AzRoleAdvertizer

last sync: 2025-Oct-30 18:22:48 UTC

Azure Migrate Decide and Plan Expert

Azure BuiltIn RBAC Role definition

NameAzure Migrate Decide and Plan Expert
Id7859c0b0-0bb9-4994-bd12-cd529af7d646
DescriptionGrants restricted access on Azure Migrate project to only perform planning operations including appliance-based discovery, managing inventory, identifying server dependencies, creation of business case & assessment reports.
CategoryNone
CreatedOn2025-09-09 08:30:20 UTC
UpdatedOn2025-10-16 16:50:42 UTC
Permissions summary Effective control plane and data plane operations: 1038 (unique operations)
•: 1
•action: 228
•delete: 112
•read: 493
•write: 204

Actions: 51
Resolved control plane operations from Actions: 1038
Effective control plane operations: 1038
•: 1
•action: 228
•delete: 112
•read: 493
•write: 204

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16427

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 4081
Actions
Operation Description
Microsoft.ApplicationMigration/*wildcarded / no description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Authorization/locks/deleteDelete locks at the specified scope.
Microsoft.Authorization/locks/writeAdd locks at the specified scope.
Microsoft.AzureArcData/register/actionRegister the subscription for Microsoft.AzureArcData
Microsoft.DataReplication/*/readwildcarded / no description
Microsoft.DataReplication/register/actionRegisters the subscription for the Microsoft.DataReplication resource provider
Microsoft.DataReplication/replicationVaults/writeUpdates any vault
Microsoft.DependencyMap/*wildcarded / no description
Microsoft.GuestConfiguration/register/actionRegisters the subscription for the Microsoft.GuestConfiguration resource provider.
Microsoft.HybridCompute/machines/deleteDeletes an Azure Arc machines
Microsoft.HybridCompute/machines/readRead any Azure Arc machines
Microsoft.HybridCompute/machines/writeWrites an Azure Arc machines
Microsoft.HybridCompute/register/actionRegisters the subscription for the Microsoft.HybridCompute Resource Provider
Microsoft.HybridConnectivity/register/actionRegister the subscription for Microsoft.HybridConnectivity
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.KeyVault/checkNameAvailability/readChecks that a key vault name is valid and is not in use
Microsoft.KeyVault/register/actionRegisters a subscription
Microsoft.KeyVault/vaults/*wildcarded / no description
Microsoft.Migrate/*wildcarded / no description
Microsoft.MySQLDiscovery/*wildcarded / no description
Microsoft.Network/networkSecurityGroups/join/actionJoins a network security group. Not Alertable.
Microsoft.Network/privateDnsZones/A/writeCreate or update a record set of type ‘A’ within a Private DNS zone. The records specified will replace the current records in the record set.
Microsoft.Network/privateDnsZones/join/actionJoins a Private DNS Zone
Microsoft.Network/privateDnsZones/virtualNetworkLinks/writeCreate or update a Private DNS zone link to virtual network.
Microsoft.Network/privateDnsZones/writeCreate or update a Private DNS zone within a resource group. Note that this command cannot be used to create or update virtual network links or record sets within the zone.
Microsoft.Network/privateEndpoints/privateDnsZoneGroups/readGets a Private DNS Zone Group
Microsoft.Network/privateEndpoints/privateDnsZoneGroups/writePuts a Private DNS Zone Group
Microsoft.Network/privateEndpoints/readGets an private endpoint resource.
Microsoft.Network/privateEndpoints/writeCreates a new private endpoint, or updates an existing private endpoint.
Microsoft.Network/register/actionRegisters the subscription
Microsoft.Network/virtualNetworks/join/actionJoins a virtual network. Not Alertable.
Microsoft.Network/virtualNetworks/subnets/join/actionJoins a virtual network. Not Alertable.
Microsoft.Network/virtualNetworks/subnets/readGets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/writeCreates a virtual network subnet or updates an existing virtual network subnet
Microsoft.OffAzure/*wildcarded / no description
Microsoft.RecoveryServices/register/actionRegisters subscription for given Resource Provider
Microsoft.RecoveryServices/vaults/*wildcarded / no description
Microsoft.Resources/checkResourceName/actionCheck the resource name for validity.
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/deploymentScripts/readGets or lists deployment scripts
Microsoft.Resources/deploymentScripts/writeCreates or updates a deployment script
Microsoft.Resources/links/readGets or lists resource links.
Microsoft.Resources/links/writeCreates or updates a resource link.
Microsoft.Resources/subscriptions/locations/readGets the list of locations supported.
Microsoft.Resources/subscriptions/readGets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Storage/storageAccounts/*/readwildcarded / no description
Microsoft.Storage/storageAccounts/*/writewildcarded / no description
Microsoft.Storage/storageAccounts/listKeys/actionReturns the access keys for the specified storage account.
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2025-10-23 17:22:49 add: Role 7859c0b0-0bb9-4994-bd12-cd529af7d646
JSON
api-version=2023-07-01-preview
Condition none