AzRoleAdvertizer

last sync: 2025-Apr-29 17:15:48 UTC

Azure AI Administrator

Azure BuiltIn RBAC Role definition

NameAzure AI Administrator
Idb78c5d69-af96-48a3-bf8d-a8b4d589de94
DescriptionA Built-In Role that has all control plane permissions to work with Azure AI and its dependencies.
CategoryNone
CreatedOn2024-08-07 23:50:52 UTC
UpdatedOn2025-04-15 15:19:36 UTC
Permissions summary Effective control plane and data plane operations: 1264 (unique operations)
•action: 270
•delete: 192
•read: 542
•write: 260

Actions: 39
Resolved control plane operations from Actions: 1264
Effective control plane operations: 1264
•action: 270
•delete: 192
•read: 542
•write: 260

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15226

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3371
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.CognitiveServices/*wildcarded / no description
Microsoft.ContainerRegistry/registries/*wildcarded / no description
Microsoft.DataFactory/factories/*wildcarded / no description
Microsoft.DocumentDb/databaseAccounts/*wildcarded / no description
Microsoft.Features/features/readGets the features of a subscription.
Microsoft.Features/providers/features/readGets the feature of a subscription in a given resource provider.
Microsoft.Features/providers/features/register/actionRegisters the feature for a subscription in a given resource provider.
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Insights/components/*wildcarded / no description
Microsoft.Insights/diagnosticSettings/*wildcarded / no description
Microsoft.Insights/generateLiveToken/readLive Metrics get token
Microsoft.Insights/logDefinitions/readRead log definitions
Microsoft.Insights/metricAlerts/*wildcarded / no description
Microsoft.Insights/metricdefinitions/readRead metric definitions
Microsoft.Insights/metrics/readRead metrics
Microsoft.Insights/scheduledqueryrules/*wildcarded / no description
Microsoft.Insights/topology/readRead Topology
Microsoft.Insights/transactions/readRead Transactions
Microsoft.Insights/webtests/*wildcarded / no description
Microsoft.KeyVault/*wildcarded / no description
Microsoft.MachineLearningServices/workspaces/*wildcarded / no description
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionJoins resource such as storage account or SQL database to a subnet. Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/deployments/operations/readGets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readGet the subscription operation results.
Microsoft.Resources/subscriptions/readGets the list of subscriptions.
Microsoft.Resources/subscriptions/resourcegroups/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Resources/subscriptions/resourceGroups/writeCreates or updates a resource group.
Microsoft.Search/searchServices/deleteDeletes the search service.
Microsoft.Search/searchServices/indexes/*wildcarded / no description
Microsoft.Search/searchServices/listAdminKeys/actionReads the admin keys.
Microsoft.Search/searchServices/privateEndpointConnections/*wildcarded / no description
Microsoft.Search/searchServices/readReads the search service.
Microsoft.Search/searchServices/writeCreates or updates the search service.
Microsoft.Storage/storageAccounts/*wildcarded / no description
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2025-04-15 18:16:29 change: Actions Actions: 'add Microsoft.Search/searchServices/listAdminKeys/action; add Microsoft.Search/searchServices/privateEndpointConnections/*'
2024-10-02 17:52:15 change: DisplayName, Actions New DisplayName: 'Azure AI Administrator'
Old DisplayName: 'Azure AI Administrator Service Role',
Actions: 'add Microsoft.Resources/subscriptions/resourceGroups/write; add Microsoft.Search/searchServices/write; add Microsoft.Search/searchServices/read; add Microsoft.Search/searchServices/delete; add Microsoft.Search/searchServices/indexes/*; add Microsoft.DataFactory/factories/*'
2024-08-19 18:22:37 add: Role b78c5d69-af96-48a3-bf8d-a8b4d589de94
JSON
api-version=2023-07-01-preview
Condition none