你当前正在访问 Microsoft Azure Global Edition 技术文档网站。如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

已启用 Azure Arc 的 SCVMM 的 Azure 内置角色

2025-05-09

本文列出了已启用 Azure Arc 的 SCVMM 的 Azure 内置角色及其权限。已启用 Azure Arc 的 SCVMM 具有四个内置角色：

Azure Arc SCVMM 管理员角色
Azure Arc SCVMM 私有云用户
Azure Arc SCVMM 私有云入门
Azure Arc SCVMM VM 参与者

如果内置 Azure 角色不符合要求，则可以使用精细权限创建自定义角色。

Azure Arc SCVMM 管理员角色

Arc SCVMM VM 管理员有权限执行所有 SCVMM 操作。

行动	DESCRIPTION
Microsoft.Authorization/classicAdministrators/read	读取订阅的管理员。
Microsoft.Authorization/classicAdministrators/operationstatuses/read	获取订阅的管理员操作状态。
Microsoft.Authorization/denyAssignments/read	获取拒绝分配的相关信息。
Microsoft.Authorization/diagnosticSettingsCategories/read	获取有关诊断设置类别的信息。
Microsoft.Authorization/diagnosticSettings/read	阅读有关诊断设置的信息。
Microsoft.Authorization/roleEligibilityScheduleInstances/read	获取给定范围内的角色资格计划实例。
Microsoft.Authorization/locks/read	获取指定范围的锁。
Microsoft.Authorization/operations/read	获取操作列表。
Microsoft.Authorization/permissions/read	列出调用方在给定范围拥有的所有权限。
Microsoft.Authorization/policyAssignments/read	获取有关策略分配的信息。
Microsoft.Authorization/policyAssignments/ privateLinkAssociations/read	获取有关专用链接关联的信息。
Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/read	获取有关资源管理专用链接的信息。
Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnections/read	获取有关专用终结点连接的信息。
Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnectionProxies/read	获取有关专用终结点连接代理的信息。
Microsoft.Authorization/policyDefinitions/read	获取有关策略定义的信息。
Microsoft.Authorization/policyDefinitions/versions/read	获取有关策略定义版本的信息。
Microsoft.Authorization/policyEnrollments/read	获取有关策略注册的信息。
Microsoft.Authorization/policyExemptions/read	获取有关策略豁免的信息。
Microsoft.Authorization/policySetDefinitions/read	获取有关策略集定义的信息。
Microsoft.Authorization/policySetDefinitions/versions/read	获取有关策略集定义版本的信息。
Microsoft.Authorization/providerOperations/read	获取可在角色定义中使用的所有资源提供程序的操作。
Microsoft.Authorization/roleAssignments/read	获取有关角色分配的信息。
Microsoft.Authorization/roleAssignmentSchedules/read	获取给定范围内的角色分配计划。
Microsoft.Authorization/roleAssignmentScheduleInstances/read	获取给定范围内的角色分配计划实例。
Microsoft.Authorization/roleAssignmentScheduleRequests/read	获取给定范围内的角色分配计划请求。
Microsoft.Authorization/roleDefinitions/read	获取有关角色定义的信息。
Microsoft.Authorization/roleEligibilitySchedules/read	获取给定范围内的角色资格计划。
Microsoft.Authorization/roleEligibilityScheduleRequests/read	获取给定范围内的角色资格计划请求。
Microsoft.Authorization/roleManagementPolicies/read	获取角色管理策略
Microsoft.Authorization/roleManagementPolicyAssignments/read	获取角色管理策略分配
Microsoft.Insights/AlertRules/Write	创建或更新经典指标警报。
Microsoft.Insights/AlertRules/Delete	删除经典指标警报。
Microsoft.Insights/AlertRules/Read	读取经典指标警报。
Microsoft.Insights/AlertRules/Activated/Action	已激活经典指标警报。
Microsoft.Insights/AlertRules/Resolved/Action	经典指标警报已解决。
Microsoft.Insights/AlertRules/Throttled/Action	经典指标警报规则已中止。
Microsoft.Insights/AlertRules/Incidents/Read	读取经典指标警报事件。
Microsoft.Resources/deployments/read	获取或列出部署。
Microsoft.Resources/deployments/write	创建或更新部署。
Microsoft.Resources/deployments/delete	删除部署。
Microsoft.Resources/deployments/cancel/action	取消部署。
Microsoft.Resources/deployments/validate/action	验证部署。
Microsoft.Resources/deployments/whatIf/action	预测模板部署的变化。
Microsoft.Resources/deployments/exportTemplate/action	导出部署的模板。
Microsoft.Resources/deployments/operations/read	获取或列出部署操作。
Microsoft.Resources/deployments/operationstatuses/read	获取或列出部署操作状态。
Microsoft.Resources/subscriptions/read	获取订阅的列表。
Microsoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。
Microsoft.Resources/subscriptions/resourcegroups/deployments/read	获取或列出部署。
Microsoft.Resources/subscriptions/resourcegroups/deployments/write	创建或更新部署。
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read	获取或列出部署操作。
Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read	获取或列出部署操作状态。
Microsoft.Resources/subscriptions/operationresults/read	获取订阅操作的结果。
Microsoft.ResourceHealth/AvailabilityStatuses/read	获取指定范围内所有资源的可用性状态。
Microsoft.HybridCompute/operations/read	读取适用于服务器的 Azure Arc 的所有操作。
Microsoft.HybridCompute/osType/agentVersions/read	读取所有可用的 Azure Connected Machine 代理版本。
Microsoft.HybridCompute/osType/agentVersions/latest/read	阅读最新的 Azure Connected Machine 代理版本。
Microsoft.HybridCompute/licenses/read	读取任何 Azure Arc 许可证。
Microsoft.HybridCompute/licenses/write	安装或更新 Azure Arc 许可证。
Microsoft.HybridCompute/licenses/delete	删除 Azure Arc 许可证。
Microsoft.HybridCompute/locations/operationresults/read	读取 Microsoft.HybridCompute 资源提供程序上某项操作的状态。
Microsoft.HybridCompute/locations/operationstatus/read	读取 Microsoft.HybridCompute 资源提供程序上某项操作的状态。
Microsoft.HybridCompute/locations/updateCenterOperationResults/read	在计算机上读取更新中心操作的状态。
Microsoft.HybridCompute/machines/read	读取任何 Azure Arc 计算机。
Microsoft.HybridCompute/machines/write	写入 Azure Arc 计算机。
Microsoft.HybridCompute/machines/delete	删除 Azure Arc 计算机。
Microsoft.HybridCompute/machines/UpgradeExtensions/action	升级 Azure Arc 计算机上的扩展。
Microsoft.HybridCompute/machines/assessPatches/action	评估所有 Azure Arc 机器，以确定缺少的软件补丁。
Microsoft.HybridCompute/machines/installPatches/action	在任何 Azure Arc 计算机上安装修补程序。
Microsoft.HybridCompute/machines/patchInstallationResults/read	读取任何 Azure Arc patchInstallationResults。
Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read	读取任何 Azure Arc patchInstallationResults/softwarePatches。
Microsoft.HybridCompute/machines/extensions/read	读取任何 Azure Arc 扩展
Microsoft.HybridCompute/machines/extensions/write	安装或更新 Azure Arc 扩展
Microsoft.HybridCompute/machines/extensions/delete	删除 Azure Arc 扩展。
Microsoft.HybridCompute/machines/licenseProfiles/read	读取任何 Azure Arc licenseProfiles。
Microsoft.HybridCompute/machines/licenseProfiles/write	安装或更新 Azure Arc 许可证配置文件。
Microsoft.HybridCompute/machines/licenseProfiles/delete	删除 Azure Arc licenseProfiles。
Microsoft.HybridCompute/machines/hybridIdentityMetadata/read	读取任何 Azure Arc 计算机的混合标识元数据
Microsoft.HybridCompute/machines/patchAssessmentResults/read	读取任何 Azure Arc patchAssessmentResults。
Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read	读取任何 Azure Arc patchAssessmentResults/softwarePatches。
Microsoft.HybridCompute/machines/runcommands/read	读取任何 Azure Arc runcommand。
Microsoft.HybridCompute/machines/runcommands/write	安装或更新 Azure Arc 的运行命令。
Microsoft.HybridCompute/machines/runcommands/delete	删除任何 Azure Arc runcommand。
Microsoft.ExtendedLocation/customLocations/read	获取自定义位置资源。
Microsoft.ExtendedLocation/customLocations/deploy/action	将权限部署到自定义位置资源。
Microsoft.SCVMM/unregister/action	取消注册 RP。
Microsoft.SCVMM/register/action	注册 RP。
Microsoft.SCVMM/availabilitySets/Read	读取 availabilitySets。
Microsoft.SCVMM/availabilitySets/Write	写入 availabilitySets。
Microsoft.SCVMM/availabilitySets/Delete	删除 availabilitySets。
Microsoft.SCVMM/clouds/Read	读取云。
Microsoft.SCVMM/clouds/Write	写入云。
Microsoft.SCVMM/clouds/Delete	删除云。
Microsoft.SCVMM/clouds/deploy/action	在资源池上部署。
Microsoft.SCVMM/locations/operationstatuses/read	读取操作状态。
Microsoft.SCVMM/locations/operationstatuses/write	写入操作状态。
Microsoft.SCVMM/operations/read	读取操作。
Microsoft.SCVMM/skus/read	获取 SKU。
Microsoft.SCVMM/virtualMachineInstances/read	检索有关虚拟机实例的信息。
Microsoft.SCVMM/virtualMachineInstances/write	用于创建或更新虚拟机实例的操作。请注意，某些属性只能在创建虚拟机实例期间设置。
Microsoft.SCVMM/virtualMachineInstances/delete	用于删除虚拟机实例的操作。
Microsoft.SCVMM/virtualMachineInstances/stop/action	关闭虚拟机实例（停止）的操作。
Microsoft.SCVMM/virtualMachineInstances/start/action	启动虚拟机实例的操作。
Microsoft.SCVMM/virtualMachineInstances/restart/action	重启虚拟机实例的操作。
Microsoft.SCVMM/virtualMachineInstances/createCheckpoint/action	在虚拟机实例中创建检查点。
Microsoft.SCVMM/virtualMachineInstances/deleteCheckpoint/action	删除虚拟机实例中的检查点。
Microsoft.SCVMM/virtualMachineInstances/restoreCheckpoint/action	还原到虚拟机实例中的检查点。
Microsoft.SCVMM/virtualMachineInstances/guestAgents/read	实现 GuestAgent GET 方法。
Microsoft.SCVMM/virtualMachineInstances/guestAgents/write	创建或更新 GuestAgent。
Microsoft.SCVMM/virtualMachineInstances/guestAgents/delete	实现 GuestAgent DELETE 方法。
Microsoft.SCVMM/virtualMachineInstances/hybridIdentityMetadata/read	实现 HybridIdentityMetadata GET 方法。
Microsoft.SCVMM/virtualmachines/Delete	删除虚拟机。
Microsoft.SCVMM/virtualmachinetemplates/Read	读取 virtualmachinetemplates。
Microsoft.SCVMM/virtualmachinetemplates/Write	写入 virtualmachinetemplates。
Microsoft.SCVMM/virtualmachinetemplates/Delete	删除虚拟机模板。
Microsoft.SCVMM/virtualmachinetemplates/clone/action	克隆 virtualmachinetemplates。
Microsoft.SCVMM/virtualnetworks/Read	读取 virtualnetworks。
Microsoft.SCVMM/virtualnetworks/Write	写入 virtualnetworks。
Microsoft.SCVMM/virtualnetworks/Delete	删除 virtualnetworks。
Microsoft.SCVMM/virtualnetworks/join/action	加入虚拟网络。
Microsoft.SCVMM/vmmservers/Read	读取 vmmservers。
Microsoft.SCVMM/vmmservers/Write	写入 vmmservers。
Microsoft.SCVMM/vmmservers/Delete	删除 vmmservers。
Microsoft.SCVMM/vmmservers/inventoryitems/Delete	删除 vmmserver inventoryitems。
Microsoft.SCVMM/vmmservers/inventoryitems/Read	读取 vmmserver inventoryitems。
Microsoft.SCVMM/vmmservers/inventoryitems/Write	写入 vmmservers inventoryitems。
Microsoft.SCVMM/vmmservers/inventoryitems/onboard/action	加入 vmmservers inventoryitems。
不操作
无
DataActions
无
NotDataActions
无

{
    "id": "/providers/Microsoft.Authorization/roleDefinitions/a92dfd61-77f9-4aec-a531-19858b406c87",
    "properties": {
        "roleName": "Azure Arc ScVmm Administrator role",
        "description": "Arc ScVmm VM Administrator has permissions to perform all ScVmm actions.",
        "assignableScopes": [
            "/"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.ScVmm/*",
                    "Microsoft.Insights/AlertRules/Write",
                    "Microsoft.Insights/AlertRules/Delete",
                    "Microsoft.Insights/AlertRules/Read",
                    "Microsoft.Insights/AlertRules/Activated/Action",
                    "Microsoft.Insights/AlertRules/Resolved/Action",
                    "Microsoft.Insights/AlertRules/Throttled/Action",
                    "Microsoft.Insights/AlertRules/Incidents/Read",
                    "Microsoft.Resources/deployments/read",
                    "Microsoft.Resources/deployments/write",
                    "Microsoft.Resources/deployments/delete",
                    "Microsoft.Resources/deployments/cancel/action",
                    "Microsoft.Resources/deployments/validate/action",
                    "Microsoft.Resources/deployments/whatIf/action",
                    "Microsoft.Resources/deployments/exportTemplate/action",
                    "Microsoft.Resources/deployments/operations/read",
                    "Microsoft.Resources/deployments/operationstatuses/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
                    "Microsoft.ResourceHealth/availabilityStatuses/read",
                    "Microsoft.Authorization/*/read",
                    "Microsoft.Resources/subscriptions/read",
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                    "Microsoft.Resources/subscriptions/operationresults/read",
                    "Microsoft.ExtendedLocation/customLocations/Read",
                    "Microsoft.ExtendedLocation/customLocations/deploy/action",
                    "Microsoft.HybridCompute/machines/read",
                    "Microsoft.HybridCompute/machines/write",
                    "Microsoft.HybridCompute/machines/delete",
                    "Microsoft.HybridCompute/machines/UpgradeExtensions/action",
                    "Microsoft.HybridCompute/machines/assessPatches/action",
                    "Microsoft.HybridCompute/machines/installPatches/action",
                    "Microsoft.HybridCompute/machines/extensions/read",
                    "Microsoft.HybridCompute/machines/extensions/write",
                    "Microsoft.HybridCompute/machines/extensions/delete",
                    "Microsoft.HybridCompute/operations/read",
                    "Microsoft.HybridCompute/locations/operationresults/read",
                    "Microsoft.HybridCompute/locations/operationstatus/read",
                    "Microsoft.HybridCompute/machines/patchAssessmentResults/read",
                    "Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
                    "Microsoft.HybridCompute/machines/patchInstallationResults/read",
                    "Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
                    "Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
                    "Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
                    "Microsoft.HybridCompute/osType/agentVersions/read",
                    "Microsoft.HybridCompute/osType/agentVersions/latest/read",
                    "Microsoft.HybridCompute/machines/runcommands/read",
                    "Microsoft.HybridCompute/machines/runcommands/write",
                    "Microsoft.HybridCompute/machines/runcommands/delete",
                    "Microsoft.HybridCompute/machines/licenseProfiles/read",
                    "Microsoft.HybridCompute/machines/licenseProfiles/write",
                    "Microsoft.HybridCompute/machines/licenseProfiles/delete",
                    "Microsoft.HybridCompute/licenses/read",
                    "Microsoft.HybridCompute/licenses/write",
                    "Microsoft.HybridCompute/licenses/delete"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

Azure Arc SCVMM 私有云用户

Azure Arc SCVMM 私有云用户有权使用 SCVMM 资源部署 VM。

行动	DESCRIPTION
Microsoft.Authorization/classicAdministrators/read	读取订阅的管理员。
Microsoft.Authorization/classicAdministrators/operationstatuses/read	获取订阅的管理员操作状态。
Microsoft.Authorization/denyAssignments/read	获取拒绝分配的相关信息。
Microsoft.Authorization/diagnosticSettingsCategories/read	获取有关诊断设置类别的信息。
Microsoft.Authorization/diagnosticSettings/read	阅读有关诊断设置的信息。
Microsoft.Authorization/roleEligibilityScheduleInstances/read	获取给定范围内的角色资格计划实例。
Microsoft.Authorization/locks/read	获取指定范围的锁。
Microsoft.Authorization/operations/read	获取操作列表。
Microsoft.Authorization/permissions/read	列出调用方在给定范围拥有的所有权限。
Microsoft.Authorization/policyAssignments/read	获取有关策略分配的信息。
Microsoft.Authorization/policyAssignments/privateLinkAssociations/read	获取有关专用链接关联的信息。
Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/read	获取有关资源管理专用链接的信息。
Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnections/read	获取有关专用终结点连接的信息。
Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnectionProxies/read	获取有关专用终结点连接代理的信息。
Microsoft.Authorization/policyDefinitions/read	获取有关策略定义的信息。
Microsoft.Authorization/policyDefinitions/versions/read	获取有关策略定义版本的信息。
Microsoft.Authorization/policyEnrollments/read	获取有关策略注册的信息。
Microsoft.Authorization/policyExemptions/read	获取有关策略豁免的信息。
Microsoft.Authorization/policySetDefinitions/read	获取有关策略集定义的信息。
Microsoft.Authorization/policySetDefinitions/versions/read	获取有关策略集定义版本的信息。
Microsoft.Authorization/providerOperations/read	获取可在角色定义中使用的所有资源提供程序的操作。
Microsoft.Authorization/roleAssignments/read	获取有关角色分配的信息。
Microsoft.Authorization/roleAssignmentSchedules/read	获取给定范围内的角色分配计划。
Microsoft.Authorization/roleAssignmentScheduleInstances/read	获取给定范围内的角色分配计划实例。
Microsoft.Authorization/roleAssignmentScheduleRequests/read	获取给定范围内的角色分配计划请求。
Microsoft.Authorization/roleDefinitions/read	获取有关角色定义的信息。
Microsoft.Authorization/roleEligibilitySchedules/read	获取给定范围内的角色资格计划。
Microsoft.Authorization/roleEligibilityScheduleRequests/read	获取给定范围内的角色资格计划请求。
Microsoft.Authorization/roleManagementPolicies/read	获取角色管理策略。
Microsoft.Authorization/roleManagementPolicyAssignments/read	获取角色管理策略分配。
Microsoft.Insights/AlertRules/Write	创建或更新经典指标警报。
Microsoft.Insights/AlertRules/Delete	删除经典指标警报。
Microsoft.Insights/AlertRules/Read	读取经典指标警报。
Microsoft.Insights/AlertRules/Activated/Action	已激活经典指标警报。
Microsoft.Insights/AlertRules/Resolved/Action	经典指标警报已解决。
Microsoft.Insights/AlertRules/Throttled/Action	经典指标警报规则已中止。
Microsoft.Insights/AlertRules/Incidents/Read	读取经典指标警报事件。
Microsoft.Resources/deployments/read	获取或列出部署。
Microsoft.Resources/deployments/write	创建或更新部署。
Microsoft.Resources/deployments/delete	删除部署。
Microsoft.Resources/deployments/cancel/action	取消部署。
Microsoft.Resources/deployments/validate/action	验证部署。
Microsoft.Resources/deployments/whatIf/action	预测模板部署的变化。
Microsoft.Resources/deployments/exportTemplate/action	导出部署的模板。
Microsoft.Resources/deployments/operations/read	获取或列出部署操作。
Microsoft.Resources/deployments/operationstatuses/read	获取或列出部署操作状态。
Microsoft.Resources/subscriptions/read	获取订阅的列表。
Microsoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。
Microsoft.Resources/subscriptions/resourcegroups/deployments/read	获取或列出部署。
Microsoft.Resources/subscriptions/resourcegroups/deployments/write	创建或更新部署。
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read	获取或列出部署操作。
Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read	获取或列出部署操作状态。
Microsoft.Resources/subscriptions/operationresults/read	获取订阅操作的结果。
Microsoft.ResourceHealth/AvailabilityStatuses/read	获取指定范围内所有资源的可用性状态。
Microsoft.ExtendedLocation/customLocations/read	获取自定义位置资源。
Microsoft.ExtendedLocation/customLocations/deploy/action	将权限部署到自定义位置资源。
Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read	获取自定义位置资源的 EnabledResourceTypes。
Microsoft.SCVMM/clouds/Read	读取云。
Microsoft.SCVMM/clouds/deploy/action	在资源池上部署。
Microsoft.SCVMM/virtualmachinetemplates/Read	读取 virtualmachinetemplates。
Microsoft.SCVMM/virtualmachinetemplates/clone/action	克隆 virtualmachinetemplates。
Microsoft.SCVMM/virtualnetworks/Read	读取 virtualnetworks。
Microsoft.SCVMM/virtualnetworks/join/action	加入虚拟网络。
不操作
无
DataActions
无
NotDataActions
无

{
    "id": "/providers/Microsoft.Authorization/roleDefinitions/c0781e91-8102-4553-8951-97c6d4243cda",
    "properties": {
        "roleName": "Azure Arc ScVmm Private Cloud User",
        "description": "Azure Arc ScVmm Private Cloud User has permissions to use the ScVmm resources to deploy VMs.",
        "assignableScopes": [
            "/"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.Insights/AlertRules/Write",
                    "Microsoft.Insights/AlertRules/Delete",
                    "Microsoft.Insights/AlertRules/Read",
                    "Microsoft.Insights/AlertRules/Activated/Action",
                    "Microsoft.Insights/AlertRules/Resolved/Action",
                    "Microsoft.Insights/AlertRules/Throttled/Action",
                    "Microsoft.Insights/AlertRules/Incidents/Read",
                    "Microsoft.Resources/deployments/read",
                    "Microsoft.Resources/deployments/write",
                    "Microsoft.Resources/deployments/delete",
                    "Microsoft.Resources/deployments/cancel/action",
                    "Microsoft.Resources/deployments/validate/action",
                    "Microsoft.Resources/deployments/whatIf/action",
                    "Microsoft.Resources/deployments/exportTemplate/action",
                    "Microsoft.Resources/deployments/operations/read",
                    "Microsoft.Resources/deployments/operationstatuses/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
                    "Microsoft.ResourceHealth/availabilityStatuses/read",
                    "Microsoft.Authorization/*/read",
                    "Microsoft.Resources/subscriptions/read",
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                    "Microsoft.Resources/subscriptions/operationresults/read",
                    "microsoft.scvmm/virtualnetworks/join/action",
                    "microsoft.scvmm/virtualnetworks/Read",
                    "microsoft.scvmm/virtualmachinetemplates/clone/action",
                    "microsoft.scvmm/virtualmachinetemplates/Read",
                    "microsoft.scvmm/clouds/deploy/action",
                    "microsoft.scvmm/clouds/Read",
                    "Microsoft.ExtendedLocation/customLocations/Read",
                    "Microsoft.ExtendedLocation/customLocations/deploy/action",
                    "Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

Azure Arc SCVMM 私有云加入

Azure Arc SCVMM 私有云加入角色有权预配所需的所有资源，以在 Azure 中加入和去除 VMM 服务器实例。

行动	DESCRIPTION
Microsoft.Authorization/classicAdministrators/read	读取订阅的管理员。
Microsoft.Authorization/classicAdministrators/operationstatuses/read	获取订阅的管理员操作状态。
Microsoft.Authorization/denyAssignments/read	获取拒绝分配的相关信息。
Microsoft.Authorization/diagnosticSettingsCategories/read	获取有关诊断设置类别的信息。
Microsoft.Authorization/diagnosticSettings/read	阅读有关诊断设置的信息。
Microsoft.Authorization/roleEligibilityScheduleInstances/read	获取给定范围内的角色资格计划实例。
Microsoft.Authorization/locks/read	获取指定范围的锁。
Microsoft.Authorization/operations/read	获取操作列表。
Microsoft.Authorization/permissions/read	列出调用方在给定范围拥有的所有权限。
Microsoft.Authorization/policyAssignments/read	获取有关策略分配的信息。
Microsoft.Authorization/policyAssignments/privateLinkAssociations/read	获取有关专用链接关联的信息。
Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/read	获取有关资源管理专用链接的信息。
Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnections/read	获取有关专用终结点连接的信息。
Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnectionProxies/read	获取有关专用终结点连接代理的信息。
Microsoft.Authorization/policyDefinitions/read	获取有关策略定义的信息。
Microsoft.Authorization/policyDefinitions/versions/read	获取有关策略定义版本的信息。
Microsoft.Authorization/policyEnrollments/read	获取有关策略注册的信息。
Microsoft.Authorization/policyExemptions/read	获取有关策略豁免的信息。
Microsoft.Authorization/policySetDefinitions/read	获取有关策略集定义的信息。
Microsoft.Authorization/policySetDefinitions/versions/read	获取有关策略集定义版本的信息。
Microsoft.Authorization/providerOperations/read	获取可在角色定义中使用的所有资源提供程序的操作。
Microsoft.Authorization/roleAssignments/read	获取有关角色分配的信息。
Microsoft.Authorization/roleAssignmentSchedules/read	获取给定范围内的角色分配计划。
Microsoft.Authorization/roleAssignmentScheduleInstances/read	获取给定范围内的角色分配计划实例。
Microsoft.Authorization/roleAssignmentScheduleRequests/read	获取给定范围内的角色分配计划请求。
Microsoft.Authorization/roleDefinitions/read	获取有关角色定义的信息。
Microsoft.Authorization/roleEligibilitySchedules/read	获取给定范围内的角色资格计划。
Microsoft.Authorization/roleEligibilityScheduleRequests/read	获取给定范围内的角色资格计划请求。
Microsoft.Authorization/roleManagementPolicies/read	获取角色管理策略。
Microsoft.Authorization/roleManagementPolicyAssignments/read	获取角色管理策略分配。
Microsoft.Insights/AlertRules/Write	创建或更新经典指标警报。
Microsoft.Insights/AlertRules/Delete	删除经典指标警报。
Microsoft.Insights/AlertRules/Read	读取经典指标警报。
Microsoft.Insights/AlertRules/Activated/Action	已激活经典指标警报。
Microsoft.Insights/AlertRules/Resolved/Action	经典指标警报已解决。
Microsoft.Insights/AlertRules/Throttled/Action	经典指标警报规则已中止。
Microsoft.Insights/AlertRules/Incidents/Read	读取经典指标警报事件。
Microsoft.Resources/deployments/read	获取或列出部署。
Microsoft.Resources/deployments/write	创建或更新部署。
Microsoft.Resources/deployments/delete	删除部署。
Microsoft.Resources/deployments/cancel/action	取消部署。
Microsoft.Resources/deployments/validate/action	验证部署。
Microsoft.Resources/deployments/whatIf/action	预测模板部署的变化。
Microsoft.Resources/deployments/exportTemplate/action	导出部署的模板。
Microsoft.Resources/deployments/operations/read	获取或列出部署操作。
Microsoft.Resources/deployments/operationstatuses/read	获取或列出部署操作状态。
Microsoft.Resources/subscriptions/read	获取订阅的列表。
Microsoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。
Microsoft.Resources/subscriptions/resourcegroups/deployments/read	获取或列出部署。
Microsoft.Resources/subscriptions/resourcegroups/deployments/write	创建或更新部署。
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read	获取或列出部署操作。
Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read	获取或列出部署操作状态。
Microsoft.Resources/subscriptions/operationresults/read	获取订阅操作的结果。
Microsoft.ResourceHealth/AvailabilityStatuses/read	获取指定范围内所有资源的可用性状态。
Microsoft.ExtendedLocation/customLocations/read	获取自定义位置资源。
Microsoft.ExtendedLocation/customLocations/deploy/action	将权限部署到自定义位置资源。
Microsoft.SCVMM/vmmservers/Read	读取 vmmservers。
Microsoft.SCVMM/vmmservers/Write	写入 vmmservers。
Microsoft.SCVMM/vmmservers/Delete	删除 vmmservers。
不操作
无
DataActions
无
NotDataActions
无

{
    "id": "/providers/Microsoft.Authorization/roleDefinitions/6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9",
    "properties": {
        "roleName": "Azure Arc ScVmm Private Clouds Onboarding",
        "description": "Azure Arc ScVmm Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vmm server instances to Azure.",
        "assignableScopes": [
            "/"
        ],
        "permissions": [
            {
                "actions": [
                    "microsoft.scvmm/vmmservers/Read",
                    "microsoft.scvmm/vmmservers/Write",
                    "microsoft.scvmm/vmmservers/Delete",
                    "Microsoft.Insights/AlertRules/Write",
                    "Microsoft.Insights/AlertRules/Delete",
                    "Microsoft.Insights/AlertRules/Read",
                    "Microsoft.Insights/AlertRules/Activated/Action",
                    "Microsoft.Insights/AlertRules/Resolved/Action",
                    "Microsoft.Insights/AlertRules/Throttled/Action",
                    "Microsoft.Insights/AlertRules/Incidents/Read",
                    "Microsoft.Resources/deployments/read",
                    "Microsoft.Resources/deployments/write",
                    "Microsoft.Resources/deployments/delete",
                    "Microsoft.Resources/deployments/cancel/action",
                    "Microsoft.Resources/deployments/validate/action",
                    "Microsoft.Resources/deployments/whatIf/action",
                    "Microsoft.Resources/deployments/exportTemplate/action",
                    "Microsoft.Resources/deployments/operations/read",
                    "Microsoft.Resources/deployments/operationstatuses/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
                    "Microsoft.ResourceHealth/availabilityStatuses/read",
                    "Microsoft.Authorization/*/read",
                    "Microsoft.Resources/subscriptions/read",
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                    "Microsoft.Resources/subscriptions/operationresults/read",
                    "Microsoft.ExtendedLocation/customLocations/Read",
                    "Microsoft.ExtendedLocation/customLocations/deploy/action"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

Azure Arc SCVMM VM 参与者

Arc SCVMM VM 参与者有权执行所有 VM 操作。

行动	DESCRIPTION
Microsoft.Authorization/classicAdministrators/read	读取订阅的管理员。
Microsoft.Authorization/classicAdministrators/operationstatuses/read	获取订阅的管理员操作状态。
Microsoft.Authorization/denyAssignments/read	获取拒绝分配的相关信息。
Microsoft.Authorization/diagnosticSettingsCategories/read	获取有关诊断设置类别的信息。
Microsoft.Authorization/diagnosticSettings/read	阅读有关诊断设置的信息。
Microsoft.Authorization/roleEligibilityScheduleInstances/read	获取给定范围内的角色资格计划实例。
Microsoft.Authorization/locks/read	获取指定范围的锁。
Microsoft.Authorization/operations/read	获取操作列表。
Microsoft.Authorization/permissions/read	列出调用方在给定范围拥有的所有权限。
Microsoft.Authorization/policyAssignments/read	获取有关策略分配的信息。
Microsoft.Authorization/policyAssignments/privateLinkAssociations/read	获取有关专用链接关联的信息。
Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/read	获取有关资源管理专用链接的信息。
Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnections/read	获取有关专用终结点连接的信息。
Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnectionProxies/read	获取有关专用终结点连接代理的信息。
Microsoft.Authorization/policyDefinitions/read	获取有关策略定义的信息。
Microsoft.Authorization/policyDefinitions/versions/read	获取有关策略定义版本的信息。
Microsoft.Authorization/policyEnrollments/read	获取有关策略注册的信息。
Microsoft.Authorization/policyExemptions/read	获取有关策略豁免的信息。
Microsoft.Authorization/policySetDefinitions/read	获取有关策略集定义的信息。
Microsoft.Authorization/policySetDefinitions/versions/read	获取有关策略集定义版本的信息。
Microsoft.Authorization/providerOperations/read	获取可在角色定义中使用的所有资源提供程序的操作。
Microsoft.Authorization/roleAssignments/read	获取有关角色分配的信息。
Microsoft.Authorization/roleAssignmentSchedules/read	获取给定范围内的角色分配计划。
Microsoft.Authorization/roleAssignmentScheduleInstances/read	获取给定范围内的角色分配计划实例。
Microsoft.Authorization/roleAssignmentScheduleRequests/read	获取给定范围内的角色分配计划请求。
Microsoft.Authorization/roleDefinitions/read	获取有关角色定义的信息。
Microsoft.Authorization/roleEligibilitySchedules/read	获取给定范围内的角色资格计划。
Microsoft.Authorization/roleEligibilityScheduleRequests/read	获取给定范围内的角色资格计划请求。
Microsoft.Authorization/roleManagementPolicies/read	获取角色管理策略。
Microsoft.Authorization/roleManagementPolicyAssignments/read	获取角色管理策略分配。
Microsoft.Insights/AlertRules/Write	创建或更新经典指标警报。
Microsoft.Insights/AlertRules/Delete	删除经典指标警报。
Microsoft.Insights/AlertRules/Read	读取经典指标警报。
Microsoft.Insights/AlertRules/Activated/Action	已激活经典指标警报。
Microsoft.Insights/AlertRules/Resolved/Action	经典指标警报已解决。
Microsoft.Insights/AlertRules/Throttled/Action	经典指标警报规则已中止。
Microsoft.Insights/AlertRules/Incidents/Read	读取经典指标警报事件。
Microsoft.Resources/deployments/read	获取或列出部署。
Microsoft.Resources/deployments/write	创建或更新部署。
Microsoft.Resources/deployments/delete	删除部署。
Microsoft.Resources/deployments/cancel/action	取消部署。
Microsoft.Resources/deployments/validate/action	验证部署。
Microsoft.Resources/deployments/whatIf/action	预测模板部署的变化。
Microsoft.Resources/deployments/exportTemplate/action	导出部署的模板。
Microsoft.Resources/deployments/operations/read	获取或列出部署操作。
Microsoft.Resources/deployments/operationstatuses/read	获取或列出部署操作状态。
Microsoft.Resources/subscriptions/read	获取订阅的列表。
Microsoft.Resources/subscriptions/resourceGroups/read	获取或列出资源组。
Microsoft.Resources/subscriptions/resourcegroups/deployments/read	获取或列出部署。
Microsoft.Resources/subscriptions/resourcegroups/deployments/write	创建或更新部署。
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read	获取或列出部署操作。
Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read	获取或列出部署操作状态。
Microsoft.Resources/subscriptions/operationresults/read	获取订阅操作的结果。
Microsoft.ResourceHealth/AvailabilityStatuses/read	获取指定范围内所有资源的可用性状态。
Microsoft.HybridCompute/operations/read	读取适用于服务器的 Azure Arc 的所有操作。
Microsoft.HybridCompute/osType/agentVersions/read	读取所有可用的 Azure Connected Machine 代理版本。
Microsoft.HybridCompute/osType/agentVersions/latest/read	阅读最新的 Azure Connected Machine 代理版本。
Microsoft.HybridCompute/licenses/read	读取任何 Azure Arc 许可证。
Microsoft.HybridCompute/licenses/write	安装或更新 Azure Arc 许可证。
Microsoft.HybridCompute/licenses/delete	删除 Azure Arc 许可证。
Microsoft.HybridCompute/locations/operationresults/read	读取 Microsoft.HybridCompute 资源提供程序上某项操作的状态。
Microsoft.HybridCompute/locations/operationstatus/read	读取 Microsoft.HybridCompute 资源提供程序上某项操作的状态。
Microsoft.HybridCompute/locations/updateCenterOperationResults/read	在计算机上读取更新中心操作的状态。
Microsoft.HybridCompute/machines/read	读取任何 Azure Arc 计算机。
Microsoft.HybridCompute/machines/write	写入 Azure Arc 计算机。
Microsoft.HybridCompute/machines/delete	删除 Azure Arc 计算机。
Microsoft.HybridCompute/machines/UpgradeExtensions/action	升级 Azure Arc 计算机上的扩展。
Microsoft.HybridCompute/machines/assessPatches/action	评估所有 Azure Arc 机器，以确定缺少的软件补丁。
Microsoft.HybridCompute/machines/installPatches/action	在任何 Azure Arc 计算机上安装修补程序。
Microsoft.HybridCompute/machines/patchInstallationResults/read	读取任何 Azure Arc patchInstallationResults。
Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read	读取任何 Azure Arc patchInstallationResults/softwarePatches。
Microsoft.HybridCompute/machines/extensions/read	读取任何 Azure Arc 扩展。
Microsoft.HybridCompute/machines/extensions/write	安装或更新 Azure Arc 扩展。
Microsoft.HybridCompute/machines/extensions/delete	删除 Azure Arc 扩展。
Microsoft.HybridCompute/machines/licenseProfiles/read	读取任何 Azure Arc licenseProfiles。
Microsoft.HybridCompute/machines/licenseProfiles/write	安装或更新 Azure Arc 许可证配置文件。
Microsoft.HybridCompute/machines/licenseProfiles/delete	删除 Azure Arc licenseProfiles。
Microsoft.HybridCompute/machines/hybridIdentityMetadata/read	读取 Azure Arc 机器的任意混合身份标识元数据。
Microsoft.HybridCompute/machines/patchAssessmentResults/read	读取任何 Azure Arc patchAssessmentResults。
Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read	读取任何 Azure Arc patchAssessmentResults/softwarePatches。
Microsoft.HybridCompute/machines/runcommands/read	读取任何 Azure Arc runcommand。
Microsoft.HybridCompute/machines/runcommands/write	安装或更新 Azure Arc 的运行命令。
Microsoft.HybridCompute/machines/runcommands/delete	删除任何 Azure Arc runcommand。
Microsoft.ExtendedLocation/customLocations/read	获取自定义位置资源。
Microsoft.ExtendedLocation/customLocations/deploy/action	将权限部署到自定义位置资源。
Microsoft.SCVMM/virtualMachineInstances/read	检索有关虚拟机实例的信息。
Microsoft.SCVMM/virtualMachineInstances/write	用于创建或更新虚拟机实例的操作。请注意，某些属性只能在创建虚拟机实例期间设置。
Microsoft.SCVMM/virtualMachineInstances/delete	用于删除虚拟机实例的操作。
Microsoft.SCVMM/virtualMachineInstances/stop/action	关闭虚拟机实例（停止）的操作。
Microsoft.SCVMM/virtualMachineInstances/start/action	启动虚拟机实例的操作。
Microsoft.SCVMM/virtualMachineInstances/restart/action	重启虚拟机实例的操作。
Microsoft.SCVMM/virtualMachineInstances/createCheckpoint/action	在虚拟机实例中创建检查点。
Microsoft.SCVMM/virtualMachineInstances/deleteCheckpoint/action	删除虚拟机实例中的检查点。
Microsoft.SCVMM/virtualMachineInstances/restoreCheckpoint/action	还原到虚拟机实例中的检查点。
Microsoft.SCVMM/virtualMachineInstances/guestAgents/read	实现 GuestAgent GET 方法。
Microsoft.SCVMM/virtualMachineInstances/guestAgents/write	创建或更新 GuestAgent。
Microsoft.SCVMM/virtualMachineInstances/guestAgents/delete	实现 GuestAgent DELETE 方法。
Microsoft.SCVMM/virtualMachineInstances/hybridIdentityMetadata/read	实现 HybridIdentityMetadata GET 方法。
Microsoft.SCVMM/virtualmachines/Delete	删除虚拟机。
不操作
无
DataActions
无
NotDataActions
无

{
    "id": "/providers/Microsoft.Authorization/roleDefinitions/e582369a-e17b-42a5-b10c-874c387c530b",
    "properties": {
        "roleName": "Azure Arc ScVmm VM Contributor",
        "description": "Arc ScVmm VM Contributor has permissions to perform all VM actions.",
        "assignableScopes": [
            "/"
        ],
        "permissions": [
            {
                "actions": [
                    "microsoft.scvmm/virtualmachines/*",
                    "microsoft.scvmm/virtualMachineInstances/*",
                    "Microsoft.Insights/AlertRules/Write",
                    "Microsoft.Insights/AlertRules/Delete",
                    "Microsoft.Insights/AlertRules/Read",
                    "Microsoft.Insights/AlertRules/Activated/Action",
                    "Microsoft.Insights/AlertRules/Resolved/Action",
                    "Microsoft.Insights/AlertRules/Throttled/Action",
                    "Microsoft.Insights/AlertRules/Incidents/Read",
                    "Microsoft.Resources/deployments/read",
                    "Microsoft.Resources/deployments/write",
                    "Microsoft.Resources/deployments/delete",
                    "Microsoft.Resources/deployments/cancel/action",
                    "Microsoft.Resources/deployments/validate/action",
                    "Microsoft.Resources/deployments/whatIf/action",
                    "Microsoft.Resources/deployments/exportTemplate/action",
                    "Microsoft.Resources/deployments/operations/read",
                    "Microsoft.Resources/deployments/operationstatuses/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
                    "Microsoft.ResourceHealth/availabilityStatuses/read",
                    "Microsoft.Authorization/*/read",
                    "Microsoft.Resources/subscriptions/read",
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                    "Microsoft.Resources/subscriptions/operationresults/read",
                    "Microsoft.ExtendedLocation/customLocations/Read",
                    "Microsoft.ExtendedLocation/customLocations/deploy/action",
                    "Microsoft.HybridCompute/machines/read",
                    "Microsoft.HybridCompute/machines/write",
                    "Microsoft.HybridCompute/machines/delete",
                    "Microsoft.HybridCompute/machines/UpgradeExtensions/action",
                    "Microsoft.HybridCompute/machines/assessPatches/action",
                    "Microsoft.HybridCompute/machines/installPatches/action",
                    "Microsoft.HybridCompute/machines/extensions/read",
                    "Microsoft.HybridCompute/machines/extensions/write",
                    "Microsoft.HybridCompute/machines/extensions/delete",
                    "Microsoft.HybridCompute/operations/read",
                    "Microsoft.HybridCompute/locations/operationresults/read",
                    "Microsoft.HybridCompute/locations/operationstatus/read",
                    "Microsoft.HybridCompute/machines/patchAssessmentResults/read",
                    "Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
                    "Microsoft.HybridCompute/machines/patchInstallationResults/read",
                    "Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
                    "Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
                    "Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
                    "Microsoft.HybridCompute/osType/agentVersions/read",
                    "Microsoft.HybridCompute/osType/agentVersions/latest/read",
                    "Microsoft.HybridCompute/machines/runcommands/read",
                    "Microsoft.HybridCompute/machines/runcommands/write",
                    "Microsoft.HybridCompute/machines/runcommands/delete",
                    "Microsoft.HybridCompute/machines/licenseProfiles/read",
                    "Microsoft.HybridCompute/machines/licenseProfiles/write",
                    "Microsoft.HybridCompute/machines/licenseProfiles/delete",
                    "Microsoft.HybridCompute/licenses/read",
                    "Microsoft.HybridCompute/licenses/write",
                    "Microsoft.HybridCompute/licenses/delete"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

通过

已启用 Azure Arc 的 SCVMM 的 Azure 内置角色

Azure Arc SCVMM 管理员角色

Azure Arc SCVMM 私有云用户

Azure Arc SCVMM 私有云加入

Azure Arc SCVMM VM 参与者

后续步骤

反馈

其他资源