last sync: 2025-Jul-25 17:39:33 UTC

Management Group Contributor

Azure BuiltIn RBAC Role definition

NameManagement Group Contributor
Microsoft Learn
Id5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
DescriptionManagement Group Contributor Role
CategoryManagement and governance
Microsoft Learn
CreatedOn2018-06-22 00:28:29 UTC
UpdatedOn2022-09-19 15:10:03 UTC
Permissions summary Effective control plane and data plane operations: 37 (unique operations)
•delete: 2
•read: 33
•write: 2

Actions: 7
Resolved control plane operations from Actions: 37
Effective control plane operations: 37
•delete: 2
•read: 33
•write: 2

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16841

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3579
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Management/managementGroups/deleteDelete management group.
Microsoft.Management/managementGroups/readList management groups for the authenticated user.
Microsoft.Management/managementGroups/subscriptions/deleteDe-associates subscription from the management group.
Microsoft.Management/managementGroups/subscriptions/readLists subscription under the given management group.
Microsoft.Management/managementGroups/subscriptions/writeAssociates existing subscription with the management group.
Microsoft.Management/managementGroups/writeCreate or update a management group.
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
none
History
Date/Time (UTC ymd) (i) Change Change detail
2022-09-19 16:35:35 change: Actions Actions: 'add Microsoft.Authorization/*/read'
JSON
api-version=2023-07-01-preview
{9 items
  • roleName: "Management Group Contributor",
  • type: "BuiltInRole",
  • description: "Management Group Contributor Role",
  • assignableScopes: [1 item
    • "/"
    ],
  • permissions: [1 item
    • {4 items
      • actions: [7 items
        • "Microsoft.Management/managementGroups/delete",
        • "Microsoft.Management/managementGroups/read",
        • "Microsoft.Management/managementGroups/subscriptions/delete",
        • "Microsoft.Management/managementGroups/subscriptions/write",
        • "Microsoft.Management/managementGroups/write",
        • "Microsoft.Management/managementGroups/subscriptions/read",
        • "Microsoft.Authorization/*/read"
        ],
      • notActions: [],
      • dataActions: [],
      • notDataActions: []
      }
    ],
  • createdOn: "2018-06-22T00:28:29.0523964Z",
  • updatedOn: "2022-09-19T15:10:03.437789Z",
  • createdBy: null,
  • updatedBy: null
}
Condition none