AzRoleAdvertizer

last sync: 2025-Jul-10 17:22:37 UTC

Microsoft Discovery Platform Administrator (Preview)

Azure BuiltIn RBAC Role definition

NameMicrosoft Discovery Platform Administrator (Preview)
Id7a2b6e6c-472e-4b39-8878-a26eb63d75c6
DescriptionGrants full access to manage Microsoft.Discovery resources. This role in preview and subjet to change.
CategoryNone
CreatedOn2025-07-01 15:14:22 UTC
UpdatedOn2025-07-01 15:14:22 UTC
Permissions summary Effective control plane and data plane operations: 104 (unique operations)
•action: 13
•delete: 18
•read: 56
•write: 17

Actions: 7
Resolved control plane operations from Actions: 89
Effective control plane operations: 89
•action: 10
•delete: 14
•read: 50
•write: 15

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16697

DataActions: 1
Resolved data plane operations: 15
Effective data plane operations: 15
•action: 3
•delete: 4
•read: 6
•write: 2

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3556
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Discovery/*wildcarded / no description
Microsoft.Discovery/checkNameAvailability/actionaction checkNameAvailability
Microsoft.Discovery/locations/operationStatuses/readread operationStatuses
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
NotActions n/a
DataActions
Operation Description
Microsoft.Discovery/*wildcarded / no description
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2025-07-01 17:22:32 add: Role 7a2b6e6c-472e-4b39-8878-a26eb63d75c6
JSON
api-version=2023-07-01-preview
Condition

    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/write'
                }
            )
        )
        OR
        (
            @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            4d97b98b-1d4f-4787-a291-c67834d212e7 (Network Contributor),
            f1a07417-d97a-45cb-824c-7a7467783830 (Managed Identity Operator)
            }
        )
    )
    AND
    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/delete'
                }
            )
        )
        OR
        (
            @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            4d97b98b-1d4f-4787-a291-c67834d212e7 (Network Contributor),
            f1a07417-d97a-45cb-824c-7a7467783830 (Managed Identity Operator)
            }
        )
    )