AzRoleAdvertizer

last sync: 2025-Jul-24 17:34:09 UTC

Blueprint Operator

Azure BuiltIn RBAC Role definition

NameBlueprint Operator
Microsoft Learn
Id437d2ced-4a38-4302-8479-ed2bcb43d090
DescriptionCan assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.
CategoryManagement and governance
Microsoft Learn
CreatedOn2019-08-14 21:56:48 UTC
UpdatedOn2021-11-11 20:14:06 UTC
Permissions summary Effective control plane and data plane operations: 56 (unique operations)
•action: 8
•delete: 2
•read: 43
•write: 3

Actions: 5
Resolved control plane operations from Actions: 56
Effective control plane operations: 56
•action: 8
•delete: 2
•read: 43
•write: 3

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16829

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3579
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Blueprint/blueprintAssignments/*wildcarded / no description
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
Historynone
JSON
api-version=2023-07-01-preview
 
{9 items
  • roleName: "Blueprint Operator",
  • type: "BuiltInRole",
  • description: "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
  • assignableScopes: [1 item
    • "/"
    ],
  • permissions: [1 item
    • {4 items
      • actions: [5 items
        • "Microsoft.Authorization/*/read",
        • "Microsoft.Blueprint/blueprintAssignments/*",
        • "Microsoft.Resources/subscriptions/resourceGroups/read",
        • "Microsoft.Resources/deployments/*",
        • "Microsoft.Support/*"
        ],
      • notActions: [],
      • dataActions: [],
      • notDataActions: []
      }
    ],
  • createdOn: "2019-08-14T21:56:48.7897875Z",
  • updatedOn: "2021-11-11T20:14:06.6971401Z",
  • createdBy: null,
  • updatedBy: null
}
Condition none