AzRoleAdvertizer

last sync: 2025-Apr-29 17:15:48 UTC

AVS on Fleet VIS Role

Azure BuiltIn RBAC Role definition

Name

AVS on Fleet VIS Role

49fc33c1-886f-4b21-a00e-1d9993234734

Description

Do not remove this role from your resource because it is critical to enable your AVS private cloud to operate. If the role is removed, it will cause your AVS private cloud control plane to no longer operate correctly. The role is used to enable the AVS private cloud control plane to inject address prefix changes of the private clouds attached virtual network to SDN and support peering sync feature. This role is not intended for use cases outside of assignment to the associated AVS identity in your entra-id tenant.

Category

None

CreatedOn

2025-01-13 16:06:06 UTC

UpdatedOn

2025-03-10 15:02:42 UTC

Permissions summary

Effective control plane and data plane operations: 19 (unique operations)
•action: 9
•delete: 1
•read: 5
•write: 4

Actions: 19
Resolved control plane operations from Actions: 19
Effective control plane operations: 19
•action: 9
•delete: 1
•read: 5
•write: 4

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16471

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3371

Actions

Operation	Description
Microsoft.Authorization/roleAssignments/delete conditioned	Delete a role assignment at the specified scope.
Microsoft.BareMetal/peeringSettings/read	Read operation
Microsoft.Network/ddosProtectionPlans/join/action	Joins a DDoS Protection Plan. Not alertable.
Microsoft.Network/natGateways/join/action	Joins a NAT Gateway
Microsoft.Network/networkIntentPolicies/join/action	Joins a Network Intent Policy. Not alertable.
Microsoft.Network/networkInterfaces/read	Gets a network interface definition.
Microsoft.Network/networkInterfaces/write	Creates a network interface or updates an existing network interface.
Microsoft.Network/networkManagers/ipamPools/associateResourcesToPool/action	Action permission for associate resources to Ipam Pool
Microsoft.Network/networkSecurityGroups/join/action	Joins a network security group. Not Alertable.
Microsoft.Network/routeTables/join/action	Joins a route table. Not Alertable.
Microsoft.Network/serviceEndpointPolicies/join/action	Joins a Service Endpoint Policy. Not alertable.
Microsoft.Network/virtualNetworks/peer/action	Peers a virtual network with another virtual network
Microsoft.Network/virtualNetworks/read	Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/join/action	Joins a virtual network. Not Alertable.
Microsoft.Network/virtualNetworks/subnets/read	Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/write	Creates a virtual network subnet or updates an existing virtual network subnet
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read	Gets a virtual network peering definition
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write	Creates a virtual network peering or updates an existing virtual network peering
Microsoft.Network/virtualNetworks/write	Creates a virtual network or updates an existing virtual network

NotActions

n/a

DataActions

n/a

NotDataActions

n/a

Used in
BuiltIn Policy

none

History

Date/Time (UTC ymd) (i)	Change	Change detail
2025-03-18 19:37:49	add: Role	49fc33c1-886f-4b21-a00e-1d9993234734

JSON

api-version=2023-07-01-preview

Condition

    (
        !
        (
            ActionMatches {
            'Microsoft.Authorization/roleAssignments/delete'
            }
        )
    )
    OR@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
    49fc33c1-886f-4b21-a00e-1d9993234734 (AVS on Fleet VIS Role)
    }