last sync: 2023-Dec-06 18:52:54 UTC

Azure RBAC Role definition

Azure Connected Machine Resource Administrator

NameAzure Connected Machine Resource Administrator
Microsoft Learn
DescriptionCan read, write, delete and re-onboard Azure Connected Machines.
CreatedOn2019-10-23 20:24:59 UTC
UpdatedOn2023-11-14 16:24:27 UTC
Date/Time (UTC ymd) (i) Change Change detail
2023-11-14 18:15:11 change: Actions Actions: 'add Microsoft.HybridCompute/licenses/write; add Microsoft.HybridCompute/licenses/delete; add Microsoft.HybridCompute/machines/licenseProfiles/read; add Microsoft.HybridCompute/machines/licenseProfiles/write; add Microsoft.HybridCompute/machines/licenseProfiles/delete'
2021-12-15 17:18:05 change: Actions Actions: 'add Microsoft.Resources/deployments/*'
2021-06-09 16:50:31 change: Actions Actions: 'add Microsoft.HybridCompute/machines/UpgradeExtensions/action'
2021-04-29 16:55:26 change: Actions Actions: 'add Microsoft.HybridCompute/machines/extensions/read; add Microsoft.HybridCompute/machines/extensions/delete'
2021-03-24 14:32:47 change: Actions Actions: 'remove Microsoft.HybridCompute/machines/reconnect/action; add Microsoft.HybridCompute/privateLinkScopes/*'
2019-10-24 02:15:32 add: Role cd570a14-e51a-42ad-bac8-bafd67325302
Permissions summary Effective control plane and data plane operations: 52 (unique operations)
•action: 8
•delete: 9
•read: 26
•write: 9

Actions: 15
Resolved control plane operations from Actions: 52
Effective control plane operations: 52
•action: 8
•delete: 9
•read: 26
•write: 9

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 14698

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3081
Operation Description
Microsoft.HybridCompute/*/readwildcarded / no description
Microsoft.HybridCompute/licenses/deleteDeletes an Azure Arc licenses
Microsoft.HybridCompute/licenses/writeInstalls or Updates an Azure Arc licenses
Microsoft.HybridCompute/machines/deleteDeletes an Azure Arc machines
Microsoft.HybridCompute/machines/extensions/deleteDeletes an Azure Arc extensions
Microsoft.HybridCompute/machines/extensions/readReads any Azure Arc extensions
Microsoft.HybridCompute/machines/extensions/writeInstalls or Updates an Azure Arc extensions
Microsoft.HybridCompute/machines/licenseProfiles/deleteDeletes an Azure Arc licenseProfiles
Microsoft.HybridCompute/machines/licenseProfiles/readReads any Azure Arc licenseProfiles
Microsoft.HybridCompute/machines/licenseProfiles/writeInstalls or Updates an Azure Arc licenseProfiles
Microsoft.HybridCompute/machines/readRead any Azure Arc machines
Microsoft.HybridCompute/machines/UpgradeExtensions/actionUpgrades Extensions on Azure Arc machines
Microsoft.HybridCompute/machines/writeWrites an Azure Arc machines
Microsoft.HybridCompute/privateLinkScopes/*wildcarded / no description
Microsoft.Resources/deployments/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
[Preview]: Configure ChangeTracking Extension for Linux Arc machines 10caed8a-652c-4d1d-84e4-2805b7c07278 Security Center Preview
[Preview]: Configure ChangeTracking Extension for Windows Arc machines 4bb303db-d051-4099-95d2-e3e1428a4cd5 Security Center Preview
[Preview]: Configure Linux Arc-enabled machines to to install AMA for ChangeTracking and Inventory 09a1f130-7697-42bc-8d84-8a9ea17e5187 ChangeTrackingAndInventory Preview
[Preview]: Configure Windows Arc-enabled machines to install AMA for ChangeTracking and Inventory a7acfae7-9497-4a3f-a3b5-a16a50abbe2f ChangeTrackingAndInventory Preview
Configure Arc-enabled SQL Servers to automatically install Azure Monitor Agent 3592ff98-9787-443a-af59-4505d0fe0786 Security Center GA
Configure Azure Arc Private Link Scopes to disable public network access de0bc8ea-76e2-4fe2-a288-a07556d0e9c4 Azure Arc GA
Configure Azure Arc Private Link Scopes with private endpoints d6eeba80-df61-4de5-8772-bc1b7852ba6b Azure Arc GA
Configure Azure Arc-enabled servers to use an Azure Arc Private Link Scope a3461c8c-6c9d-4e42-a644-40ba8a1abf49 Azure Arc GA
Configure Linux Arc-enabled machines to run Azure Monitor Agent 845857af-0333-4c5d-bbbc-6076697da122 Monitoring GA
Configure periodic checking for missing system updates on azure Arc-enabled servers bfea026e-043f-4ff4-9d1b-bf301ca7ff46 Azure Update Manager GA
Configure Windows Arc-enabled machines to run Azure Monitor Agent 94f686d6-9a24-4e19-91f1-de937dc171a4 Monitoring GA