configure/action | action configure | -> | Microsoft.SecurityDevOps/gitHubConnectors/read | read gitHubConnectors | -> | Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/read | read gitHubInstallations | -> | Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/read | read gitHubInstallations | -> | Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/gitHubRepositories/read | read gitHubRepositories | -> | Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/gitHubRepositories/read | read gitHubRepositories | -> | Microsoft.SecurityDevOps/gitHubConnectors/owners/read | read owners | -> | Microsoft.SecurityDevOps/gitHubConnectors/owners/read | read owners | -> | Microsoft.SecurityDevOps/gitHubConnectors/owners/write | write owners | -> | Microsoft.SecurityDevOps/gitHubConnectors/owners/write | write owners | -> | Microsoft.SecurityDevOps/gitHubConnectors/owners/repos/read | read repos | -> | Microsoft.SecurityDevOps/gitHubConnectors/owners/repos/read | read repos | -> | Microsoft.SecurityDevOps/gitHubConnectors/owners/repos/write | write repos | -> | Microsoft.SecurityDevOps/gitHubConnectors/owners/repos/write | write repos | -> | Microsoft.SecurityDevOps/gitHubConnectors/repos/read | read repos | -> | Microsoft.SecurityDevOps/gitHubConnectors/stats/read | read stats | -> | Microsoft.SecurityDevOps/gitLabConnectors/read | read gitLabConnectors | -> | Microsoft.SecurityDevOps/gitLabConnectors/read | read gitLabConnectors | -> | Microsoft.SecurityDevOps/gitLabConnectors/write | write gitLabConnectors | -> | Microsoft.SecurityDevOps/gitLabConnectors/delete | delete gitLabConnectors | -> | Microsoft.SecurityDevOps/gitLabConnectors/write | write gitLabConnectors | -> | Microsoft.SecurityDevOps/gitLabConnectors/configure/action | action configure | -> | Microsoft.SecurityDevOps/gitLabConnectors/read | read gitLabConnectors | -> | Microsoft.SecurityDevOps/gitLabConnectors/groups/read | read groups | -> | Microsoft.SecurityDevOps/gitLabConnectors/groups/read | read groups | -> | Microsoft.SecurityDevOps/gitLabConnectors/groups/write | write groups | -> | Microsoft.SecurityDevOps/gitLabConnectors/groups/delete | delete groups | -> | Microsoft.SecurityDevOps/gitLabConnectors/groups/write | write groups | -> | Microsoft.SecurityDevOps/gitLabConnectors/groups/listSubgroups/action | action listSubgroups | -> | Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/read | read projects | -> | Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/read | read projects | -> | Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/write | write projects | -> | Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/delete | delete projects | -> | Microsoft.SecurityDevOps/gitLabConnectors/groups/projects/write | write projects | -> | Microsoft.SecurityDevOps/gitLabConnectors/projects/read | read projects | -> | Microsoft.SecurityDevOps/gitLabConnectors/stats/read | read stats | -> | Microsoft.SecurityDevOps/Locations/OperationStatuses/read | read OperationStatuses | -> | Microsoft.SecurityDevOps/Locations/OperationStatuses/write | write OperationStatuses | -> | Microsoft.SecurityDevOps/Operations/read | read Operations | +> | Microsoft.LoadTestService/testProfileRuns/write | Write Test Profile Runs | +> | Microsoft.LoadTestService/testProfileRuns/read | Read Test Profile Runs | +> | Microsoft.LoadTestService/testProfileRuns/delete | Delete Test Profile Runs | +> | Microsoft.LoadTestService/testProfileRuns/stop/action | Stop Test Profile Runs | +> | Microsoft.LoadTestService/testProfiles/write | Write Test Profiles | +> | Microsoft.LoadTestService/testProfiles/read | Read Test Profiles | +> | Microsoft.LoadTestService/testProfiles/delete | Delete Test Profiles | ## Microsoft.VisualStudio |
| role-based-access-control | General | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/general.md | Azure service: core > | Microsoft.Subscription/aliases/write | Create subscription alias | > | Microsoft.Subscription/aliases/read | Get subscription alias | > | Microsoft.Subscription/aliases/delete | Delete subscription alias |+> | Microsoft.Subscription/changeTenantRequest/write | Change tenant request of the Subscription | > | Microsoft.Subscription/Policies/write | Create tenant policy | > | Microsoft.Subscription/Policies/default/read | Get tenant policy | > | Microsoft.Subscription/subscriptions/acceptOwnership/action | Accept ownership of Subscription |+> | Microsoft.Subscription/subscriptions/acceptChangeTenant/action | Accept Change tenant request of the Subscription | > | Microsoft.Subscription/subscriptions/acceptOwnershipStatus/read | Get the status of accepting ownership of Subscription |+> | Microsoft.Subscription/subscriptions/changeTenantStatus/read | Change tenant status of the Subscription | ## Microsoft.Support |
| role-based-access-control | Hybrid Multicloud | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/hybrid-multicloud.md | Azure service: [Azure Stack HCI](/azure-stack/hci/) > | Microsoft.AzureStackHCI/NetworkSecurityGroups/Delete | Deletes a network security group resource | > | Microsoft.AzureStackHCI/NetworkSecurityGroups/Write | Creates/Updates a network security group resource | > | Microsoft.AzureStackHCI/NetworkSecurityGroups/Read | Gets/Lists a network security group resource |+> | Microsoft.AzureStackHCI/NetworkSecurityGroups/join/action | Joins network security group resource | > | Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Delete | Deletes a security rule resource | > | Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Write | Creates/Updates security rule resource | > | Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read | Gets/Lists security rule resource | Azure service: [Azure Arc](/azure/azure-arc/) > | Microsoft.HybridCompute/unregister/action | Unregisters the subscription for Microsoft.HybridCompute Resource Provider | > | Microsoft.HybridCompute/batch/action | Batch deletes Azure Arc machines | > | Microsoft.HybridCompute/validateLicense/action | Validates the provided license data and returns what would be created on a PUT to Microsoft.HybridCompute/licenses |+> | Microsoft.HybridCompute/gateways/read | Reads any Azure Arc gateways | +> | Microsoft.HybridCompute/gateways/write | Writes an Azure Arc gateways | +> | Microsoft.HybridCompute/gateways/delete | Deletes an Azure Arc gateways | > | Microsoft.HybridCompute/licenses/read | Reads any Azure Arc licenses | > | Microsoft.HybridCompute/licenses/write | Installs or Updates an Azure Arc licenses | > | Microsoft.HybridCompute/licenses/delete | Deletes an Azure Arc licenses | > | Microsoft.HybridCompute/locations/notifyNetworkSecurityPerimeterUpdatesAvailable/action | Updates Network Security Perimeter Profiles | > | Microsoft.HybridCompute/locations/notifyExtension/action | Notifies Microsoft.HybridCompute about extensions updates |+> | Microsoft.HybridCompute/locations/notifyRunCommand/action | Notifies Microsoft.HybridCompute about runcommands updates | > | Microsoft.HybridCompute/locations/operationresults/read | Reads the status of an operation on Microsoft.HybridCompute Resource Provider | > | Microsoft.HybridCompute/locations/operationstatus/read | Reads the status of an operation on Microsoft.HybridCompute Resource Provider | > | Microsoft.HybridCompute/locations/privateLinkScopes/read | Reads the full details of any Azure Arc privateLinkScopes | Azure service: [Azure Arc](/azure/azure-arc/) > | Microsoft.HybridCompute/machines/UpgradeExtensions/action | Upgrades Extensions on Azure Arc machines | > | Microsoft.HybridCompute/machines/assessPatches/action | Assesses any Azure Arc machines to get missing software patches | > | Microsoft.HybridCompute/machines/installPatches/action | Installs patches on any Azure Arc machines |+> | Microsoft.HybridCompute/machines/listAccessDetails/action | Retreives the access details for a machines resource | > | Microsoft.HybridCompute/machines/extensions/read | Reads any Azure Arc extensions | > | Microsoft.HybridCompute/machines/extensions/write | Installs or Updates an Azure Arc extensions | > | Microsoft.HybridCompute/machines/extensions/delete | Deletes an Azure Arc extensions | Azure service: [Azure Arc](/azure/azure-arc/) > | Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/read | Read any Azure Arc privateEndpointConnections | > | Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/write | Writes an Azure Arc privateEndpointConnections | > | Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/delete | Deletes an Azure Arc privateEndpointConnections |+> | Microsoft.HybridCompute/settings/read | Reads any Azure Arc settings | +> | Microsoft.HybridCompute/settings/write | Writes an Azure Arc settings | > | **DataAction** | **Description** | > | Microsoft.HybridCompute/locations/publishers/extensionTypes/versions/read | Returns a list of versions for extensionMetadata based on query parameters. | > | Microsoft.HybridCompute/machines/login/action | Log in to an Azure Arc machine as a regular user | Azure service: Microsoft.HybridConnectivity > | Microsoft.HybridConnectivity/generateAwsTemplate/action | Retrieve AWS Cloud Formation template | > | Microsoft.HybridConnectivity/register/action | Register the subscription for Microsoft.HybridConnectivity | > | Microsoft.HybridConnectivity/unregister/action | Unregister the subscription for Microsoft.HybridConnectivity |-> | Microsoft.HybridConnectivity/endpoints/read | List of endpoints to the target resource. | -> | Microsoft.HybridConnectivity/endpoints/read | Gets the endpoint to the resource. | +> | Microsoft.HybridConnectivity/endpoints/read | Get or list of endpoints to the target resource. | > | Microsoft.HybridConnectivity/endpoints/write | Create or update the endpoint to the target resource. | > | Microsoft.HybridConnectivity/endpoints/delete | Deletes the endpoint access to the target resource. |-> | Microsoft.HybridConnectivity/endpoints/write | Update the endpoint to the target resource. | -> | Microsoft.HybridConnectivity/endpoints/listCredentials/action | Gets the endpoint access credentials to the resource. | -> | Microsoft.HybridConnectivity/endpoints/listIngressGatewayCredentials/action | Gets the ingress gateway endpoint credentials | -> | Microsoft.HybridConnectivity/endpoints/listManagedProxyDetails/action | Fetches the managed proxy details | -> | Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read | API to enumerate registered services in service configurations under a Endpoint Resource | -> | Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read | Gets the details about the service to the resource. | -> | Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write | Create or update a service in serviceConfiguration for the endpoint resource. | -> | Microsoft.HybridConnectivity/endpoints/serviceConfigurations/delete | Deletes the service details to the target resource. | -> | Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write | Update the service details in the service configurations of the target resource. | +> | Microsoft.HybridConnectivity/endpoints/listCredentials/action | List the endpoint access credentials to the resource. | +> | Microsoft.HybridConnectivity/endpoints/listIngressGatewayCredentials/action | List the ingress gateway access credentials to the resource. | +> | Microsoft.HybridConnectivity/endpoints/listManagedProxyDetails/action | List the managed proxy details to the resource. | +> | Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read | Get or list of serviceConfigurations to the endpoints resource. | +> | Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write | Create or update the serviceConfigurations to the endpoints resource. | +> | Microsoft.HybridConnectivity/endpoints/serviceConfigurations/delete | Deletes the serviceConfigurations access to the endpoints resource. | > | Microsoft.HybridConnectivity/Locations/OperationStatuses/read | read OperationStatuses |-> | Microsoft.HybridConnectivity/Locations/OperationStatuses/write | write OperationStatuses | -> | Microsoft.HybridConnectivity/Operations/read | read Operations | +> | Microsoft.HybridConnectivity/operations/read | Get the list of Operations | > | Microsoft.HybridConnectivity/publicCloudConnectors/read | Gets the public cloud connectors in the subscription. | > | Microsoft.HybridConnectivity/publicCloudConnectors/read | Gets the publicCloudConnector in the resource group. | > | Microsoft.HybridConnectivity/publicCloudConnectors/read | Gets the public cloud connectors. | > | Microsoft.HybridConnectivity/publicCloudConnectors/write | Creates public cloud connectors resource. | > | Microsoft.HybridConnectivity/publicCloudConnectors/delete | Deletes the public cloud connectors resource. | > | Microsoft.HybridConnectivity/publicCloudConnectors/write | Update the public cloud connectors resource. |+> | Microsoft.HybridConnectivity/publicCloudConnectors/testPermissions/action | Tests the permissions of solution configurations under public cloud connector. | > | Microsoft.HybridConnectivity/solutionConfigurations/read | Retrieve the List of solution configuration resources. | > | Microsoft.HybridConnectivity/solutionConfigurations/read | Retrieve the solution configuration identified by solution name. | > | Microsoft.HybridConnectivity/solutionConfigurations/write | Creates solution configuration with provided solution name | > | Microsoft.HybridConnectivity/solutionConfigurations/delete | Deletes the solution configuration with provided solution name. | > | Microsoft.HybridConnectivity/solutionConfigurations/write | Updates the solution configuration for solution name. |+> | Microsoft.HybridConnectivity/solutionConfigurations/syncNow/action | Trigger immediate sync with source cloud | > | Microsoft.HybridConnectivity/solutionConfigurations/inventory/read | Retrieve the inventory identified by inventory id. | > | Microsoft.HybridConnectivity/solutionConfigurations/inventory/read | Retrieve a list of inventory by solution name. | > | Microsoft.HybridConnectivity/solutionTypes/read | Retrieve the list of available solution types. | Azure service: [Azure Arc-enabled Kubernetes](/azure/azure-arc/kubernetes/overvi > | Microsoft.Kubernetes/connectedClusters/Delete | Deletes connectedClusters | > | Microsoft.Kubernetes/connectedClusters/listClusterUserCredentials/action | List clusterUser credential(preview) | > | Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action | List clusterUser credential |+> | Microsoft.Kubernetes/connectedClusters/agentryConfigurations/Read | Read agentryConfigurations | > | Microsoft.Kubernetes/locations/operationstatuses/read | Read Operation Statuses | > | Microsoft.Kubernetes/locations/operationstatuses/write | Write Operation Statuses | > | Microsoft.Kubernetes/operations/read | Lists operations available on Microsoft.Kubernetes resource provider | |
| role-based-access-control | Identity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/identity.md | |
| role-based-access-control | Integration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/integration.md | Azure service: [Azure API Center](/azure/api-center/overview) > | Microsoft.ApiCenter/services/read | Checks if specified service exists. | > | Microsoft.ApiCenter/services/read | Returns paginated collection of services. | > | Microsoft.ApiCenter/services/delete | Deletes specified service. |+> | Microsoft.ApiCenter/services/apim-notification/action | Imports resources from one or more API Management instances. | > | Microsoft.ApiCenter/services/importFromApim/action | Imports resources from one or more API Management instances. | > | Microsoft.ApiCenter/services/exportMetadataSchema/action | Returns effective metadata schema document. | > | Microsoft.ApiCenter/services/validateMoveResources/action | Validates move resource request | Azure service: [Azure API Center](/azure/api-center/overview) > | Microsoft.ApiCenter/services/metadataSchemas/read | Returns the details of the specified metadataSchema. | > | Microsoft.ApiCenter/services/metadataSchemas/read | Checks if specified metadataSchema exists | > | Microsoft.ApiCenter/services/metadataSchemas/delete | Deletes specified metadataSchema. |-> | Microsoft.ApiCenter/services/operationResults/read | Checks status of an APIM import operation | +> | Microsoft.ApiCenter/services/operationResults/read | Checks status of a long running operation | +> | Microsoft.ApiCenter/services/workspaces/apiSources/action | Triggers synchronization with the API source. | +> | Microsoft.ApiCenter/services/workspaces/linkApiSource/action | Links an API Source. | > | Microsoft.ApiCenter/services/workspaces/write | Creates or updates specified workspace. | > | Microsoft.ApiCenter/services/workspaces/read | Returns paginated collection of workspaces. | > | Microsoft.ApiCenter/services/workspaces/read | Returns the details of the specified workspace. | > | Microsoft.ApiCenter/services/workspaces/read | Checks if specified workspace exists | > | Microsoft.ApiCenter/services/workspaces/delete | Deletes specified workspace. |+> | Microsoft.ApiCenter/services/workspaces/analyzerConfig/analysisExecutions/read | Get analysis executions of a particular analyzer configuration | +> | Microsoft.ApiCenter/services/workspaces/analyzerConfigs/write | Creates or updates specified analyzer configuration. | +> | Microsoft.ApiCenter/services/workspaces/analyzerConfigs/read | Returns the details of the specified analyzer configuration. | +> | Microsoft.ApiCenter/services/workspaces/analyzerConfigs/delete | Deletes the specified analyzer configuration. | +> | Microsoft.ApiCenter/services/workspaces/analyzerConfigs/importRuleset/action | Imports ruleset file. | +> | Microsoft.ApiCenter/services/workspaces/analyzerConfigs/exportRuleset/action | Exports ruleset file. | +> | Microsoft.ApiCenter/services/workspaces/analyzerConfigs/operationResults/read | Checks status of individual import ruleset operation | > | Microsoft.ApiCenter/services/workspaces/apis/write | Creates or updates specified API. | > | Microsoft.ApiCenter/services/workspaces/apis/read | List APIs inside a catalog | > | Microsoft.ApiCenter/services/workspaces/apis/read | Returns the details of the specified API. | Azure service: [Azure API Center](/azure/api-center/overview) > | Microsoft.ApiCenter/services/workspaces/apis/deployments/read | Returns the details of the specified API deployment. | > | Microsoft.ApiCenter/services/workspaces/apis/deployments/read | Returns paginated collection of API deployments. | > | Microsoft.ApiCenter/services/workspaces/apis/deployments/delete | Deletes specified API deployment. |-> | Microsoft.ApiCenter/services/workspaces/apis/portals/write | Creates or updates the portal configuration. | -> | Microsoft.ApiCenter/services/workspaces/apis/portals/write | Returns the configuration of the specified portal. | > | Microsoft.ApiCenter/services/workspaces/apis/versions/write | Creates or updates API version. | > | Microsoft.ApiCenter/services/workspaces/apis/versions/read | Checks if specified API version exists. | > | Microsoft.ApiCenter/services/workspaces/apis/versions/read | Returns the details of the specified API version. | Azure service: [Azure API Center](/azure/api-center/overview) > | Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/delete | Deletes specified API definition. | > | Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/analysisResults/read | Returns analysis report for specified API definition. | > | Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/operationResults/read | Checks status of individual import operation |+> | Microsoft.ApiCenter/services/workspaces/apiSources/read | List API Sources inside a catalog. | +> | Microsoft.ApiCenter/services/workspaces/apiSources/read | Returns the details of the specified API source. | +> | Microsoft.ApiCenter/services/workspaces/apiSources/delete | Deletes specified API Source. | > | Microsoft.ApiCenter/services/workspaces/environments/read | Returns paginated collection of environments | > | Microsoft.ApiCenter/services/workspaces/environments/write | Create or update environment | > | Microsoft.ApiCenter/services/workspaces/environments/delete | Deletes specified environment. | > | Microsoft.ApiCenter/services/workspaces/environments/read | Returns specified environment. |-> | Microsoft.ApiCenter/services/workspaces/portals/delete | Deletes specified configuration. | > | **DataAction** | **Description** | > | Microsoft.ApiCenter/services/workspaces/apis/read | Read APIs from an API Center. | > | Microsoft.ApiCenter/services/workspaces/apis/deployments/read | Read API deployments from an API Center. | Azure service: [API Management](/azure/api-management/) > | Microsoft.ApiManagement/service/users/identities/read | List of all user identities. | > | Microsoft.ApiManagement/service/users/keys/read | Get keys associated with user | > | Microsoft.ApiManagement/service/users/subscriptions/read | Lists the collection of subscriptions of the specified user. |+> | Microsoft.ApiManagement/service/workspaceLinks/read | Get WorkspaceLinks | +> | Microsoft.ApiManagement/service/workspaces/join/action | Joins a service workspace. Not Alertable. | > | Microsoft.ApiManagement/service/workspaces/read | Lists a collection of Workspaces defined within a service instance. or Gets the details of the Workspace specified by its identifier. | > | Microsoft.ApiManagement/service/workspaces/write | Creates Workspace. or Updates the details of the Workspace specified by its identifier. | > | Microsoft.ApiManagement/service/workspaces/delete | Deletes specific Workspace of the API Management service instance. | Azure service: [Azure Communication Services](/azure/communication-services/over > | Microsoft.Communication/CommunicationServices/ListKeys/action | Reads the keys for a communication service | > | Microsoft.Communication/CommunicationServices/RegenerateKey/action | Regenerates the primary or secondary key for a communication service | > | Microsoft.Communication/CommunicationServices/LinkNotificationHub/action | Links an Azure Notification Hub to the communication service |+> | Microsoft.Communication/CommunicationServices/networkSecurityConfigurations/action | Refresh a Network Security Perimeter Configuration | > | Microsoft.Communication/CommunicationServices/EventGridFilters/Read | Reads EventGrid filters on communication services | > | Microsoft.Communication/CommunicationServices/EventGridFilters/Write | Writes EventGrid filters on communication services | > | Microsoft.Communication/CommunicationServices/EventGridFilters/Delete | Removes an EventGrid filter on communication services |+> | Microsoft.Communication/CommunicationServices/networkSecurityConfigurations/read | Read Network Security Perimeter Configuration | +> | Microsoft.Communication/CommunicationServices/networkSecurityPerimeterAssociationProxies/write | Write Network Security Perimeter Assocation | +> | Microsoft.Communication/CommunicationServices/networkSecurityPerimeterAssociationProxies/read | Read Network Security Perimeter Assocation | +> | Microsoft.Communication/CommunicationServices/networkSecurityPerimeterAssociationProxies/delete | Delete Network Security Perimeter Assocation | +> | Microsoft.Communication/CommunicationServices/SmtpUsernames/read | Get an SMTP username resource. | +> | Microsoft.Communication/CommunicationServices/SmtpUsernames/write | Add SMTP username resource or update an existing resource. | +> | Microsoft.Communication/CommunicationServices/SmtpUsernames/delete | Operation to delete an SMTP username resource. | +> | Microsoft.Communication/CommunicationServicesGccm/Read | Reads communication services | +> | Microsoft.Communication/CommunicationServicesGccm/Write | Writes communication services | +> | Microsoft.Communication/CommunicationServicesGccm/Delete | Deletes communication services | +> | Microsoft.Communication/CommunicationServicesGccm/ListKeys/action | Reads the keys for a communication service | +> | Microsoft.Communication/CommunicationServicesGccm/RegenerateKey/action | Regenerates the primary or secondary key for a communication service | +> | Microsoft.Communication/CommunicationServicesGccm/LinkNotificationHub/action | Links an Azure Notification Hub to the communication service | +> | Microsoft.Communication/CommunicationServicesGccm/EventGridFilters/Read | Reads EventGrid filters on communication services | +> | Microsoft.Communication/CommunicationServicesGccm/EventGridFilters/Write | Writes EventGrid filters on communication services | +> | Microsoft.Communication/CommunicationServicesGccm/EventGridFilters/Delete | Removes an EventGrid filter on communication services | > | Microsoft.Communication/EmailServices/read | Get the EmailService and its properties. | > | Microsoft.Communication/EmailServices/write | Get the EmailService and its properties. | > | Microsoft.Communication/EmailServices/delete | Operation to delete a EmailService. | Azure service: [Azure Communication Services](/azure/communication-services/over > | Microsoft.Communication/EmailServices/Domains/SuppressionLists/SuppressionListAddresses/read | Get all the addresses in a suppression list. | > | Microsoft.Communication/EmailServices/Domains/SuppressionLists/SuppressionListAddresses/write | Add a new suppression list under the parent Domain resource or update an existing suppression list. | > | Microsoft.Communication/EmailServices/Domains/SuppressionLists/SuppressionListAddresses/delete | Operation to delete an address from a suppression list. |+> | Microsoft.Communication/locations/notifyNetworkSecurityPerimeterUpdatesAvailable/action | Notifies that new Network Security Perimeter updates are available | > | Microsoft.Communication/Locations/OperationStatuses/read | Reads the status of an async operation | > | Microsoft.Communication/Locations/OperationStatuses/write | Writes the status of an async operation | > | Microsoft.Communication/Operations/read | Reads operations | Azure service: [Event Grid](/azure/event-grid/) > | Microsoft.EventGrid/domains/eventSubscriptions/write | Create or update a Domain eventSubscription | > | Microsoft.EventGrid/domains/eventSubscriptions/read | Read a Domain eventSubscription | > | Microsoft.EventGrid/domains/eventSubscriptions/delete | Delete a Domain eventSubscription |-> | Microsoft.EventGrid/domains/eventSubscriptions/getFullUrl/action | Get full url for the Domain event subscription | +> | Microsoft.EventGrid/domains/eventSubscriptions/getFullUrl/action | Get full URL for the Domain event subscription | > | Microsoft.EventGrid/domains/eventSubscriptions/getDeliveryAttributes/action | Get Domain EventSubscription Delivery Attributes | > | Microsoft.EventGrid/domains/networkSecurityPerimeterAssociationProxies/read | Read NspAssociationProxies for domains | > | Microsoft.EventGrid/domains/networkSecurityPerimeterAssociationProxies/write | Write NspAssociationProxies for domains | Azure service: [Event Grid](/azure/event-grid/) > | Microsoft.EventGrid/domains/topics/eventSubscriptions/write | Create or update a DomainTopic eventSubscription | > | Microsoft.EventGrid/domains/topics/eventSubscriptions/read | Read a DomainTopic eventSubscription | > | Microsoft.EventGrid/domains/topics/eventSubscriptions/delete | Delete a DomainTopic eventSubscription |-> | Microsoft.EventGrid/domains/topics/eventSubscriptions/getFullUrl/action | Get full url for the DomainTopic event subscription | +> | Microsoft.EventGrid/domains/topics/eventSubscriptions/getFullUrl/action | Get full URL for the DomainTopic event subscription | > | Microsoft.EventGrid/domains/topics/eventSubscriptions/getDeliveryAttributes/action | Get DomainTopic EventSubscription Delivery Attributes | > | Microsoft.EventGrid/eventSubscriptions/write | Create or update an eventSubscription | > | Microsoft.EventGrid/eventSubscriptions/read | Read an eventSubscription | > | Microsoft.EventGrid/eventSubscriptions/delete | Delete an eventSubscription |-> | Microsoft.EventGrid/eventSubscriptions/getFullUrl/action | Get full url for the event subscription | +> | Microsoft.EventGrid/eventSubscriptions/getFullUrl/action | Get full URL for the event subscription | > | Microsoft.EventGrid/eventSubscriptions/getDeliveryAttributes/action | Get EventSubscription Delivery Attributes | > | Microsoft.EventGrid/eventSubscriptions/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for event subscriptions | > | Microsoft.EventGrid/eventSubscriptions/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for event subscriptions | Azure service: [Event Grid](/azure/event-grid/) > | Microsoft.EventGrid/partnerNamespaces/channels/write | Create or update a channel | > | Microsoft.EventGrid/partnerNamespaces/channels/delete | Delete a channel | > | Microsoft.EventGrid/partnerNamespaces/channels/channelReadinessStateChange/action | Change channel readiness state |-> | Microsoft.EventGrid/partnerNamespaces/channels/getFullUrl/action | Get full url for the partner destination channel | +> | Microsoft.EventGrid/partnerNamespaces/channels/getFullUrl/action | Get full URL for the partner destination channel | > | Microsoft.EventGrid/partnerNamespaces/channels/SetChannelToIdle/action | Set provisioning status of channel to idle | > | Microsoft.EventGrid/partnerNamespaces/eventChannels/read | Read an event channel | > | Microsoft.EventGrid/partnerNamespaces/eventChannels/write | Create or update an event channel | Azure service: [Event Grid](/azure/event-grid/) > | Microsoft.EventGrid/partnerTopics/eventSubscriptions/write | Create or update a PartnerTopic eventSubscription | > | Microsoft.EventGrid/partnerTopics/eventSubscriptions/read | Read a partner topic event subscription | > | Microsoft.EventGrid/partnerTopics/eventSubscriptions/delete | Delete a partner topic event subscription |-> | Microsoft.EventGrid/partnerTopics/eventSubscriptions/getFullUrl/action | Get full url for the partner topic event subscription | +> | Microsoft.EventGrid/partnerTopics/eventSubscriptions/getFullUrl/action | Get full URL for the partner topic event subscription | > | Microsoft.EventGrid/partnerTopics/eventSubscriptions/getDeliveryAttributes/action | Get PartnerTopic EventSubscription Delivery Attributes | > | Microsoft.EventGrid/partnerTopics/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for partner topics | > | Microsoft.EventGrid/partnerTopics/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for partner topics | Azure service: [Event Grid](/azure/event-grid/) > | Microsoft.EventGrid/systemTopics/eventSubscriptions/write | Create or update a SystemTopic eventSubscription | > | Microsoft.EventGrid/systemTopics/eventSubscriptions/read | Read a SystemTopic eventSubscription | > | Microsoft.EventGrid/systemTopics/eventSubscriptions/delete | Delete a SystemTopic eventSubscription |-> | Microsoft.EventGrid/systemTopics/eventSubscriptions/getFullUrl/action | Get full url for the SystemTopic event subscription | +> | Microsoft.EventGrid/systemTopics/eventSubscriptions/getFullUrl/action | Get full URL for the SystemTopic event subscription | > | Microsoft.EventGrid/systemTopics/eventSubscriptions/getDeliveryAttributes/action | Get SystemTopic EventSubscription Delivery Attributes | > | Microsoft.EventGrid/systemTopics/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for system topics | > | Microsoft.EventGrid/systemTopics/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for system topics | Azure service: [Event Grid](/azure/event-grid/) > | Microsoft.EventGrid/topics/eventSubscriptions/write | Create or update a Topic eventSubscription | > | Microsoft.EventGrid/topics/eventSubscriptions/read | Read a Topic eventSubscription | > | Microsoft.EventGrid/topics/eventSubscriptions/delete | Delete a Topic eventSubscription |-> | Microsoft.EventGrid/topics/eventSubscriptions/getFullUrl/action | Get full url for the Topic event subscription | +> | Microsoft.EventGrid/topics/eventSubscriptions/getFullUrl/action | Get full URL for the Topic event subscription | > | Microsoft.EventGrid/topics/eventSubscriptions/getDeliveryAttributes/action | Get Topic EventSubscription Delivery Attributes | > | Microsoft.EventGrid/topics/networkSecurityPerimeterAssociationProxies/read | Read NspAssociationProxies for topics | > | Microsoft.EventGrid/topics/networkSecurityPerimeterAssociationProxies/write | Write NspAssociationProxies for topics | Azure service: [Event Hubs](/azure/event-hubs/) > | Microsoft.EventHub/register/action | Registers the subscription for the EventHub resource provider and enables the creation of EventHub resources | > | Microsoft.EventHub/unregister/action | Registers the EventHub Resource Provider | > | Microsoft.EventHub/availableClusterRegions/read | Read operation to list available pre-provisioned clusters by Azure region. |-> | Microsoft.EventHub/clusters/read | Gets the Cluster Resource Description | -> | Microsoft.EventHub/clusters/write | Creates or modifies an existing Cluster resource. | -> | Microsoft.EventHub/clusters/delete | Deletes an existing Cluster resource. | +> | Microsoft.EventHub/clusters/read | Gets EventHub Cluster Resource | +> | Microsoft.EventHub/clusters/write | Create or Update EventHub Cluster Resource | +> | Microsoft.EventHub/clusters/delete | Delete EventHub Cluster Resource | > | Microsoft.EventHub/clusters/namespaces/read | List namespace Azure Resource Manager IDs for namespaces within a cluster. | > | Microsoft.EventHub/clusters/operationresults/read | Get the status of an asynchronous cluster operation. | > | Microsoft.EventHub/clusters/providers/Microsoft.Insights/metricDefinitions/read | Get list of Cluster metrics Resource Descriptions | Azure service: [Event Hubs](/azure/event-hubs/) > | Microsoft.EventHub/namespaces/removeAcsNamepsace/action | Remove ACS namespace | > | Microsoft.EventHub/namespaces/updateState/action | UpdateNamespaceState | > | Microsoft.EventHub/namespaces/privateEndpointConnectionsApproval/action | Approve Private Endpoint Connection |-> | Microsoft.EventHub/namespaces/joinPerimeter/action | Action to Join the Network Security Perimeter. This action is used to perform linked access by NSP RP. | > | Microsoft.EventHub/namespaces/authorizationRules/read | Get the list of Namespaces Authorization Rules description. | > | Microsoft.EventHub/namespaces/authorizationRules/write | Create a Namespace level Authorization Rules and update its properties. The Authorization Rules Access Rights, the Primary and Secondary Keys can be updated. |-> | Microsoft.EventHub/namespaces/authorizationRules/delete | Delete Namespace Authorization Rule. The Default Namespace Authorization Rule cannot be deleted. | +> | Microsoft.EventHub/namespaces/authorizationRules/delete | Delete Namespace Authorization Rule. The Default Namespace Authorization Rule cannot be deleted. | > | Microsoft.EventHub/namespaces/authorizationRules/listkeys/action | Get the Connection String to the Namespace | > | Microsoft.EventHub/namespaces/authorizationRules/regenerateKeys/action | Regenerate the Primary or Secondary key to the Resource | > | Microsoft.EventHub/namespaces/disasterrecoveryconfigs/checkNameAvailability/action | Checks availability of namespace alias under given subscription. | Azure service: [Event Hubs](/azure/event-hubs/) > | Microsoft.EventHub/namespaces/eventhubs/read | Get list of EventHub Resource Descriptions | > | Microsoft.EventHub/namespaces/eventhubs/Delete | Operation to delete EventHub Resource | > | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/action | Operation to update EventHub. This operation is not supported on API version 2017-04-01. Authorization Rules. Please use a PUT call to update Authorization Rule. |-> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/read | Get the list of EventHub Authorization Rules | -> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/write | Create EventHub Authorization Rules and Update its properties. The Authorization Rules Access Rights can be updated. | +> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/read | Get the list of EventHub Authorization Rules | +> | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/write | Create EventHub Authorization Rules and Update its properties. The Authorization Rules Access. Rights can be updated. | > | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/delete | Operation to delete EventHub Authorization Rules | > | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/listkeys/action | Get the Connection String to EventHub | > | Microsoft.EventHub/namespaces/eventhubs/authorizationRules/regenerateKeys/action | Regenerate the Primary or Secondary key to the Resource | Azure service: [Event Hubs](/azure/event-hubs/) > | Microsoft.EventHub/namespaces/networkrulesets/read | Gets NetworkRuleSet Resource | > | Microsoft.EventHub/namespaces/networkrulesets/write | Create VNET Rule Resource | > | Microsoft.EventHub/namespaces/networkrulesets/delete | Delete VNET Rule Resource |-> | Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies/write | Create NetworkSecurityPerimeterAssociationProxies | -> | Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies/read | Get NetworkSecurityPerimeterAssociationProxies | -> | Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies/delete | Delete NetworkSecurityPerimeterAssociationProxies | -> | Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies/reconcile/action | Reconcile NetworkSecurityPerimeterAssociationProxies | +> | Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies/reconcile/action | Reconcile Network Security Perimeter Association Proxy | > | Microsoft.EventHub/namespaces/networkSecurityPerimeterConfigurations/read | Get Network Security Perimeter Configurations | > | Microsoft.EventHub/namespaces/networkSecurityPerimeterConfigurations/reconcile/action | Reconcile Network Security Perimeter Configurations | > | Microsoft.EventHub/namespaces/operationresults/read | Get the status of Namespace operation | Azure service: [Logic Apps](/azure/logic-apps/) > | Action | Description | > | | | > | Microsoft.Logic/register/action | Registers the Microsoft.Logic resource provider for a given subscription. |+> | Microsoft.Logic/businessprocesses/read | Reads the business process. | +> | Microsoft.Logic/businessprocesses/write | Writes the business process. | +> | Microsoft.Logic/businessprocesses/delete | Deletes the business process. | +> | Microsoft.Logic/businessprocesses/developmentartifacts/read | Reads the business process development artifact. | +> | Microsoft.Logic/businessprocesses/developmentartifacts/write | Writes the business process development artifact. | +> | Microsoft.Logic/businessprocesses/developmentartifacts/validate/action | Validates the business process development artifact. | +> | Microsoft.Logic/businessprocesses/versions/read | Reads the business process version. | > | Microsoft.Logic/integrationAccounts/read | Reads the integration account. | > | Microsoft.Logic/integrationAccounts/write | Creates or updates the integration account. | > | Microsoft.Logic/integrationAccounts/delete | Deletes the integration account. | Azure service: [Services Hub](/services-hub/) ## Next steps -- [Azure resource providers and types](/azure/azure-resource-manager/management/resource-providers-and-types)+- [Azure resource providers and types](/azure/azure-resource-manager/management/resource-providers-and-types) |
| role-based-access-control | Internet Of Things | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/internet-of-things.md | Azure service: [Device Update for IoT Hub](/azure/iot-hub-device-update/) > | Microsoft.DeviceUpdate/accounts/instances/updates/read | Performs a read operation related to updates | > | Microsoft.DeviceUpdate/accounts/instances/updates/write | Performs a write operation related to updates | > | Microsoft.DeviceUpdate/accounts/instances/updates/delete | Performs a delete operation related to updates |+> | Microsoft.DeviceUpdate/updateAccounts/agents/requestUpdate/action | Perform all operations related to agent updating (i.e. request updates & report update results) | ## Microsoft.DigitalTwins Azure service: [IoT security](/azure/iot/iot-security-architecture) > | Microsoft.IoTSecurity/locations/deviceGroups/read | Gets device group | > | Microsoft.IoTSecurity/locations/deviceGroups/alerts/read | Gets IoT Alerts | > | Microsoft.IoTSecurity/locations/deviceGroups/alerts/write | Updates IoT Alert properties |-> | Microsoft.IoTSecurity/locations/deviceGroups/alerts/learn/action | Learn and close the alert | -> | Microsoft.IoTSecurity/locations/deviceGroups/alerts/pcapAvailability/action | Get alert PCAP file aviability | -> | Microsoft.IoTSecurity/locations/deviceGroups/alerts/pcapRequest/action | Request related PCAP file for alert | +> | Microsoft.IoTSecurity/locations/deviceGroups/alerts/learn/write | Learn and close the alert | > | Microsoft.IoTSecurity/locations/deviceGroups/alerts/pcaps/write | Request related PCAP file for alert | > | Microsoft.IoTSecurity/locations/deviceGroups/devices/read | Get devices | > | Microsoft.IoTSecurity/locations/deviceGroups/devices/write | Updates device properties | Azure service: [IoT security](/azure/iot/iot-security-architecture) > | Microsoft.IoTSecurity/locations/sites/sensors/triggerTiPackageUpdate/action | Triggers threat intelligence package update | > | Microsoft.IoTSecurity/locations/sites/sensors/downloadResetPassword/action | Downloads reset password file for IoT Sensors | > | Microsoft.IoTSecurity/locations/sites/sensors/updateSoftwareVersion/action | Trigger sensor update |+> | Microsoft.IoTSecurity/locations/sites/sensors/backups/read | Gets remote backup | +> | Microsoft.IoTSecurity/locations/sites/sensors/backups/delete | Deletes remote backup | > | Microsoft.IoTSecurity/onPremiseSensors/read | Gets on-premise IoT Sensors | > | Microsoft.IoTSecurity/onPremiseSensors/write | Creates or updates on-premise IoT Sensors | > | Microsoft.IoTSecurity/onPremiseSensors/delete | Deletes on-premise IoT Sensors | Azure service: [Stream Analytics](/azure/stream-analytics/) > | Microsoft.StreamAnalytics/streamingjobs/transformations/Read | Read Stream Analytics Job Transformation | > | Microsoft.StreamAnalytics/streamingjobs/transformations/Write | Write Stream Analytics Job Transformation | -## Microsoft.TimeSeriesInsights --Explore and analyze time-series data from IoT devices. --Azure service: [Time Series Insights](/azure/time-series-insights/) --> [!div class="mx-tableFixed"] -> | Action | Description | -> | | | -> | Microsoft.TimeSeriesInsights/register/action | Registers the subscription for the Time Series Insights resource provider and enables the creation of Time Series Insights environments. | -> | Microsoft.TimeSeriesInsights/environments/read | Get the properties of an environment. | -> | Microsoft.TimeSeriesInsights/environments/write | Creates a new environment, or updates an existing environment. | -> | Microsoft.TimeSeriesInsights/environments/delete | Deletes the environment. | -> | Microsoft.TimeSeriesInsights/environments/accesspolicies/read | Get the properties of an access policy. | -> | Microsoft.TimeSeriesInsights/environments/accesspolicies/write | Creates a new access policy for an environment, or updates an existing access policy. | -> | Microsoft.TimeSeriesInsights/environments/accesspolicies/delete | Deletes the access policy. | -> | Microsoft.TimeSeriesInsights/environments/eventsources/read | Get the properties of an event source. | -> | Microsoft.TimeSeriesInsights/environments/eventsources/write | Creates a new event source for an environment, or updates an existing event source. | -> | Microsoft.TimeSeriesInsights/environments/eventsources/delete | Deletes the event source. | -> | Microsoft.TimeSeriesInsights/environments/eventsources/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource | -> | Microsoft.TimeSeriesInsights/environments/eventsources/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource | -> | Microsoft.TimeSeriesInsights/environments/eventsources/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for the event source | -> | Microsoft.TimeSeriesInsights/environments/eventsources/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for eventsources | -> | Microsoft.TimeSeriesInsights/environments/privateEndpointConnectionProxies/read | Get the properties of a private endpoint connection proxy. | -> | Microsoft.TimeSeriesInsights/environments/privateEndpointConnectionProxies/write | Creates a new private endpoint connection proxy for an environment, or updates an existing connection proxy. | -> | Microsoft.TimeSeriesInsights/environments/privateEndpointConnectionProxies/delete | Deletes the private endpoint connection proxy. | -> | Microsoft.TimeSeriesInsights/environments/privateEndpointConnectionProxies/validate/action | Validate the private endpoint connection proxy object before creation. | -> | Microsoft.TimeSeriesInsights/environments/privateEndpointConnectionProxies/operationresults/read | Validate the private endpoint connection proxy operation status. | -> | Microsoft.TimeSeriesInsights/environments/privateendpointConnections/read | Get the properties of a private endpoint connection. | -> | Microsoft.TimeSeriesInsights/environments/privateendpointConnections/write | Creates a new private endpoint connection for an environment, or updates an existing connection. | -> | Microsoft.TimeSeriesInsights/environments/privateendpointConnections/delete | Deletes the private endpoint connection. | -> | Microsoft.TimeSeriesInsights/environments/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource | -> | Microsoft.TimeSeriesInsights/environments/providers/Microsoft.Insights/diagnosticSettings/write | Creates or updates the diagnostic setting for the resource | -> | Microsoft.TimeSeriesInsights/environments/providers/Microsoft.Insights/logDefinitions/read | Gets the available logs for environments | -> | Microsoft.TimeSeriesInsights/environments/providers/Microsoft.Insights/metricDefinitions/read | Gets the available metrics for environments | -> | Microsoft.TimeSeriesInsights/environments/referencedatasets/read | Get the properties of a reference data set. | -> | Microsoft.TimeSeriesInsights/environments/referencedatasets/write | Creates a new reference data set for an environment, or updates an existing reference data set. | -> | Microsoft.TimeSeriesInsights/environments/referencedatasets/delete | Deletes the reference data set. | -> | Microsoft.TimeSeriesInsights/environments/status/read | Get the status of the environment, state of its associated operations like ingress. | - ## Next steps - [Azure resource providers and types](/azure/azure-resource-manager/management/resource-providers-and-types) |
| role-based-access-control | Management And Governance | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/management-and-governance.md | Azure service: [Automation](/azure/automation/) > | | | > | Microsoft.Automation/register/action | Registers the subscription to Azure Automation | > | Microsoft.Automation/automationAccounts/convertGraphRunbookContent/action | Convert Graph Runbook Content to its raw serialized format and vice-versa |-> | Microsoft.Automation/automationAccounts/webhooks/action | Generates a URI for an Azure Automation webhook | > | Microsoft.Automation/automationAccounts/read | Gets an Azure Automation account | > | Microsoft.Automation/automationAccounts/write | Creates or updates an Azure Automation account | > | Microsoft.Automation/automationAccounts/listKeys/action | Reads the Keys for the automation account | Azure service: [Automation](/azure/automation/) > | Microsoft.Automation/automationAccounts/watchers/watcherActions/write | Create an Azure Automation watcher job actions | > | Microsoft.Automation/automationAccounts/watchers/watcherActions/read | Gets an Azure Automation watcher job actions | > | Microsoft.Automation/automationAccounts/watchers/watcherActions/delete | Delete an Azure Automation watcher job actions |-> | Microsoft.Automation/automationAccounts/webhooks/read | Reads an Azure Automation webhook | -> | Microsoft.Automation/automationAccounts/webhooks/write | Creates or updates an Azure Automation webhook | -> | Microsoft.Automation/automationAccounts/webhooks/delete | Deletes an Azure Automation webhook | > | Microsoft.Automation/deletedAutomationAccounts/read | Gets an Azure Automation deleted account | > | Microsoft.Automation/operations/read | Gets Available Operations for Azure Automation resources | Azure service: [Cost Management + Billing](/azure/cost-management-billing/) > | Microsoft.Billing/billingAccounts/associatedTenants/read | Lists the associated tenants that can collaborate with the billing account on commerce activities like viewing and downloading invoices, managing payments, making purchases, and managing or provisioning licenses. | > | Microsoft.Billing/billingAccounts/associatedTenants/write | Create or update an associated tenant for the billing account. | > | Microsoft.Billing/billingAccounts/availableBalance/read | The Available Credit or Payment on Account Balance for a billing account.<br>The credit balance can be used to settle due or past due invoices and is supported for billing accounts with agreement type Microsoft Customer Agreement.<br>The payment on account balance is supported for billing accounts with agreement type Microsoft Customer Agreement or Microsoft Online Services Program. |+> | Microsoft.Billing/billingAccounts/billingPeriods/read | Lists the valid Billing Periods for a Billing Account. The operation is supported only for billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/billingPermissions/read | Lists the billing permissions the caller has on a billing account. | > | Microsoft.Billing/billingAccounts/billingProfiles/read | Lists the billing profiles that a user has access to. The operation is supported for billing accounts with agreement of type Microsoft Customer Agreement and Microsoft Partner Agreement. | > | Microsoft.Billing/billingAccounts/billingProfiles/write | Creates or updates a billing profile.<br>The operation is supported for billing accounts with agreement type Microsoft Customer Agreement, Microsoft Partner Agreement and Enterprise Agreement.<br>If you are a MCA Individual (Pay-as-you-go) customer, then please use the Azure portal experience to create the billing profile. | Azure service: [Cost Management + Billing](/azure/cost-management-billing/) > | Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/action | | > | Microsoft.Billing/billingAccounts/billingProfiles/alerts/read | Lists the alerts for a billing profile. The operation is supported for billing accounts with agreement type Microsoft Customer Agreement and Microsoft Partner Agreement. | > | Microsoft.Billing/billingAccounts/billingProfiles/availableBalance/read | The Available Credit or Payment on Account Balance for a billing profile.<br>The credit balance can be used to settle due or past due invoices and is supported for billing accounts with agreement type Microsoft Customer Agreement.<br>The payment on account balance is supported for billing accounts with agreement type Microsoft Customer Agreement. |+> | Microsoft.Billing/billingAccounts/billingProfiles/billingPeriods/read | Lists the valid Billing Periods for a Billing Profile. The operation is supported only for billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/billingProfiles/billingPermissions/read | Lists the billing permissions the caller has on a billing profile. | > | Microsoft.Billing/billingAccounts/billingProfiles/billingProviders/register/write | Registers a resource provider with Microsoft.Billing at billing profile scope. | > | Microsoft.Billing/billingAccounts/billingProfiles/billingProviders/unregister/write | Unregisters a resource provider with Microsoft.Billing at billing profile scope. | Azure service: [Cost Management + Billing](/azure/cost-management-billing/) > | Microsoft.Billing/billingAccounts/billingProfiles/customers/resolveBillingRoleAssignments/write | Lists the role assignments for the caller on a customer while fetching user info for each role assignment. The operation is supported for billing accounts with agreement type Microsoft Partner Agreement. | > | Microsoft.Billing/billingAccounts/billingProfiles/customers/transactions/read | Lists the billed or unbilled transactions by customer id for given start date and end date.<br>Transactions include purchases, refunds and Azure usage charges.<br>Unbilled transactions are listed under pending invoice Id and do not include tax.<br>Tax is added to the amount once an invoice is generated. | > | Microsoft.Billing/billingAccounts/billingProfiles/departments/read | Lists the departments that a user has access to. The operation is supported only for billing accounts with agreement type Enterprise Agreement. |+> | Microsoft.Billing/billingAccounts/billingProfiles/departments/billingPeriods/read | Lists the valid Billing Periods by billing profile ID and department name. The operation is supported only for Departments under billing profiles with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/billingProfiles/departments/billingPermissions/read | | > | Microsoft.Billing/billingAccounts/billingProfiles/departments/billingRoleDefinitions/read | Gets the definition for a role on a department. The operation is supported for billing profiles with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/billingProfiles/departments/billingSubscriptions/read | List billing subscriptions by billing profile ID and department name. This operation is supported only for billing accounts of type Enterprise Agreement. |-> | Microsoft.Billing/billingAccounts/billingProfiles/departments/enrollmentAccounts/read | Get list of enrollment accounts using billing profile ID and department ID | +> | Microsoft.Billing/billingAccounts/billingProfiles/departments/enrollmentAccounts/read | Get list of enrollment accounts using billing | +> | Microsoft.Billing/billingAccounts/billingProfiles/departments/enrollmentAccounts/billingPeriods/read | Lists the valid Billing Periods for an Enrollment Account under Department under Billing Profile. The operation is supported only for enrollment profiles under billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/billingProfiles/enrollmentAccounts/read | Lists the enrollment accounts for a specific billing account and a billing profile belonging to it. |+> | Microsoft.Billing/billingAccounts/billingProfiles/enrollmentAccounts/billingPeriods/read | Lists the valid Billing Periods for an Enrollment Account under Billing Profile. The operation is supported only for billing profiles under billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/billingProfiles/enrollmentAccounts/billingPermissions/read | | > | Microsoft.Billing/billingAccounts/billingProfiles/enrollmentAccounts/billingSubscriptions/read | List billing subscriptions by billing profile ID and enrollment account name. This operation is supported only for billing accounts of type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/billingProfiles/invoices/download/action | | Azure service: [Cost Management + Billing](/azure/cost-management-billing/) > | Microsoft.Billing/billingAccounts/departments/read | Lists the departments that a user has access to. The operation is supported only for billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/departments/write | | > | Microsoft.Billing/billingAccounts/departments/addEnrollmentAccount/write | |+> | Microsoft.Billing/billingAccounts/departments/billingPeriods/read | Lists the valid Billing Periods for a Department. The operation is supported only for Departments under billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/departments/billingPermissions/read | Lists the billing permissions the caller has for a department. | > | Microsoft.Billing/billingAccounts/departments/billingRoleAssignments/write | Create or update a billing role assignment. The operation is supported only for billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/departments/billingRoleAssignments/read | Gets a role assignment for the caller on a department. The operation is supported only for billing accounts with agreement type Enterprise Agreement. | Azure service: [Cost Management + Billing](/azure/cost-management-billing/) > | Microsoft.Billing/billingAccounts/departments/checkAccess/write | Provides a list of check access response objects for a department. | > | Microsoft.Billing/billingAccounts/departments/enrollmentAccounts/read | Lists the enrollment accounts for a department. The operation is supported only for billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/departments/enrollmentAccounts/write | |+> | Microsoft.Billing/billingAccounts/departments/enrollmentAccounts/billingPeriods/read | Lists the valid Billing Periods for an Enrollment Account under Department. The operation is supported only for enrollment accounts under billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/departments/enrollmentAccounts/remove/write | | > | Microsoft.Billing/billingAccounts/downloadDocuments/write | Gets a URL to download multiple invoice documents (invoice pdf, tax receipts, credit notes) as a zip file. The operation is supported for billing accounts with agreement type Microsoft Partner Agreement or Microsoft Customer Agreement. | > | Microsoft.Billing/billingAccounts/enrollmentAccounts/read | Lists the enrollment accounts for a billing account. The operation is supported only for billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/enrollmentAccounts/write | | > | Microsoft.Billing/billingAccounts/enrollmentAccounts/activate/write | | > | Microsoft.Billing/billingAccounts/enrollmentAccounts/activationStatus/read | |+> | Microsoft.Billing/billingAccounts/enrollmentAccounts/billingPeriods/read | Lists the valid Billing Periods for an Enrollment Account. The operation is supported only for enrollment accounts under billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/enrollmentAccounts/billingPermissions/read | Lists the billing permissions the caller has for an enrollment account. | > | Microsoft.Billing/billingAccounts/enrollmentAccounts/billingRoleAssignments/write | Create or update a billing role assignment. The operation is supported only for billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/enrollmentAccounts/billingRoleAssignments/read | Gets a role assignment for the caller on a enrollment Account. The operation is supported only for billing accounts with agreement type Enterprise Agreement. | Azure service: [Cost Management + Billing](/azure/cost-management-billing/) > | Microsoft.Billing/billingAccounts/invoices/read | Lists the invoices for a billing account for a given start date and end date. The operation is supported for billing accounts with agreement type Microsoft Partner Agreement, Microsoft Customer Agreement, or Microsoft Online Services Program. | > | Microsoft.Billing/billingAccounts/invoices/amend/write | Regenerate an invoice by billing account name and invoice name. The operation is supported for billing accounts with agreement type Microsoft Customer Agreement. | > | Microsoft.Billing/billingAccounts/invoices/download/write | Gets a URL to download an invoice document. The operation is supported for billing accounts with agreement type Microsoft Partner Agreement, Microsoft Customer Agreement or Enterprise Agreement. |+> | Microsoft.Billing/billingAccounts/invoices/downloadSummary/write | Gets a URL to download the summary document for an invoice. The operation is supported for billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/invoices/pricesheet/download/action | |-> | Microsoft.Billing/billingAccounts/invoices/summaryDownload/write | Gets a URL to download the summary document for an invoice. The operation is supported for billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/invoices/transactions/read | Lists the transactions for an invoice. Transactions include purchases, refunds and Azure usage charges. | > | Microsoft.Billing/billingAccounts/invoices/transactionsDownload/write | Gets a URL to download the transactions document for an invoice. The operation is supported for billing accounts with agreement type Enterprise Agreement. | > | Microsoft.Billing/billingAccounts/invoices/transactionSummary/read | Gets the transaction summary for an invoice. Transactions include purchases, refunds and Azure usage charges. | Azure service: [Cost Management + Billing](/azure/cost-management-billing/) > | Microsoft.Billing/invoices/read | | > | Microsoft.Billing/invoices/download/action | Download invoice using download link from list | > | Microsoft.Billing/operations/read | List of operations supported by provider. |+> | Microsoft.Billing/paymentMethods/read | Lists the payment methods owned by the caller. | +> | Microsoft.Billing/paymentMethods/write | Deletes a payment method owned by the caller. | > | Microsoft.Billing/policies/read | Lists the policies that are managed by the Billing Admin for the defined subscriptions. This is supported for Microsoft Online Services Program, Microsoft Customer Agreement and Microsoft Partner Agreement. | > | Microsoft.Billing/promotions/read | List or get promotions | > | Microsoft.Billing/validateAddress/write | | Azure service: [Site Recovery](/azure/site-recovery/) > | Microsoft.RecoveryServices/Locations/backupValidateFeatures/action | Validate Features | > | Microsoft.RecoveryServices/locations/allocateStamp/action | AllocateStamp is internal operation used by service | > | Microsoft.RecoveryServices/locations/checkNameAvailability/action | Check Resource Name Availability is an API to check if resource name is available |+> | Microsoft.RecoveryServices/locations/capabilities/action | List capabilities at a given location. | > | Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp is internal operation used by service | > | Microsoft.RecoveryServices/Locations/backupAadProperties/read | Get AAD Properties for authentication in the third region for Cross Region Restore. | > | Microsoft.RecoveryServices/Locations/backupCrrOperationResults/read | Returns CRR Operation Result for Recovery Services Vault. | Azure service: [Site Recovery](/azure/site-recovery/) > | Microsoft.RecoveryServices/Vaults/write | Create Vault operation creates an Azure resource of type 'vault' | > | Microsoft.RecoveryServices/Vaults/read | The Get Vault operation gets an object representing the Azure resource of type 'vault' | > | Microsoft.RecoveryServices/Vaults/delete | The Delete Vault operation deletes the specified Azure resource of type 'vault' |+> | Microsoft.RecoveryServices/Vaults/PrivateEndpointConnectionsApproval/action | Approve the Private Endpoint Connection. | > | Microsoft.RecoveryServices/Vaults/backupconfig/read | Returns Configuration for Recovery Services Vault. | > | Microsoft.RecoveryServices/Vaults/backupconfig/write | Updates Configuration for Recovery Services Vault. | > | Microsoft.RecoveryServices/Vaults/backupDeletedProtectionContainers/read | Returns all containers belonging to the subscription | Azure service: [Site Recovery](/azure/site-recovery/) > | Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | Get Recovery Points for Protected Items. | > | Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action | Restore Recovery Points for Protected Items. | > | Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action | Revoke Instant Item Recovery for Protected Item |+> | Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/write | Update Recovery Point for Protected Item. | > | Microsoft.RecoveryServices/Vaults/backupJobs/cancel/action | Cancel the Job | > | Microsoft.RecoveryServices/Vaults/backupJobs/read | Returns all Job Objects | > | Microsoft.RecoveryServices/Vaults/backupJobs/retry/action | Retry the Job | Azure service: [Site Recovery](/azure/site-recovery/) > | Microsoft.RecoveryServices/Vaults/extendedInformation/read | The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? | > | Microsoft.RecoveryServices/Vaults/extendedInformation/write | The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? | > | Microsoft.RecoveryServices/Vaults/extendedInformation/delete | The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |-> | Microsoft.RecoveryServices/Vaults/locations/capabilities/action | List capabilities at a given location. | > | Microsoft.RecoveryServices/Vaults/monitoringAlerts/read | Gets the alerts for the Recovery services vault. | > | Microsoft.RecoveryServices/Vaults/monitoringAlerts/write | Resolves the alert. | > | Microsoft.RecoveryServices/Vaults/monitoringConfigurations/read | Gets the Recovery services vault notification configuration. | Azure service: [Site Recovery](/azure/site-recovery/) > | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/write | Create or Update any Protection Containers | > | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/remove/action | Remove Protection Container | > | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action | Switch Protection Container |+> | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchClusterProtection/action | | > | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/operationresults/read | Track the results of an asynchronous operation on the resource Protection Containers | > | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationMigrationItems/read | Read any Migration Items | > | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationMigrationItems/write | Create or Update any Migration Items | Azure service: [Site Recovery](/azure/site-recovery/) > | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/operationresults/read | Track the results of an asynchronous operation on the resource Protected Items | > | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read | Read any Replication Recovery Points | > | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/targetComputeSizes/read | Read any Target Compute Sizes |+> | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionClusters/read | Read any | +> | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionClusters/delete | Delete any | +> | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionClusters/unplannedFailover/action | | +> | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionClusters/testFailover/action | | +> | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionClusters/testFailoverCleanup/action | | +> | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionClusters/applyRecoveryPoint/action | | +> | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionClusters/failoverCommit/action | | +> | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionClusters/repairReplication/action | | +> | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionClusters/operationresults/read | Track the results of an asynchronous operation on the resource | > | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read | Read any Protection Container Mappings | > | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/write | Create or Update any Protection Container Mappings | > | Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/remove/action | Remove Protection Container Mapping | |
| role-based-access-control | Migration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/migration.md | Azure service: [Azure Database Migration Service](/azure/dms/) > | Microsoft.DataMigration/migrationServices/delete | Delete existing Service | > | Microsoft.DataMigration/migrationServices/read | Retrieve details of Migration Service | > | Microsoft.DataMigration/migrationServices/read | Retrieve details of Migration Services in a Resource Group |+> | Microsoft.DataMigration/migrationServices/validateIR/action | | > | Microsoft.DataMigration/migrationServices/read | Retrieve all services in the Subscription | > | Microsoft.DataMigration/migrationServices/listMigrations/read | | > | Microsoft.DataMigration/operations/read | Get all REST Operations | |
| role-based-access-control | Mixed Reality | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/mixed-reality.md | |
| role-based-access-control | Monitor | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/monitor.md | Azure service: [Azure Managed Grafana](/azure/managed-grafana/) > | **DataAction** | **Description** | > | Microsoft.Dashboard/grafana/ActAsGrafanaAdmin/action | Act as Grafana Admin role | > | Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action | Act as Grafana Editor role |-> | Microsoft.Dashboard/grafana/ActAsGrafanaLimitedViewer/action | Act as Grafana Limited Viewer role | > | Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action | Act as Grafana Viewer role |+> | Microsoft.Dashboard/grafana/ActAsGrafanaLimitedViewer/action | Act as Grafana Limited Viewer role | ## Microsoft.Insights Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.Insights/Components/FeatureCapabilities/Read | Reading Application Insights component feature capabilities | > | Microsoft.Insights/Components/GetAvailableBillingFeatures/Read | Reading Application Insights component available billing features | > | Microsoft.Insights/Components/GetToken/Read | Reading an Application Insights component token |+> | Microsoft.Insights/Components/linkedStorageAccounts/Read | Read linked storage account | +> | Microsoft.Insights/Components/linkedStorageAccounts/Write | Create or modify linked storage account | > | Microsoft.Insights/Components/MetricDefinitions/Read | Reading Application Insights component metric definitions | > | Microsoft.Insights/Components/Metrics/Read | Reading Application Insights component metrics | > | Microsoft.Insights/Components/MyAnalyticsItems/Delete | Deleting an Application Insights personal analytics item | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/deletedworkspaces/read | Lists workspaces in soft deleted period. | > | Microsoft.OperationalInsights/linktargets/read | Lists workspaces in soft deleted period. | > | Microsoft.OperationalInsights/locations/operationstatuses/read | Get Log Analytics Azure Async Operation Status |+> | Microsoft.OperationalInsights/locations/workspaces/failover/action | Initiates workspace failover to replication location. | > | Microsoft.OperationalInsights/operations/read | Lists all of the available OperationalInsights REST API operations. | > | Microsoft.OperationalInsights/querypacks/read | Get Query Pack. | > | Microsoft.OperationalInsights/querypacks/write | Create or update Query Pack. | > | Microsoft.OperationalInsights/querypacks/delete | Delete Query Pack. |+> | Microsoft.OperationalInsights/querypacks/queries/action | Perform Action on Queries in Query Pack. | +> | Microsoft.OperationalInsights/querypacks/queries/read | Get Query Pack Queries. | +> | Microsoft.OperationalInsights/querypacks/queries/write | Create or update Query Pack Queries. | +> | Microsoft.OperationalInsights/querypacks/queries/delete | Delete Query Pack Queries. | > | Microsoft.OperationalInsights/workspaces/write | Creates a new workspace or links to an existing workspace by providing the customer id from the existing workspace. | > | Microsoft.OperationalInsights/workspaces/read | Gets an existing workspace | > | Microsoft.OperationalInsights/workspaces/delete | Deletes a workspace. If the workspace was linked to an existing workspace at creation time then the workspace it was linked to is not deleted. | > | Microsoft.OperationalInsights/workspaces/generateRegistrationCertificate/action | Generates Registration Certificate for the workspace. This Certificate is used to connect Microsoft System Center Operation Manager to the workspace. |+> | Microsoft.OperationalInsights/workspaces/failback/action | Initiates workspace failback. | > | Microsoft.OperationalInsights/workspaces/sharedkeys/action | Retrieves the shared keys for the workspace. These keys are used to connect Microsoft Operational Insights agents to the workspace. | > | Microsoft.OperationalInsights/workspaces/listKeys/action | Retrieves the list keys for the workspace. These keys are used to connect Microsoft Operational Insights agents to the workspace. | > | Microsoft.OperationalInsights/workspaces/regenerateSharedKey/action | Regenerates the specified workspace shared key | > | Microsoft.OperationalInsights/workspaces/search/action | Executes a search query | > | Microsoft.OperationalInsights/workspaces/purge/action | Delete specified data by query from workspace. |+> | Microsoft.OperationalInsights/workspaces/customfields/action | Extract custom fields. | > | Microsoft.OperationalInsights/workspaces/analytics/query/action | Search using new engine. | > | Microsoft.OperationalInsights/workspaces/analytics/query/schema/read | Get search schema V2. | > | Microsoft.OperationalInsights/workspaces/api/query/action | Search using new engine. | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/configurationscopes/read | Get configuration scope in a workspace. | > | Microsoft.OperationalInsights/workspaces/configurationscopes/write | Create configuration scope in a workspace. | > | Microsoft.OperationalInsights/workspaces/configurationscopes/delete | Delete configuration scope in a workspace. |+> | Microsoft.OperationalInsights/workspaces/customfields/write | Create or update a custom field. | +> | Microsoft.OperationalInsights/workspaces/customfields/read | Get a custom field. | +> | Microsoft.OperationalInsights/workspaces/customfields/delete | Delete a custom field. | > | Microsoft.OperationalInsights/workspaces/dataexports/read | Get data export. | > | Microsoft.OperationalInsights/workspaces/dataexports/write | Create or update specific data export. | > | Microsoft.OperationalInsights/workspaces/dataexports/delete | Delete specific Data Export/ | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/listKeys/read | Retrieves the list keys for the workspace. These keys are used to connect Microsoft Operational Insights agents to the workspace. | > | Microsoft.OperationalInsights/workspaces/managementgroups/read | Gets the names and metadata for System Center Operations Manager management groups connected to this workspace. | > | Microsoft.OperationalInsights/workspaces/metricDefinitions/read | Get Metric Definitions under workspace |+> | Microsoft.OperationalInsights/workspaces/networkSecurityPerimeterAssociationProxies/write | Write Network Security Perimeter Association Proxies. | +> | Microsoft.OperationalInsights/workspaces/networkSecurityPerimeterAssociationProxies/read | Read Network Security Perimeter Association Proxies. | +> | Microsoft.OperationalInsights/workspaces/networkSecurityPerimeterAssociationProxies/delete | Delete Network Security Perimeter Association Proxies. | +> | Microsoft.OperationalInsights/workspaces/networkSecurityPerimeterConfigurations/write | Write Network Security Perimeter Configurations. | +> | Microsoft.OperationalInsights/workspaces/networkSecurityPerimeterConfigurations/read | Read Network Security Perimeter Configurations. | +> | Microsoft.OperationalInsights/workspaces/networkSecurityPerimeterConfigurations/delete | Delete Network Security Perimeter Configurations. | > | Microsoft.OperationalInsights/workspaces/notificationsettings/read | Get the user's notification settings for the workspace. | > | Microsoft.OperationalInsights/workspaces/notificationsettings/write | Set the user's notification settings for the workspace. | > | Microsoft.OperationalInsights/workspaces/notificationsettings/delete | Delete the user's notification settings for the workspace. | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/query/ABSDependenciesRequests/read | Read data from the ABSDependenciesRequests table | > | Microsoft.OperationalInsights/workspaces/query/ACICollaborationAudit/read | Read data from the ACICollaborationAudit table | > | Microsoft.OperationalInsights/workspaces/query/ACRConnectedClientList/read | Read data from the ACRConnectedClientList table |+> | Microsoft.OperationalInsights/workspaces/query/ACREntraAuthenticationAuditLog/read | Read data from the ACREntraAuthenticationAuditLog table | +> | Microsoft.OperationalInsights/workspaces/query/ACSAdvancedMessagingOperations/read | Read data from the ACSAdvancedMessagingOperations table | > | Microsoft.OperationalInsights/workspaces/query/ACSAuthIncomingOperations/read | Read data from the ACSAuthIncomingOperations table | > | Microsoft.OperationalInsights/workspaces/query/ACSBillingUsage/read | Read data from the ACSBillingUsage table | > | Microsoft.OperationalInsights/workspaces/query/ACSCallAutomationIncomingOperations/read | Read data from the ACSCallAutomationIncomingOperations table | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/query/ACSEmailStatusUpdateOperational/read | Read data from the ACSEmailStatusUpdateOperational table | > | Microsoft.OperationalInsights/workspaces/query/ACSEmailUserEngagementOperational/read | Read data from the ACSEmailUserEngagementOperational table | > | Microsoft.OperationalInsights/workspaces/query/ACSJobRouterIncomingOperations/read | Read data from the ACSJobRouterIncomingOperations table |-> | Microsoft.OperationalInsights/workspaces/query/ACSNetworkTraversalDiagnostics/read | Read data from the ACSNetworkTraversalDiagnostics table | -> | Microsoft.OperationalInsights/workspaces/query/ACSNetworkTraversalIncomingOperations/read | Read data from the ACSNetworkTraversalIncomingOperations table | > | Microsoft.OperationalInsights/workspaces/query/ACSRoomsIncomingOperations/read | Read data from the ACSRoomsIncomingOperations table | > | Microsoft.OperationalInsights/workspaces/query/ACSSMSIncomingOperations/read | Read data from the ACSSMSIncomingOperations table | > | Microsoft.OperationalInsights/workspaces/query/ADAssessmentRecommendation/read | Read data from the ADAssessmentRecommendation table | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/query/ADTModelsOperation/read | Read data from the ADTModelsOperation table | > | Microsoft.OperationalInsights/workspaces/query/ADTQueryOperation/read | Read data from the ADTQueryOperation table | > | Microsoft.OperationalInsights/workspaces/query/ADXCommand/read | Read data from the ADXCommand table |+> | Microsoft.OperationalInsights/workspaces/query/ADXDataOperation/read | Read data from the ADXDataOperation table | > | Microsoft.OperationalInsights/workspaces/query/ADXIngestionBatching/read | Read data from the ADXIngestionBatching table | > | Microsoft.OperationalInsights/workspaces/query/ADXJournal/read | Read data from the ADXJournal table | > | Microsoft.OperationalInsights/workspaces/query/ADXQuery/read | Read data from the ADXQuery table | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/query/AGWAccessLogs/read | Read data from the AGWAccessLogs table | > | Microsoft.OperationalInsights/workspaces/query/AGWFirewallLogs/read | Read data from the AGWFirewallLogs table | > | Microsoft.OperationalInsights/workspaces/query/AGWPerformanceLogs/read | Read data from the AGWPerformanceLogs table |+> | Microsoft.OperationalInsights/workspaces/query/AHDSDeidAuditLogs/read | Read data from the AHDSDeidAuditLogs table | > | Microsoft.OperationalInsights/workspaces/query/AHDSDicomAuditLogs/read | Read data from the AHDSDicomAuditLogs table | > | Microsoft.OperationalInsights/workspaces/query/AHDSDicomDiagnosticLogs/read | Read data from the AHDSDicomDiagnosticLogs table | > | Microsoft.OperationalInsights/workspaces/query/AHDSMedTechDiagnosticLogs/read | Read data from the AHDSMedTechDiagnosticLogs table | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/query/AOIStorage/read | Read data from the AOIStorage table | > | Microsoft.OperationalInsights/workspaces/query/ApiManagementGatewayLogs/read | Read data from the ApiManagementGatewayLogs table | > | Microsoft.OperationalInsights/workspaces/query/ApiManagementWebSocketConnectionLogs/read | Read data from the ApiManagementWebSocketConnectionLogs table |+> | Microsoft.OperationalInsights/workspaces/query/APIMDevPortalAuditDiagnosticLog/read | Read data from the APIMDevPortalAuditDiagnosticLog table | > | Microsoft.OperationalInsights/workspaces/query/AppAvailabilityResults/read | Read data from the AppAvailabilityResults table | > | Microsoft.OperationalInsights/workspaces/query/AppBrowserTimings/read | Read data from the AppBrowserTimings table | > | Microsoft.OperationalInsights/workspaces/query/AppCenterError/read | Read data from the AppCenterError table | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/query/ASRJobs/read | Read data from the ASRJobs table | > | Microsoft.OperationalInsights/workspaces/query/ASRReplicatedItems/read | Read data from the ASRReplicatedItems table | > | Microsoft.OperationalInsights/workspaces/query/ATCExpressRouteCircuitIpfix/read | Read data from the ATCExpressRouteCircuitIpfix table |+> | Microsoft.OperationalInsights/workspaces/query/ATCPrivatePeeringMetadata/read | Read data from the ATCPrivatePeeringMetadata table | > | Microsoft.OperationalInsights/workspaces/query/AuditLogs/read | Read data from the AuditLogs table | > | Microsoft.OperationalInsights/workspaces/query/AUIEventsAudit/read | Read data from the AUIEventsAudit table | > | Microsoft.OperationalInsights/workspaces/query/AUIEventsOperational/read | Read data from the AUIEventsOperational table | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/query/AWSCloudWatch/read | Read data from the AWSCloudWatch table | > | Microsoft.OperationalInsights/workspaces/query/AWSGuardDuty/read | Read data from the AWSGuardDuty table | > | Microsoft.OperationalInsights/workspaces/query/AWSVPCFlow/read | Read data from the AWSVPCFlow table |+> | Microsoft.OperationalInsights/workspaces/query/AWSWAF/read | Read data from the AWSWAF table | > | Microsoft.OperationalInsights/workspaces/query/AZFWApplicationRule/read | Read data from the AZFWApplicationRule table | > | Microsoft.OperationalInsights/workspaces/query/AZFWApplicationRuleAggregation/read | Read data from the AZFWApplicationRuleAggregation table | > | Microsoft.OperationalInsights/workspaces/query/AZFWDnsQuery/read | Read data from the AZFWDnsQuery table | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/query/CDBPartitionKeyRUConsumption/read | Read data from the CDBPartitionKeyRUConsumption table | > | Microsoft.OperationalInsights/workspaces/query/CDBPartitionKeyStatistics/read | Read data from the CDBPartitionKeyStatistics table | > | Microsoft.OperationalInsights/workspaces/query/CDBQueryRuntimeStatistics/read | Read data from the CDBQueryRuntimeStatistics table |+> | Microsoft.OperationalInsights/workspaces/query/CDBTableApiRequests/read | Read data from the CDBTableApiRequests table | > | Microsoft.OperationalInsights/workspaces/query/ChaosStudioExperimentEventLogs/read | Read data from the ChaosStudioExperimentEventLogs table | > | Microsoft.OperationalInsights/workspaces/query/CHSMManagementAuditLogs/read | Read data from the CHSMManagementAuditLogs table |+> | Microsoft.OperationalInsights/workspaces/query/CHSMServiceOperationAuditLogs/read | Read data from the CHSMServiceOperationAuditLogs table | > | Microsoft.OperationalInsights/workspaces/query/CIEventsAudit/read | Read data from the CIEventsAudit table | > | Microsoft.OperationalInsights/workspaces/query/CIEventsOperational/read | Read data from the CIEventsOperational table | > | Microsoft.OperationalInsights/workspaces/query/CloudAppEvents/read | Read data from the CloudAppEvents table | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/query/DHOSCrashData/read | Read data from the DHOSCrashData table | > | Microsoft.OperationalInsights/workspaces/query/DHOSReliability/read | Read data from the DHOSReliability table | > | Microsoft.OperationalInsights/workspaces/query/DHWipAppLearning/read | Read data from the DHWipAppLearning table |+> | Microsoft.OperationalInsights/workspaces/query/DnsAuditEvents/read | Read data from the DnsAuditEvents table | > | Microsoft.OperationalInsights/workspaces/query/DnsEvents/read | Read data from the DnsEvents table | > | Microsoft.OperationalInsights/workspaces/query/DnsInventory/read | Read data from the DnsInventory table | > | Microsoft.OperationalInsights/workspaces/query/DNSQueryLogs/read | Read data from the DNSQueryLogs table | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/query/DynamicEventCollection/read | Read data from the DynamicEventCollection table | > | Microsoft.OperationalInsights/workspaces/query/Dynamics365Activity/read | Read data from the Dynamics365Activity table | > | Microsoft.OperationalInsights/workspaces/query/DynamicSummary/read | Read data from the DynamicSummary table |+> | Microsoft.OperationalInsights/workspaces/query/EGNFailedHttpDataPlaneOperations/read | Read data from the EGNFailedHttpDataPlaneOperations table | > | Microsoft.OperationalInsights/workspaces/query/EGNFailedMqttConnections/read | Read data from the EGNFailedMqttConnections table | > | Microsoft.OperationalInsights/workspaces/query/EGNFailedMqttPublishedMessages/read | Read data from the EGNFailedMqttPublishedMessages table | > | Microsoft.OperationalInsights/workspaces/query/EGNFailedMqttSubscriptions/read | Read data from the EGNFailedMqttSubscriptions table | > | Microsoft.OperationalInsights/workspaces/query/EGNMqttDisconnections/read | Read data from the EGNMqttDisconnections table |+> | Microsoft.OperationalInsights/workspaces/query/EGNSuccessfulHttpDataPlaneOperations/read | Read data from the EGNSuccessfulHttpDataPlaneOperations table | > | Microsoft.OperationalInsights/workspaces/query/EGNSuccessfulMqttConnections/read | Read data from the EGNSuccessfulMqttConnections table | > | Microsoft.OperationalInsights/workspaces/query/EmailAttachmentInfo/read | Read data from the EmailAttachmentInfo table | > | Microsoft.OperationalInsights/workspaces/query/EmailEvents/read | Read data from the EmailEvents table | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/query/MCCEventLogs/read | Read data from the MCCEventLogs table | > | Microsoft.OperationalInsights/workspaces/query/MCVPAuditLogs/read | Read data from the MCVPAuditLogs table | > | Microsoft.OperationalInsights/workspaces/query/MCVPOperationLogs/read | Read data from the MCVPOperationLogs table |+> | Microsoft.OperationalInsights/workspaces/query/MDCDetectionDNSEvents/read | Read data from the MDCDetectionDNSEvents table | +> | Microsoft.OperationalInsights/workspaces/query/MDCDetectionFimEvents/read | Read data from the MDCDetectionFimEvents table | > | Microsoft.OperationalInsights/workspaces/query/MDCFileIntegrityMonitoringEvents/read | Read data from the MDCFileIntegrityMonitoringEvents table | > | Microsoft.OperationalInsights/workspaces/query/MDECustomCollectionDeviceFileEvents/read | Read data from the MDECustomCollectionDeviceFileEvents table | > | Microsoft.OperationalInsights/workspaces/query/MicrosoftAzureBastionAuditLogs/read | Read data from the MicrosoftAzureBastionAuditLogs table | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/query/NCBMSystemLogs/read | Read data from the NCBMSystemLogs table | > | Microsoft.OperationalInsights/workspaces/query/NCCKubernetesLogs/read | Read data from the NCCKubernetesLogs table | > | Microsoft.OperationalInsights/workspaces/query/NCCVMOrchestrationLogs/read | Read data from the NCCVMOrchestrationLogs table |+> | Microsoft.OperationalInsights/workspaces/query/NCMClusterOperationsLogs/read | Read data from the NCMClusterOperationsLogs table | > | Microsoft.OperationalInsights/workspaces/query/NCSStorageAlerts/read | Read data from the NCSStorageAlerts table |+> | Microsoft.OperationalInsights/workspaces/query/NCSStorageAudits/read | Read data from the NCSStorageAudits table | > | Microsoft.OperationalInsights/workspaces/query/NCSStorageLogs/read | Read data from the NCSStorageLogs table |+> | Microsoft.OperationalInsights/workspaces/query/NetworkAccessAlerts/read | Read data from the NetworkAccessAlerts table | > | Microsoft.OperationalInsights/workspaces/query/NetworkAccessTraffic/read | Read data from the NetworkAccessTraffic table | > | Microsoft.OperationalInsights/workspaces/query/NetworkMonitoring/read | Read data from the NetworkMonitoring table | > | Microsoft.OperationalInsights/workspaces/query/NetworkSessions/read | Read data from the NetworkSessions table | > | Microsoft.OperationalInsights/workspaces/query/NGXOperationLogs/read | Read data from the NGXOperationLogs table |+> | Microsoft.OperationalInsights/workspaces/query/NGXSecurityLogs/read | Read data from the NGXSecurityLogs table | > | Microsoft.OperationalInsights/workspaces/query/NSPAccessLogs/read | Read data from the NSPAccessLogs table | > | Microsoft.OperationalInsights/workspaces/query/NTAInsights/read | Read data from the NTAInsights table | > | Microsoft.OperationalInsights/workspaces/query/NTAIpDetails/read | Read data from the NTAIpDetails table | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/query/SynapseSqlPoolWaits/read | Read data from the SynapseSqlPoolWaits table | > | Microsoft.OperationalInsights/workspaces/query/Syslog/read | Read data from the Syslog table | > | Microsoft.OperationalInsights/workspaces/query/Tables.Custom/read | Reading data from any custom log |+> | Microsoft.OperationalInsights/workspaces/query/ThreatIntelIndicators/read | Read data from the ThreatIntelIndicators table | > | Microsoft.OperationalInsights/workspaces/query/ThreatIntelligenceIndicator/read | Read data from the ThreatIntelligenceIndicator table |+> | Microsoft.OperationalInsights/workspaces/query/ThreatIntelObjects/read | Read data from the ThreatIntelObjects table | > | Microsoft.OperationalInsights/workspaces/query/TSIIngress/read | Read data from the TSIIngress table | > | Microsoft.OperationalInsights/workspaces/query/UAApp/read | Read data from the UAApp table | > | Microsoft.OperationalInsights/workspaces/query/UAComputer/read | Read data from the UAComputer table | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/savedSearches/read | Gets a saved search query. | > | Microsoft.OperationalInsights/workspaces/savedSearches/write | Creates a saved search query | > | Microsoft.OperationalInsights/workspaces/savedSearches/delete | Deletes a saved search query |-> | Microsoft.OperationalInsights/workspaces/savedSearches/results/read | Get saved searches results. Deprecated. | -> | Microsoft.OperationalInsights/workspaces/schedules/read | Get scheduled saved search. | -> | Microsoft.OperationalInsights/workspaces/schedules/delete | Delete scheduled saved search. | -> | Microsoft.OperationalInsights/workspaces/schedules/write | Create or update scheduled saved search. | -> | Microsoft.OperationalInsights/workspaces/schedules/actions/read | Get Management Configuration action. | +> | Microsoft.OperationalInsights/workspaces/savedSearches/schedules/read | Get scheduled saved search. | +> | Microsoft.OperationalInsights/workspaces/savedSearches/schedules/delete | Delete scheduled saved search. | +> | Microsoft.OperationalInsights/workspaces/savedSearches/schedules/write | Create or update scheduled saved search. | +> | Microsoft.OperationalInsights/workspaces/savedSearches/schedules/actions/read | Get Management Configuration action. | +> | Microsoft.OperationalInsights/workspaces/savedSearches/schedules/actions/write | Delete Management Configuration action. | +> | Microsoft.OperationalInsights/workspaces/savedSearches/schedules/actions/delete | Create or update scheduled search action. | > | Microsoft.OperationalInsights/workspaces/schema/read | Gets the search schema for the workspace. Search schema includes the exposed fields and their types. | > | Microsoft.OperationalInsights/workspaces/scopedprivatelinkproxies/read | Get Scoped Private Link Proxy | > | Microsoft.OperationalInsights/workspaces/scopedprivatelinkproxies/write | Put Scoped Private Link Proxy | Azure service: [Azure Monitor](/azure/azure-monitor/) > | Microsoft.OperationalInsights/workspaces/tables/read | Get a log analytics table. | > | Microsoft.OperationalInsights/workspaces/tables/delete | Delete a log analytics table. | > | Microsoft.OperationalInsights/workspaces/tables/migrate/action | Migrating a log analytics V1 table to V2 variation. |+> | Microsoft.OperationalInsights/workspaces/tables/deleteData/action | Delete Data from log analytics workspace. | > | Microsoft.OperationalInsights/workspaces/tables/query/read | Run queries over the data of a specific table in the workspace | > | Microsoft.OperationalInsights/workspaces/upgradetranslationfailures/read | Get Search Upgrade Translation Failure log for the workspace | > | Microsoft.OperationalInsights/workspaces/usages/read | Gets usage data for a workspace including the amount of data read by the workspace. | |
| role-based-access-control | Networking | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/networking.md | Azure service: [Content Delivery Network](/azure/cdn/) > | Microsoft.Cdn/ValidateProbe/action | | > | Microsoft.Cdn/CheckResourceUsage/action | | > | Microsoft.Cdn/ValidateSecret/action | |+> | Microsoft.Cdn/CanMigrate/action | | +> | Microsoft.Cdn/Migrate/action | | > | Microsoft.Cdn/cdnwebapplicationfirewallmanagedrulesets/read | | > | Microsoft.Cdn/cdnwebapplicationfirewallmanagedrulesets/write | | > | Microsoft.Cdn/cdnwebapplicationfirewallmanagedrulesets/delete | | Azure service: [Content Delivery Network](/azure/cdn/) > | Microsoft.Cdn/operationresults/profileresults/CheckHostNameAvailability/action | | > | Microsoft.Cdn/operationresults/profileresults/Usages/action | | > | Microsoft.Cdn/operationresults/profileresults/Upgrade/action | |+> | Microsoft.Cdn/operationresults/profileresults/CdnCanMigrateToAfd/action | | +> | Microsoft.Cdn/operationresults/profileresults/CdnMigrateToAfd/action | | +> | Microsoft.Cdn/operationresults/profileresults/MigrationCommit/action | | +> | Microsoft.Cdn/operationresults/profileresults/MigrationAbort/action | | > | Microsoft.Cdn/operationresults/profileresults/afdendpointresults/read | | > | Microsoft.Cdn/operationresults/profileresults/afdendpointresults/write | | > | Microsoft.Cdn/operationresults/profileresults/afdendpointresults/delete | | Azure service: [Content Delivery Network](/azure/cdn/) > | Microsoft.Cdn/profiles/CheckHostNameAvailability/action | | > | Microsoft.Cdn/profiles/Usages/action | | > | Microsoft.Cdn/profiles/Upgrade/action | |+> | Microsoft.Cdn/profiles/CdnCanMigrateToAfd/action | | +> | Microsoft.Cdn/profiles/CdnMigrateToAfd/action | | +> | Microsoft.Cdn/profiles/MigrationCommit/action | | +> | Microsoft.Cdn/profiles/MigrationAbort/action | | > | Microsoft.Cdn/profiles/queryloganalyticsmetrics/action | | > | Microsoft.Cdn/profiles/queryloganalyticsrankings/action | | > | Microsoft.Cdn/profiles/querywafloganalyticsmetrics/action | | Azure service: [Azure Private 5G Core](/azure/private-5g-core/) > | | | > | Microsoft.MobileNetwork/register/action | Register the subscription for Microsoft.MobileNetwork | > | Microsoft.MobileNetwork/unregister/action | Unregister the subscription for Microsoft.MobileNetwork |-> | Microsoft.MobileNetwork/amfDeployments/read | List all Access and Mobility Function Deployments by Subscription ID. | -> | Microsoft.MobileNetwork/amfDeployments/read | List all Access and Mobility Function Deployments by Resource Group. | -> | Microsoft.MobileNetwork/amfDeployments/read | Get a AmfDeploymentResource | -> | Microsoft.MobileNetwork/amfDeployments/write | Create a AmfDeploymentResource | -> | Microsoft.MobileNetwork/amfDeployments/delete | Delete a AmfDeploymentResource | -> | Microsoft.MobileNetwork/amfDeployments/write | Update a AmfDeploymentResource | -> | Microsoft.MobileNetwork/clusterServices/read | List all Cluster Services by Subscription ID. | -> | Microsoft.MobileNetwork/clusterServices/read | List all Cluster Services by Resource Group. | -> | Microsoft.MobileNetwork/clusterServices/read | Get a ClusterServiceResource | -> | Microsoft.MobileNetwork/clusterServices/write | Create a ClusterServiceResource | -> | Microsoft.MobileNetwork/clusterServices/delete | Delete a ClusterServiceResource | -> | Microsoft.MobileNetwork/clusterServices/write | Update a ClusterServiceResource | > | Microsoft.MobileNetwork/Locations/OperationStatuses/read | read OperationStatuses | > | Microsoft.MobileNetwork/Locations/OperationStatuses/write | write OperationStatuses | > | Microsoft.MobileNetwork/mobileNetworks/read | Gets information about the specified mobile network. | Azure service: [Azure Private 5G Core](/azure/private-5g-core/) > | Microsoft.MobileNetwork/mobileNetworks/write | Updates mobile network tags and managed identity. | > | Microsoft.MobileNetwork/mobileNetworks/read | Lists all the mobile networks in a subscription. | > | Microsoft.MobileNetwork/mobileNetworks/read | Lists all the mobile networks in a resource group. |+> | Microsoft.MobileNetwork/mobileNetworks/listSimGroups/action | Gets all the SIM groups assigned to a mobile network. | > | Microsoft.MobileNetwork/mobileNetworks/dataNetworks/read | Gets information about the specified data network. | > | Microsoft.MobileNetwork/mobileNetworks/dataNetworks/write | Creates or updates a data network. Must be created in the same location as its parent mobile network. | > | Microsoft.MobileNetwork/mobileNetworks/dataNetworks/delete | Deletes the specified data network. | Azure service: [Azure Private 5G Core](/azure/private-5g-core/) > | Microsoft.MobileNetwork/mobileNetworks/wifiSsids/delete | Deletes the specified Wi-Fi SSID. | > | Microsoft.MobileNetwork/mobileNetworks/wifiSsids/write | Updates Wi-Fi SSID. | > | Microsoft.MobileNetwork/mobileNetworks/wifiSsids/read | Lists all Wi-Fi SSIDs in the mobile network. |-> | Microsoft.MobileNetwork/nrfDeployments/read | List all Network Repository Function Deployments by Subscription ID. | -> | Microsoft.MobileNetwork/nrfDeployments/read | List all Network Repository Function Deployments by Resource Group. | -> | Microsoft.MobileNetwork/nrfDeployments/read | Get a NrfDeploymentResource | -> | Microsoft.MobileNetwork/nrfDeployments/write | Create a NrfDeploymentResource | -> | Microsoft.MobileNetwork/nrfDeployments/delete | Delete a NrfDeploymentResource | -> | Microsoft.MobileNetwork/nrfDeployments/write | Update a NrfDeploymentResource | -> | Microsoft.MobileNetwork/nssfDeployments/read | List all Network Slice Selection Function Deployments by Subscription ID. | -> | Microsoft.MobileNetwork/nssfDeployments/read | List all Network Slice Selection Function Deployments by Resource Group. | -> | Microsoft.MobileNetwork/nssfDeployments/read | Get a NssfDeploymentResource | -> | Microsoft.MobileNetwork/nssfDeployments/write | Create a NssfDeploymentResource | -> | Microsoft.MobileNetwork/nssfDeployments/delete | Delete a NssfDeploymentResource | -> | Microsoft.MobileNetwork/nssfDeployments/write | Update a NssfDeploymentResource | -> | Microsoft.MobileNetwork/observabilityServices/read | List all Observability Services by Subscription ID. | -> | Microsoft.MobileNetwork/observabilityServices/read | List all Observability Services by Resource Group. | -> | Microsoft.MobileNetwork/observabilityServices/read | Get a ObservabilityServiceResource | -> | Microsoft.MobileNetwork/observabilityServices/write | Create a ObservabilityServiceResource | -> | Microsoft.MobileNetwork/observabilityServices/delete | Delete a ObservabilityServiceResource | -> | Microsoft.MobileNetwork/observabilityServices/write | Update a ObservabilityServiceResource | > | Microsoft.MobileNetwork/Operations/read | read Operations | > | Microsoft.MobileNetwork/packetCoreControlPlanes/rollback/action | Roll back the specified packet core control plane to the previous version, "rollbackVersion". Multiple consecutive rollbacks are not possible. This action may cause a service outage. | > | Microsoft.MobileNetwork/packetCoreControlPlanes/reinstall/action | Reinstall the specified packet core control plane. This action will remove any transaction state from the packet core to return it to a known state. This action will cause a service outage. | Azure service: [Azure Private 5G Core](/azure/private-5g-core/) > | Microsoft.MobileNetwork/simGroups/uploadSims/action | Bulk upload SIMs to a SIM group. | > | Microsoft.MobileNetwork/simGroups/deleteSims/action | Bulk delete SIMs from a SIM group. | > | Microsoft.MobileNetwork/simGroups/uploadEncryptedSims/action | Bulk upload SIMs in encrypted form to a SIM group. The SIM credentials must be encrypted. |+> | Microsoft.MobileNetwork/simGroups/moveSims/action | Move SIMs to another SIM Group | +> | Microsoft.MobileNetwork/simGroups/cloneSims/action | Clone SIMs to another SIM Group | > | Microsoft.MobileNetwork/simGroups/read | Gets information about the specified SIM group. | > | Microsoft.MobileNetwork/simGroups/write | Creates or updates a SIM group. | > | Microsoft.MobileNetwork/simGroups/delete | Deletes the specified SIM group. | Azure service: [Azure Private 5G Core](/azure/private-5g-core/) > | Microsoft.MobileNetwork/sims/write | Updates SIM tags. | > | Microsoft.MobileNetwork/sims/read | Gets all the SIMs in a subscription. | > | Microsoft.MobileNetwork/sims/read | Gets all the SIMs in a resource group. |-> | Microsoft.MobileNetwork/smfDeployments/read | List all Session Management Function Deployments by Subscription ID. | -> | Microsoft.MobileNetwork/smfDeployments/read | List all Session Management Function Deployments by Resource Group. | -> | Microsoft.MobileNetwork/smfDeployments/read | Get a SmfDeploymentResource | -> | Microsoft.MobileNetwork/smfDeployments/write | Create a SmfDeploymentResource | -> | Microsoft.MobileNetwork/smfDeployments/delete | Delete a SmfDeploymentResource | -> | Microsoft.MobileNetwork/smfDeployments/write | Update a SmfDeploymentResource | -> | Microsoft.MobileNetwork/upfDeployments/read | List all User Plane Function Deployments by Subscription ID. | -> | Microsoft.MobileNetwork/upfDeployments/read | List all User Plane Function Deployments by Resource ID. | -> | Microsoft.MobileNetwork/upfDeployments/read | Get a UpfDeploymentResource | -> | Microsoft.MobileNetwork/upfDeployments/write | Create a UpfDeploymentResource | -> | Microsoft.MobileNetwork/upfDeployments/delete | Delete a UpfDeploymentResource | -> | Microsoft.MobileNetwork/upfDeployments/write | Update a UpfDeploymentResource | ## Microsoft.Network Azure service: [Application Gateway](/azure/application-gateway/), [Azure Bastio > | Microsoft.Network/applicationGateways/backendhealth/action | Gets an application gateway backend health | > | Microsoft.Network/applicationGateways/getBackendHealthOnDemand/action | Gets an application gateway backend health on demand for given http setting and backend pool | > | Microsoft.Network/applicationGateways/getListenerCertificateMetadata/action | Gets an application gateway listener certificate metadata |+> | Microsoft.Network/applicationGateways/prepareMigration/action | Prepare application gateway migration | +> | Microsoft.Network/applicationGateways/executeMigration/action | Execute application gateway migration | +> | Microsoft.Network/applicationGateways/commitMigration/action | Commit application gateway migration | > | Microsoft.Network/applicationGateways/resolvePrivateLinkServiceId/action | Resolves privateLinkServiceId for application gateway private link resource | > | Microsoft.Network/applicationGateways/start/action | Starts an application gateway | > | Microsoft.Network/applicationGateways/stop/action | Stops an application gateway | Azure service: [Application Gateway](/azure/application-gateway/), [Azure Bastio > | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/read | Gets an Application Gateway WAF policy | > | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/write | Creates an Application Gateway WAF policy or updates an Application Gateway WAF policy | > | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/delete | Deletes an Application Gateway WAF policy |+> | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/join/action | Join Application Gateway Web Application Firewall Policy. Not alertable | > | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/attachWafPolicyToAgc/action | Attaches Web application firewall policy to application gateway for containers | > | Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/detachWafPolicyFromAgc/action | Detaches Web application firewall policy from application gateway for containers | > | Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/action | Joins an IP Configuration to Application Security Groups. Not alertable. | Azure service: [Application Gateway](/azure/application-gateway/), [Azure Bastio > | Microsoft.Network/locations/privateLinkServices/privateEndpointConnectionProxies/read | Gets an private endpoint connection proxy resource. | > | Microsoft.Network/locations/privateLinkServices/privateEndpointConnectionProxies/write | Creates a new private endpoint connection proxy, or updates an existing private endpoint connection proxy. | > | Microsoft.Network/locations/privateLinkServices/privateEndpointConnectionProxies/delete | Deletes an private endpoint connection proxy resource. |+> | Microsoft.Network/locations/publicIPAddresses/cleanupDdppReference/action | Cleanup DDPP reference on linked PublicIP upon DDPP subscription delete | > | Microsoft.Network/locations/serviceTagDetails/read | GetServiceTagDetails | > | Microsoft.Network/locations/serviceTags/read | Get Service Tags | > | Microsoft.Network/locations/setAzureNetworkManagerConfiguration/read | Permission for calling Set Azure Network Manager Configuration operation. This read permission, not setAzureNetworkManagerConfiguration/action, is required to call Set Azure Network Manager Configuration. | > | Microsoft.Network/locations/supportedVirtualMachineSizes/read | Gets supported virtual machines sizes | > | Microsoft.Network/locations/usages/read | Gets the resources usage metrics | > | Microsoft.Network/locations/virtualNetworkAvailableEndpointServices/read | Gets a list of available Virtual Network Endpoint Services |+> | Microsoft.Network/locations/virtualNetworks/cleanupDdppReference/action | Cleanup DDPP reference on linked VNET upon DDPP subscription delete | > | Microsoft.Network/masterCustomIpPrefixes/read | Gets a Master Custom Ip Prefix Definition | > | Microsoft.Network/masterCustomIpPrefixes/write | Creates A Master Custom Ip Prefix Or Updates An Existing Master Custom Ip Prefix | > | Microsoft.Network/masterCustomIpPrefixes/delete | Deletes A Master Custom Ip Prefix | Azure service: [Application Gateway](/azure/application-gateway/), [Azure Bastio > | Microsoft.Network/networkManagers/connectivityConfigurations/read | Get Connectivity Configuration | > | Microsoft.Network/networkManagers/connectivityConfigurations/write | Create Or Update Connectivity Configuration | > | Microsoft.Network/networkManagers/connectivityConfigurations/delete | Delete Connectivity Configuration |+> | Microsoft.Network/networkManagers/connectivityConfigurations/snapshots/read | Permission to get snapshots of a deployed connectivity configuration resource. | +> | Microsoft.Network/networkManagers/connectivityRegionalGoalStates/read | Permission to get the connectivity goal state in a given region for a network manager. | > | Microsoft.Network/networkManagers/ipamPools/read | Gets a Ipam Pool | > | Microsoft.Network/networkManagers/ipamPools/write | Creates or Updates a Ipam Pool | > | Microsoft.Network/networkManagers/ipamPools/delete | Deletes a Ipam Pool | Azure service: [Application Gateway](/azure/application-gateway/), [Azure Bastio > | Microsoft.Network/networkManagers/networkGroups/write | Create Or Update Network Group | > | Microsoft.Network/networkManagers/networkGroups/delete | Delete Network Group | > | Microsoft.Network/networkManagers/networkGroups/join/action | Join Network Group |+> | Microsoft.network/networkManagers/networkGroups/aggregatedIpAddressSpaces/read | Permission needed to get the aggregated Ip address space for the members of a network group | +> | Microsoft.Network/networkManagers/networkGroups/members/read | Get Network Group Member | > | Microsoft.Network/networkManagers/networkGroups/staticMembers/read | Get Network Group Static Member | > | Microsoft.Network/networkManagers/networkGroups/staticMembers/write | Create Or Update Network Group Static Member | > | Microsoft.Network/networkManagers/networkGroups/staticMembers/delete | Delete Network Group Static Member |+> | Microsoft.Network/networkManagers/routingConfigurations/read | Get Routing Configuration | +> | Microsoft.Network/networkManagers/routingConfigurations/write | Create Or Update Routing Configuration | +> | Microsoft.Network/networkManagers/routingConfigurations/delete | Delete Routing Configuration | +> | Microsoft.Network/networkManagers/routingConfigurations/ruleCollections/read | Get Routing Rule Collection | +> | Microsoft.Network/networkManagers/routingConfigurations/ruleCollections/write | Create Or Update Routing Rule Collection | +> | Microsoft.Network/networkManagers/routingConfigurations/ruleCollections/delete | Delete Routing Rule Collection | +> | Microsoft.Network/networkManagers/routingConfigurations/ruleCollections/rules/read | Get Routing Rule | +> | Microsoft.Network/networkManagers/routingConfigurations/ruleCollections/rules/write | Create Or Update Routing Rule | +> | Microsoft.Network/networkManagers/routingConfigurations/ruleCollections/rules/delete | Delete Routing Rule | +> | Microsoft.Network/networkManagers/routingConfigurations/ruleCollections/rules/snapshots/read | Permission to get snapshots of a deployed routing rule resource. | +> | Microsoft.Network/networkManagers/routingConfigurations/ruleCollections/snapshots/read | Permission to get snapshots of a deployed routing rule collection resource. | +> | Microsoft.Network/networkManagers/routingConfigurations/snapshots/read | Permission to get snapshots of a deployed routing configuration resource. | +> | Microsoft.Network/networkManagers/routingRegionalGoalStates/read | Permission to get the routing goal state in a given region for a network manager. | > | Microsoft.Network/networkManagers/scopeConnections/read | Get Network Manager Scope Connection | > | Microsoft.Network/networkManagers/scopeConnections/write | Create Or Update Network Manager Scope Connection | > | Microsoft.Network/networkManagers/scopeConnections/delete | Delete Network Manager Scope Connection | Azure service: [Application Gateway](/azure/application-gateway/), [Azure Bastio > | Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules/read | Get Security Admin Rule | > | Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules/write | Create Or Update Security Admin Rule | > | Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules/delete | Delete Security Admin Rule |+> | Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules/snapshots/read | Permission to get snapshots of a deployed security admin rule resource. | +> | Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/snapshots/read | Permission to get snapshots of a deployed security admin rule collection resource. | +> | Microsoft.Network/networkManagers/securityAdminConfigurations/snapshots/read | Permission to get snapshots of a deployed security admin configuration resource. | +> | Microsoft.Network/networkManagers/securityAdminRegionalGoalStates/read | Permission to get the security admin goal state in a given region for a network manager. | > | Microsoft.Network/networkManagers/securityUserConfigurations/read | Get Security User Configuration | > | Microsoft.Network/networkManagers/securityUserConfigurations/write | Create Or Update Security User Configuration | > | Microsoft.Network/networkManagers/securityUserConfigurations/delete | Delete Security User Configuration | Azure service: [Application Gateway](/azure/application-gateway/), [Azure Bastio > | Microsoft.Network/networkManagers/securityUserConfigurations/ruleCollections/rules/read | Get Security User Rule | > | Microsoft.Network/networkManagers/securityUserConfigurations/ruleCollections/rules/write | Create Or Update Security User Rule | > | Microsoft.Network/networkManagers/securityUserConfigurations/ruleCollections/rules/delete | Delete Security User Rule |+> | Microsoft.Network/networkManagers/securityUserConfigurations/ruleCollections/rules/snapshots/read | Permission to get snapshots of a deployed security user rule resource. | +> | Microsoft.Network/networkManagers/securityUserConfigurations/ruleCollections/snapshots/read | Permission to get snapshots of a deployed security user rule collection resource. | +> | Microsoft.Network/networkManagers/securityUserConfigurations/snapshots/read | Permission to get snapshots of a deployed security user configuration resource. | +> | Microsoft.Network/networkManagers/securityUserRegionalGoalStates/read | Permission to get the security user goal state in a given region for a network manager. | +> | Microsoft.Network/networkManagers/verifierWorkspaces/read | Gets a Verifier Workspace | +> | Microsoft.Network/networkManagers/verifierWorkspaces/write | Creates or Updates a Verifier Workspace | +> | Microsoft.Network/networkManagers/verifierWorkspaces/delete | Deletes a Verifier Workspace | +> | Microsoft.Network/networkManagers/verifierWorkspaces/reachabilityAnalysisIntents/read | Gets a Reachability Analysis Intent | +> | Microsoft.Network/networkManagers/verifierWorkspaces/reachabilityAnalysisIntents/write | Creates or Updates a Reachability Analysis Intent | +> | Microsoft.Network/networkManagers/verifierWorkspaces/reachabilityAnalysisIntents/delete | Deletes a Reachability Analysis Intent | +> | Microsoft.Network/networkManagers/verifierWorkspaces/reachabilityAnalysisRuns/read | Gets a Reachability Analysis Run | +> | Microsoft.Network/networkManagers/verifierWorkspaces/reachabilityAnalysisRuns/write | Creates or Updates a Reachability Analysis Run | +> | Microsoft.Network/networkManagers/verifierWorkspaces/reachabilityAnalysisRuns/delete | Deletes a Reachability Analysis Run | > | Microsoft.Network/networkProfiles/read | Gets a Network Profile | > | Microsoft.Network/networkProfiles/write | Creates or updates a Network Profile | > | Microsoft.Network/networkProfiles/delete | Deletes a Network Profile | Azure service: [Application Gateway](/azure/application-gateway/), [Azure Bastio > | Microsoft.Network/publicIPAddresses/write | Creates a public IP address or updates an existing public IP address. | > | Microsoft.Network/publicIPAddresses/delete | Deletes a public IP address. | > | Microsoft.Network/publicIPAddresses/join/action | Joins a public IP address. Not Alertable. |+> | Microsoft.Network/publicIPAddresses/joinServiceEndpointNetworkIdentifier/action | Joins a Public Ip Address Service Endpoint Network Identifier | > | Microsoft.Network/publicIPAddresses/ddosProtectionStatus/action | Gets the effective Ddos protection status for a Public IP Address resource. | > | Microsoft.Network/publicIPAddresses/dnsAliases/read | Gets a Public IP Address Dns Alias resource | > | Microsoft.Network/publicIPAddresses/dnsAliases/write | Creates a Public IP Address Dns Alias resource | Azure service: [Application Gateway](/azure/application-gateway/), [Azure Bastio > | Microsoft.Network/virtualNetworks/subnets/contextualServiceEndpointPolicies/read | Gets Contextual Service Endpoint Policies | > | Microsoft.Network/virtualNetworks/subnets/contextualServiceEndpointPolicies/write | Creates a Contextual Service Endpoint Policy or updates an existing Contextual Service Endpoint Policy | > | Microsoft.Network/virtualNetworks/subnets/contextualServiceEndpointPolicies/delete | Deletes A Contextual Service Endpoint Policy |+> | Microsoft.Network/virtualNetworks/subnets/effectiveRoutingRules/read | Permission to get the routing rule(s) taking effect on a subnet. | +> | Microsoft.Network/virtualNetworks/subnets/effectiveSecurityUserRules/read | Permission to get the security user rule(s) taking effect on a subnet. | > | Microsoft.Network/virtualNetworks/subnets/resourceNavigationLinks/read | Get the Resource Navigation Link definition | > | Microsoft.Network/virtualNetworks/subnets/resourceNavigationLinks/write | Creates a Resource Navigation Link or updates an existing Resource Navigation Link | > | Microsoft.Network/virtualNetworks/subnets/resourceNavigationLinks/delete | Deletes a Resource Navigation Link | |
| role-based-access-control | Security | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/security.md | Azure service: [App Compliance Automation Tool for Microsoft 365](/microsoft-365 > | Action | Description | > | | | > | Microsoft.AppComplianceAutomation/onboard/action | Onboard given subscriptions to Microsoft.AppComplianceAutomation provider. |-> | Microsoft.AppComplianceAutomation/triggerEvaluation/action | Trigger evaluation for given resourceIds to get quick compliance result. | +> | Microsoft.AppComplianceAutomation/triggerEvaluation/action | Trigger quick evaluation for the given subscriptions. | > | Microsoft.AppComplianceAutomation/listInUseStorageAccounts/action | List the storage accounts which are in use by related reports | > | Microsoft.AppComplianceAutomation/checkNameAvailability/action | action checkNameAvailability |-> | Microsoft.AppComplianceAutomation/getCollectionCount/action | Get the resource count. | +> | Microsoft.AppComplianceAutomation/getCollectionCount/action | Get the count of reports. | > | Microsoft.AppComplianceAutomation/getOverviewStatus/action | Get the resource overview status. | > | Microsoft.AppComplianceAutomation/register/action | Register the subscription for Microsoft.AppComplianceAutomation | > | Microsoft.AppComplianceAutomation/unregister/action | Unregister the subscription for Microsoft.AppComplianceAutomation | Azure service: [App Compliance Automation Tool for Microsoft 365](/microsoft-365 > | Microsoft.AppComplianceAutomation/reports/write | Create a new AppComplianceAutomation report or update an exiting AppComplianceAutomation report. | > | Microsoft.AppComplianceAutomation/reports/delete | Delete an AppComplianceAutomation report. | > | Microsoft.AppComplianceAutomation/reports/write | Update an exiting AppComplianceAutomation report. |-> | Microsoft.AppComplianceAutomation/reports/syncCertRecord/action | Synchronize attestation record from app compliance. | > | Microsoft.AppComplianceAutomation/reports/checkNameAvailability/action | Checks the report's nested resource name availability, e.g: Webhooks, Evidences, Snapshots. | > | Microsoft.AppComplianceAutomation/reports/fix/action | Fix the AppComplianceAutomation report error. e.g: App Compliance Automation Tool service unregistered, automation removed. |+> | Microsoft.AppComplianceAutomation/reports/getScopingQuestions/action | Fix the AppComplianceAutomation report error. e.g: App Compliance Automation Tool service unregistered, automation removed. | +> | Microsoft.AppComplianceAutomation/reports/syncCertRecord/action | Synchronize attestation record from app compliance. | > | Microsoft.AppComplianceAutomation/reports/verify/action | Verify the AppComplianceAutomation report health status. | > | Microsoft.AppComplianceAutomation/reports/evidences/read | Returns a paginated list of evidences for a specified report. | > | Microsoft.AppComplianceAutomation/reports/evidences/read | Get the evidence metadata | Azure service: [Security Center](/azure/security-center/) > | Microsoft.Security/deviceSecurityGroups/write | Creates or updates IoT device security groups | > | Microsoft.Security/deviceSecurityGroups/delete | Deletes IoT device security groups | > | Microsoft.Security/deviceSecurityGroups/read | Gets IoT device security groups |+> | Microsoft.Security/externalSecuritySolutions/read | Gets the external security solutions | > | Microsoft.Security/governanceRules/read | Get governance rules for managing security posture | > | Microsoft.Security/governanceRules/write | Create or update governance rules for managing security posture | > | Microsoft.Security/informationProtectionPolicies/read | Gets the information protection policies for the resource | Azure service: [Security Center](/azure/security-center/) > | Microsoft.Security/iotSite/read | Gets IoT site | > | Microsoft.Security/iotSite/write | Creates or updates IoT site | > | Microsoft.Security/iotSite/delete | Deletes IoT site |+> | Microsoft.Security/jitNetworkAccessPolicies/read | Gets the just-in-time network access policies | > | Microsoft.Security/locations/read | Gets the security data location | > | Microsoft.Security/locations/alerts/read | Gets all available security alerts | > | Microsoft.Security/locations/alerts/dismiss/action | Dismiss a security alert | > | Microsoft.Security/locations/alerts/activate/action | Activate a security alert | > | Microsoft.Security/locations/alerts/resolve/action | Resolve a security alert | > | Microsoft.Security/locations/alerts/simulate/action | Simulate a security alert |+> | Microsoft.Security/locations/externalSecuritySolutions/read | Gets the external security solutions | > | Microsoft.Security/locations/jitNetworkAccessPolicies/read | Gets the just-in-time network access policies | > | Microsoft.Security/locations/jitNetworkAccessPolicies/write | Creates a new just-in-time network access policy or updates an existing one | > | Microsoft.Security/locations/jitNetworkAccessPolicies/delete | Deletes the just-in-time network access policy | > | Microsoft.Security/locations/jitNetworkAccessPolicies/initiate/action | Initiates a just-in-time network access policy request |+> | Microsoft.Security/locations/securitySolutions/read | Gets the security solutions | +> | Microsoft.Security/locations/securitySolutions/write | Creates a new security solution or updates an existing one | +> | Microsoft.Security/locations/securitySolutions/delete | Deletes a security solution | > | Microsoft.Security/locations/tasks/read | Gets all available security recommendations | > | Microsoft.Security/locations/tasks/start/action | Start a security recommendation | > | Microsoft.Security/locations/tasks/resolve/action | Resolve a security recommendation | Azure service: [Microsoft Sentinel](/azure/sentinel/) > | Microsoft.SecurityInsights/Metadata/read | Read Metadata for Sentinel content. | > | Microsoft.SecurityInsights/Metadata/write | Write Metadata for Sentinel content. | > | Microsoft.SecurityInsights/Metadata/delete | Delete Metadata for Sentinel content. |-> | Microsoft.SecurityInsights/MitreCoverageRecords/read | Read Products Mitre Coverage | > | Microsoft.SecurityInsights/officeConsents/read | Gets consents from Microsoft Office | > | Microsoft.SecurityInsights/officeConsents/delete | Deletes consents from Microsoft Office | > | Microsoft.SecurityInsights/onboardingStates/read | Gets an onboarding state | |
| role-based-access-control | Storage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/storage.md | Azure service: [Azure NetApp Files](/azure/azure-netapp-files/) > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/splitCloneFromParent/action | Split clone from parent volume to make it a standalone volume | > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/reestablishReplication/action | Re-establish a previously deleted replication between 2 volumes that have a common ad-hoc or policy-based snapshots | > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/peerClusterForOnPremMigration/action | Peers ANF cluster to OnPrem cluster for migration |+> | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/peerExternalCluster/action | Peers ANF cluster to OnPrem cluster for migration | > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/createOnPremMigrationReplication/action | Starts a SVM peering and returns a command to be run on the external ontap to accept it. Once the SVMs have been peered a SnapMirror will be created. |+> | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/authorizeExternalReplication/action | Starts a SVM peering and returns a command to be run on the external ontap to accept it. Once the SVMs have been peered a SnapMirror will be created. | > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/performReplicationTransfer/action | Starts a data transfer on the volume replication. Updating the data on the destination side. | > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/finalizeOnPremMigration/action | Finalize OnPrem migration by doing a final sync on the replication, break and release the replication and break cluster peering if no other migration is active. |+> | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/finalizeExternalReplication/action | Finalize OnPrem migration by doing a final sync on the replication, break and release the replication and break cluster peering if no other migration is active. | +> | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/listQuotaReport/action | List user/group quota report for the volume. | > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/backups/read | Reads a backup resource. | > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/backups/write | Writes a backup resource. | > | Microsoft.NetApp/netAppAccounts/capacityPools/volumes/backups/delete | Deletes a backup resource. | Azure service: [Storage](/azure/storage/) > | Microsoft.Storage/storageAccounts/fileServices/shares/read | List file shares | > | Microsoft.Storage/storageAccounts/fileServices/shares/write | Create or update file share | > | Microsoft.Storage/storageAccounts/fileServices/shares/restore/action | Restore file share |+> | Microsoft.Storage/storageAccounts/fileServices/usages/read | | > | Microsoft.Storage/storageAccounts/hoboConfigurations/read | | > | Microsoft.Storage/storageAccounts/hoboConfigurations/write | | > | Microsoft.Storage/storageAccounts/inventoryPolicies/delete | | Azure service: [Storage](/azure/storage/) > | Microsoft.Storage/storageAccounts/blobServices/containers/blobs/immutableStorage/runAsSuperUser/action | | > | Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read | Returns the result of reading blob tags | > | Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write | Returns the result of writing blob tags |-> | Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action | Read File Backup Sematics Privilege | -> | Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action | Write File Backup Sematics Privilege | +> | Microsoft.Storage/storageAccounts/fileServices/readFileBackupSemantics/action | Read File Backup Semantics Privilege | +> | Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action | Write File Backup Semantics Privilege | > | Microsoft.Storage/storageAccounts/fileServices/takeOwnership/action | File Take Ownership Privilege | > | Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read | Returns a file/folder or a list of files/folders | > | Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write | Returns the result of writing a file or creating a folder | Azure service: [Storage](/azure/storage/) File caching and Lustre file system capabilities for high-performance computing (HPC). -Azure +Azure service: [Azure HPC Cache](/azure/hpc-cache/), [Azure Managed Lustre](/azure/azure-managed-lustre/) > [!div class="mx-tableFixed"] > | Action | Description | > | | |-> | Microsoft.StorageCache/register/action | Registers the subscription for the storage cache resource provider and enables creation of Azure HPC Cache and Azure Managed Lustre resources | +> | Microsoft.StorageCache/register/action | Registers the subscription for the storage cache resource provider and enables creation of Azure HPC Cache resources | > | Microsoft.StorageCache/preflight/action | | > | Microsoft.StorageCache/checkAmlFSSubnets/action | Validates the subnets for Amlfilesystem | > | Microsoft.StorageCache/getRequiredAmlFSSubnetsSize/action | Calculate the number of ips needed |-> | Microsoft.StorageCache/unregister/action | Azure HPC Cache and Azure Managed Lustre resource provider | +> | Microsoft.StorageCache/unregister/action | Azure HPC Cache resource provider | > | Microsoft.StorageCache/amlFilesystems/read | Gets the properties of an amlfilesystem | > | Microsoft.StorageCache/amlFilesystems/write | Creates a new amlfilesystem, or updates an existing one | > | Microsoft.StorageCache/amlFilesystems/delete | Deletes the amlfilesystem instance | Azure service: [Storage](/azure/storage/) > | | | > | Microsoft.StorageSync/register/action | Registers the subscription for the Storage Sync Provider | > | Microsoft.StorageSync/unregister/action | Unregisters the subscription for the Storage Sync Provider |+> | Microsoft.StorageSync/deployments/preflight/action | Validate all resources before we deploy the resoruces successfully. | > | Microsoft.StorageSync/locations/checkNameAvailability/action | Checks that storage sync service name is valid and is not in use. | > | Microsoft.StorageSync/locations/operationresults/read | Gets the result for an asynchronous operation | > | Microsoft.StorageSync/locations/operations/read | Gets the status for an azure asynchronous operation | Azure service: [Storage](/azure/storage/) ## Next steps -- [Azure resource providers and types](/azure/azure-resource-manager/management/resource-providers-and-types)+- [Azure resource providers and types](/azure/azure-resource-manager/management/resource-providers-and-types) |
| role-based-access-control | Web And Mobile | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/permissions/web-and-mobile.md | Azure service: [Azure SignalR Service](/azure/azure-signalr/) > | Microsoft.SignalRService/SignalR/replicas/read | View the SignalR replica's settings and configurations in the management portal or through API | > | Microsoft.SignalRService/SignalR/replicas/write | Modify the SignalR replica's settings and configurations in the management portal or through API | > | Microsoft.SignalRService/SignalR/replicas/delete | Delete the SignalR replica resource |+> | Microsoft.SignalRService/SignalR/replicas/restart/action | | > | Microsoft.SignalRService/SignalR/replicas/operationResults/read | | > | Microsoft.SignalRService/SignalR/replicas/operationStatuses/read | | > | Microsoft.SignalRService/SignalR/replicas/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource | Azure service: [Azure SignalR Service](/azure/azure-signalr/) > | Microsoft.SignalRService/WebPubSub/replicas/read | View the WebPubSub replica's settings and configurations in the management portal or through API | > | Microsoft.SignalRService/WebPubSub/replicas/write | Modify the WebPubSub replica's settings and configurations in the management portal or through API | > | Microsoft.SignalRService/WebPubSub/replicas/delete | Delete the WebPubSub replica resource |+> | Microsoft.SignalRService/WebPubSub/replicas/restart/action | | > | Microsoft.SignalRService/WebPubSub/replicas/operationResults/read | | > | Microsoft.SignalRService/WebPubSub/replicas/operationStatuses/read | | > | Microsoft.SignalRService/WebPubSub/replicas/providers/Microsoft.Insights/diagnosticSettings/read | Gets the diagnostic setting for the resource | Azure service: [Azure SignalR Service](/azure/azure-signalr/) > | Microsoft.SignalRService/SignalR/auth/clientToken/action | Generate an AccessToken for client to connect to ASRS, the token will expire in 5 minutes by default | > | Microsoft.SignalRService/SignalR/auth/accessKey/action | Generate an AccessKey for signing AccessTokens, the key will expire in 90 minutes by default | > | Microsoft.SignalRService/SignalR/auth/accessToken/action | Generate an AccessToken for client to connect to ASRS, the token will expire in 5 minutes by default |+> | Microsoft.SignalRService/SignalR/clientConnection/generateToken/action | Generate a JWT Token for client to connect to the service | > | Microsoft.SignalRService/SignalR/clientConnection/send/action | Send messages directly to a client connection | > | Microsoft.SignalRService/SignalR/clientConnection/read | Check client connection existence | > | Microsoft.SignalRService/SignalR/clientConnection/write | Close client connection | Azure service: [Azure SignalR Service](/azure/azure-signalr/) > | Microsoft.SignalRService/SignalR/group/read | Check group existence or user existence in group | > | Microsoft.SignalRService/SignalR/group/write | Join / Leave group | > | Microsoft.SignalRService/SignalR/hub/send/action | Broadcast messages to all client connections in the hub |+> | Microsoft.SignalRService/SignalR/hub/execute/action | Run multiple actions in the hub | > | Microsoft.SignalRService/SignalR/hub/write | Close all client connections in the hub | > | Microsoft.SignalRService/SignalR/livetrace/read | Read live trace tool results | > | Microsoft.SignalRService/SignalR/livetrace/write | Create live trace connections | Azure service: [App Service](/azure/app-service/), [Azure Functions](/azure/azur > | microsoft.web/locations/deleteVirtualNetworkOrSubnets/action | Vnet or subnet deletion notification for Locations. | > | microsoft.web/locations/validateDeleteVirtualNetworkOrSubnets/action | Validates deleting Vnet or subnet for Locations | > | Microsoft.Web/locations/previewstaticsiteworkflowfile/action | Preview Static Site Workflow File |+> | Microsoft.Web/locations/notifyNetworkSecurityPerimeterUpdatesAvailable/action | Notify Network Security Perimeter Updates. | > | microsoft.web/locations/apioperations/read | Get Locations API Operations. | > | microsoft.web/locations/connectiongatewayinstallations/read | Get Locations Connection Gateway Installations. | > | Microsoft.Web/locations/deletedSites/Read | Get the properties of a Deleted Web App at location | Azure service: [App Service](/azure/app-service/), [Azure Functions](/azure/azur > | microsoft.web/sites/restorefrombackupblob/action | Restore Web App From Backup Blob. | > | microsoft.web/sites/listbackups/action | List Web App backups. | > | microsoft.web/sites/slotcopy/action | Copy content from deployment slot. |+> | Microsoft.Web/Sites/networkSecurityPerimeterConfigurations/action | Reconcile Web App Network Security Perimeter Configurations. | +> | Microsoft.Web/Sites/joinPerimeter/action | Determines if a user is allowed to associate an Azure Web App with a Network Security Perimeter. | > | microsoft.web/sites/analyzecustomhostname/read | Analyze Custom Hostname. | > | microsoft.web/sites/backup/read | Get Web Apps Backup. | > | microsoft.web/sites/backup/write | Update Web Apps Backup. | Azure service: [App Service](/azure/app-service/), [Azure Functions](/azure/azur > | microsoft.web/sites/backups/write | Update Web Apps Backups. | > | Microsoft.Web/sites/basicPublishingCredentialsPolicies/Read | List which publishing methods are allowed for a Web App | > | Microsoft.Web/sites/basicPublishingCredentialsPolicies/Write | List which publishing methods are allowed for a Web App |-> | Microsoft.Web/sites/basicPublishingCredentialsPolicies/ftp/Read | Get whether FTP publishing credentials are allowed for a Web App | -> | Microsoft.Web/sites/basicPublishingCredentialsPolicies/ftp/Write | Update whether FTP publishing credentials are allowed for a Web App | -> | Microsoft.Web/sites/basicPublishingCredentialsPolicies/scm/Read | Get whether SCM publishing credentials are allowed for a Web App | -> | Microsoft.Web/sites/basicPublishingCredentialsPolicies/scm/Write | Update whether SCM publishing credentials are allowed for a Web App | > | Microsoft.Web/sites/config/Read | Get Web App configuration settings | > | Microsoft.Web/sites/config/list/Action | List Web App's security sensitive settings, such as publishing credentials, app settings and connection strings | > | Microsoft.Web/sites/config/Write | Update Web App's configuration settings | Azure service: [App Service](/azure/app-service/), [Azure Functions](/azure/azur > | microsoft.web/sites/instances/extensions/processes/read | Get Web Apps Instances Extensions Processes. | > | microsoft.web/sites/instances/processes/delete | Delete Web Apps Instances Processes. | > | microsoft.web/sites/instances/processes/read | Get Web Apps Instances Processes. |+> | microsoft.web/sites/instances/processes/stop/action | Stop Web Apps Instances Processes. | > | microsoft.web/sites/instances/processes/modules/read | Get Web Apps Instances Processes Modules. | > | microsoft.web/sites/instances/processes/threads/read | Get Web Apps Instances Processes Threads. | > | microsoft.web/sites/metricdefinitions/read | Get Web Apps Metric Definitions. | Azure service: [App Service](/azure/app-service/), [Azure Functions](/azure/azur > | microsoft.web/sites/networkConfig/write | Update App Service Network Configuration. | > | microsoft.web/sites/networkConfig/delete | Delete App Service Network Configuration. | > | microsoft.web/sites/networkfeatures/read | Get Web App Features. |+> | Microsoft.Web/Sites/networkSecurityPerimeterAssociationProxies/write | Create or Update Web App Network Security Perimeter Association Proxies. | +> | Microsoft.Web/Sites/networkSecurityPerimeterAssociationProxies/read | Get Web App Network Security Perimeter Association Proxies. | +> | Microsoft.Web/Sites/networkSecurityPerimeterAssociationProxies/delete | Delete Web App Network Security Perimeter Association Proxies. | +> | Microsoft.Web/Sites/networkSecurityPerimeterConfigurations/read | Get Web App Network Security Perimeter Configurations. | > | microsoft.web/sites/networktraces/operationresults/read | Get Web Apps Network Trace Operation Results. | > | microsoft.web/sites/operationresults/read | Get Web Apps Operation Results. | > | microsoft.web/sites/operations/read | Get Web Apps Operations. | Azure service: [App Service](/azure/app-service/), [Azure Functions](/azure/azur > | microsoft.web/sites/slots/backups/delete | Delete Web Apps Slots Backups. | > | Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies/Read | List which publishing credentials are allowed for a Web App Slot | > | Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies/Write | List which publishing credentials are allowed for a Web App Slot |-> | Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies/ftp/Read | Get whether FTP publishing credentials are allowed for a Web App Slot | -> | Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies/ftp/Write | Update whether FTP publishing credentials are allowed for a Web App Slot | -> | Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies/scm/Read | Get whether SCM publishing credentials are allowed for a Web App Slot | -> | Microsoft.Web/sites/slots/basicPublishingCredentialsPolicies/scm/Write | Update whether SCM publishing credentials are allowed for a Web App Slot | > | Microsoft.Web/sites/slots/config/Read | Get Web App Slot's configuration settings | > | Microsoft.Web/sites/slots/config/list/Action | List Web App Slot's security sensitive settings, such as publishing credentials, app settings and connection strings | > | Microsoft.Web/sites/slots/config/Write | Update Web App Slot's configuration settings | Azure service: [App Service](/azure/app-service/), [Azure Functions](/azure/azur > | microsoft.web/sites/slots/instances/read | Get Web Apps Slots Instances. | > | microsoft.web/sites/slots/instances/deployments/read | Get Web Apps Slots Instances Deployments. | > | microsoft.web/sites/slots/instances/processes/read | Get Web Apps Slots Instances Processes. |+> | microsoft.web/sites/slots/instances/processes/stop/action | Stop Web Apps Slots Instances Processes. | > | microsoft.web/sites/slots/instances/processes/delete | Delete Web Apps Slots Instances Processes. | > | microsoft.web/sites/slots/metricdefinitions/read | Get Web Apps Slots Metric Definitions. | > | microsoft.web/sites/slots/metrics/read | Get Web Apps Slots Metrics. | Azure service: [App Service](/azure/app-service/), [Azure Functions](/azure/azur ## Next steps -- [Azure resource providers and types](/azure/azure-resource-manager/management/resource-providers-and-types)+- [Azure resource providers and types](/azure/azure-resource-manager/management/resource-providers-and-types) |
| role-based-access-control | Resource Provider Operations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/role-based-access-control/resource-provider-operations.md | Click the resource provider name in the following list to see the list of permis > | [Microsoft.ElasticSan](./permissions/storage.md#microsoftelasticsan) | | [Azure Elastic SAN](/azure/storage/elastic-san/) | > | [Microsoft.NetApp](./permissions/storage.md#microsoftnetapp) | Enterprise-grade Azure file shares, powered by NetApp. | [Azure NetApp Files](/azure/azure-netapp-files/) | > | [Microsoft.Storage](./permissions/storage.md#microsoftstorage) | Get secure, massively scalable cloud storage for your data, apps, and workloads. | [Storage](/azure/storage/) |-> | [Microsoft.StorageCache](./permissions/storage.md#microsoftstoragecache) | File caching for high-performance computing (HPC). | [Azure HPC Cache](/azure/hpc-cache/) | +> | [Microsoft.StorageCache](./permissions/storage.md#microsoftstoragecache) | File caching and Lustre file system capabilities for high-performance computing (HPC). | [Azure HPC Cache](/azure/hpc-cache/)<br/>[Azure Managed Lustre](/azure/azure-managed-lustre/) | > | [Microsoft.StorageSync](./permissions/storage.md#microsoftstoragesync) | | [Storage](/azure/storage/) | <a name='microsoftweb'></a> Click the resource provider name in the following list to see the list of permis > | | | | > | [Microsoft.AnalysisServices](./permissions/analytics.md#microsoftanalysisservices) | Enterprise-grade analytics engine as a service. | [Azure Analysis Services](/azure/analysis-services/index) | > | [Microsoft.Databricks](./permissions/analytics.md#microsoftdatabricks) | Fast, easy, and collaborative Apache Spark-based analytics platform. | [Azure Databricks](/azure/databricks/) |-> | [Microsoft.DataCatalog](./permissions/analytics.md#microsoftdatacatalog) | Get more value from your enterprise data assets. | [Data Catalog](/azure/data-catalog/) | > | [Microsoft.DataFactory](./permissions/analytics.md#microsoftdatafactory) | Hybrid data integration at enterprise scale, made easy. | [Data Factory](/azure/data-factory/) | > | [Microsoft.DataLakeAnalytics](./permissions/analytics.md#microsoftdatalakeanalytics) | Distributed analytics service that makes big data easy. | [Data Lake Analytics](/azure/data-lake-analytics/) | > | [Microsoft.DataLakeStore](./permissions/analytics.md#microsoftdatalakestore) | Highly scalable and cost-effective data lake solution for big data analytics. | [Azure Data Lake Storage Gen2](/azure/storage/blobs/data-lake-storage-introduction) | Click the resource provider name in the following list to see the list of permis > | | | | > | [Microsoft.BotService](./permissions/ai-machine-learning.md#microsoftbotservice) | Intelligent, serverless bot service that scales on demand. | [Azure Bot Service](/azure/bot-service/) | > | [Microsoft.CognitiveServices](./permissions/ai-machine-learning.md#microsoftcognitiveservices) | Add smart API capabilities to enable contextual interactions. | [Cognitive Services](/azure/cognitive-services/) |-> | [Microsoft.MachineLearning](./permissions/ai-machine-learning.md#microsoftmachinelearning) | Access and manage the predictive models that you created and deployed as web services. | [Machine Learning Studio (classic)](/azure/machine-learning/classic/) | > | [Microsoft.MachineLearningServices](./permissions/ai-machine-learning.md#microsoftmachinelearningservices) | Enterprise-grade machine learning service to build and deploy models faster. | [Machine Learning](/azure/machine-learning/) | > | [Microsoft.Search](./permissions/ai-machine-learning.md#microsoftsearch) | Leverage search services and get comprehensive results. | [Azure AI Search](/azure/search/) | Click the resource provider name in the following list to see the list of permis > | [Microsoft.IoTCentral](./permissions/internet-of-things.md#microsoftiotcentral) | Experience the simplicity of SaaS for IoT, with no cloud expertise required. | [IoT Central](/azure/iot-central/) | > | [Microsoft.IoTSecurity](./permissions/internet-of-things.md#microsoftiotsecurity) | | [IoT security](/azure/iot/iot-security-architecture) | > | [Microsoft.StreamAnalytics](./permissions/internet-of-things.md#microsoftstreamanalytics) | Real-time data stream processing from millions of IoT devices. | [Stream Analytics](/azure/stream-analytics/) |-> | [Microsoft.TimeSeriesInsights](./permissions/internet-of-things.md#microsofttimeseriesinsights) | Explore and analyze time-series data from IoT devices. | [Time Series Insights](/azure/time-series-insights/) | ## Mixed reality Click the resource provider name in the following list to see the list of permis > | [Microsoft.DevTestLab](./permissions/devops.md#microsoftdevtestlab) | Quickly create environments using reusable templates and artifacts. | [Azure Lab Services](/azure/lab-services/) | > | [Microsoft.LabServices](./permissions/devops.md#microsoftlabservices) | Set up labs for classrooms, trials, development and testing, and other scenarios. | [Azure Lab Services](/azure/lab-services/) | > | [Microsoft.LoadTestService](./permissions/devops.md#microsoftloadtestservice) | | [Azure Load Testing](/azure/load-testing/) |-> | [Microsoft.SecurityDevOps](./permissions/devops.md#microsoftsecuritydevops) | | [Microsoft Defender for Cloud](/azure/defender-for-cloud/) | > | [Microsoft.VisualStudio](./permissions/devops.md#microsoftvisualstudio) | The powerful and flexible environment for developing applications in the cloud. | [Azure DevOps](/azure/devops/) | ## Migration |