AzRoleAdvertizer

last sync: 2025-Jun-30 17:25:28 UTC

Azure Sphere Owner

Azure BuiltIn RBAC Role definition

NameAzure Sphere Owner
Id5a382001-fe36-41ff-bba4-8bf06bd54da9
DescriptionAllows user read and write access to Azure Sphere resources and RBAC configuration, includes an ABAC condition to constrain role assignments.
CategoryNone
CreatedOn2024-02-01 23:40:30 UTC
UpdatedOn2024-03-12 15:09:00 UTC
Permissions summary Effective control plane and data plane operations: 102 (unique operations)
•action: 25
•delete: 10
•read: 55
•write: 12

Actions: 15
Resolved control plane operations from Actions: 102
Effective control plane operations: 102
•action: 25
•delete: 10
•read: 55
•write: 12

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16673

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3570
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Authorization/roleAssignments/deleteDelete a role assignment at the specified scope.
Microsoft.Authorization/roleAssignments/writeCreate a role assignment at the specified scope.
Microsoft.AzureSphere/*wildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Insights/DiagnosticSettings/*wildcarded / no description
Microsoft.Insights/DiagnosticSettingsCategories/ReadRead diagnostic settings categories
Microsoft.Management/managementGroups/readList management groups for the authenticated user.
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/readGets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2024-03-13 20:05:30 change: Actions Actions: 'add Microsoft.Insights/DiagnosticSettings/*; add Microsoft.Insights/DiagnosticSettingsCategories/Read'
2024-02-05 19:34:05 add: Role 5a382001-fe36-41ff-bba4-8bf06bd54da9
JSON
api-version=2023-07-01-preview
Condition
     @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
    8b9dfcab-4b77-4632-a6df-94bd07820648 (Azure Sphere Contributor),
    c8ae6279-5a0b-4cb2-b3f0-d4d62845742c (Azure Sphere Reader),
    6d994134-994b-4a59-9974-f479f0b227fb (Azure Sphere Publisher),
    5a382001-fe36-41ff-bba4-8bf06bd54da9 (Azure Sphere Owner),
    749f88d5-cbae-40b8-bcfc-e573ddc772fa (Monitoring Contributor),
    43d0d8ad-25c7-4714-9337-8ba259a9fe05 (Monitoring Reader)
    }
     @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
    8b9dfcab-4b77-4632-a6df-94bd07820648 (Azure Sphere Contributor),
    c8ae6279-5a0b-4cb2-b3f0-d4d62845742c (Azure Sphere Reader),
    6d994134-994b-4a59-9974-f479f0b227fb (Azure Sphere Publisher),
    5a382001-fe36-41ff-bba4-8bf06bd54da9 (Azure Sphere Owner),
    749f88d5-cbae-40b8-bcfc-e573ddc772fa (Monitoring Contributor),
    43d0d8ad-25c7-4714-9337-8ba259a9fe05 (Monitoring Reader)
    }