last sync: 2020-Sep-18 14:08:07 UTC

Azure Role

API Management Service Operator Role

Role Name API Management Service Operator Role
Role Id e022efe7-f5ba-4159-bbe4-b44f577e9b61
Role Description Can manage service but not the APIs
Role Changes no changes
Actions
Operation Description Used in other Role(s)
Microsoft.ApiManagement/service/*/read API Management Service Reader Role
Microsoft.ApiManagement/service/backup/action Backup API Management Service to the specified container in a user provided storage account
Microsoft.ApiManagement/service/delete Delete API Management Service instance
Microsoft.ApiManagement/service/managedeployments/action Change SKU/units, add/remove regional deployments of API Management Service
Microsoft.ApiManagement/service/read Read metadata for an API Management Service instance API Management Service Reader Role
Microsoft.ApiManagement/service/restore/action Restore API Management Service from the specified container in a user provided storage account
Microsoft.ApiManagement/service/updatecertificate/action Upload SSL certificate for an API Management Service
Microsoft.ApiManagement/service/updatehostname/action Setup, update or remove custom domain names for an API Management Service
Microsoft.ApiManagement/service/write Create or Update API Management Service instance
Microsoft.Authorization/*/read API Management Service Contributor, API Management Service Reader Role, Application Insights Component Contributor , Application Insights Snapshot Debugger, Automation Job Operator, Automation Runbook Operator, Automation Operator, Avere Contributor, Backup Contributor, Billing Reader, Backup Operator, Backup Reader, BizTalk Contributor, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, ClearDB MySQL DB Contributor, Classic Virtual Machine Contributor, Cognitive Services Contributor, Cosmos DB Account Reader Role, Data Box Contributor, Data Box Reader, Data Factory Contributor, Data Lake Analytics Developer, DevTest Labs User, DocumentDB Account Contributor, DNS Zone Contributor, EventGrid EventSubscription Contributor, EventGrid EventSubscription Reader, Intelligent Systems Account Contributor, Key Vault Contributor, Lab Creator, Logic App Operator, Logic App Contributor, Managed Identity Operator, Managed Identity Contributor, Network Contributor, New Relic APM Account Contributor, Redis Cache Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Security Reader, Site Recovery Contributor, Site Recovery Operator, Site Recovery Reader, SQL Managed Instance Contributor, SQL DB Contributor, SQL Security Manager, Storage Account Contributor, SQL Server Contributor, Support Request Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor, HDInsight Cluster Operator, Cosmos DB Operator, Private DNS Zone Contributor, Blueprint Contributor, Blueprint Operator, Azure Sentinel Contributor, Azure Sentinel Responder, Azure Sentinel Reader, SignalR AccessKey Reader, SignalR Contributor, Kubernetes Cluster - Azure Arc Onboarding, Tag Contributor, Integration Service Environment Developer, Integration Service Environment Contributor, Marketplace Admin, Key Vault Administrator (preview), Key Vault Crypto Officer (preview), Key Vault Secrets Officer (preview), Key Vault Certificates Officer (preview), Key Vault Reader (preview), Azure Arc Kubernetes Viewer, Azure Arc Kubernetes Writer, Azure Arc Kubernetes Cluster Admin, Azure Arc Kubernetes Admin, Azure Kubernetes Service RBAC Cluster Admin, Azure Kubernetes Service RBAC Admin, Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Arc Enabled Kubernetes Cluster User Role, Collaborative Data Contributor, Device Update Reader, Device Update Administrator, Device Update Content Administrator, Device Update Deployments Administrator, Device Update Deployments Reader, Device Update Content Reader
Microsoft.Insights/alertRules/* API Management Service Contributor, API Management Service Reader Role, Application Insights Component Contributor , Application Insights Snapshot Debugger, Automation Job Operator, Automation Runbook Operator, Automation Operator, Avere Contributor, BizTalk Contributor, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, ClearDB MySQL DB Contributor, Classic Virtual Machine Contributor, Cognitive Services Contributor, Data Factory Contributor, Data Lake Analytics Developer, DocumentDB Account Contributor, DNS Zone Contributor, EventGrid EventSubscription Contributor, Intelligent Systems Account Contributor, Key Vault Contributor, Log Analytics Contributor, Logic App Contributor, Managed Identity Operator, Managed Identity Contributor, Network Contributor, Monitoring Contributor, New Relic APM Account Contributor, Redis Cache Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Site Recovery Contributor, Site Recovery Operator, SQL Managed Instance Contributor, SQL DB Contributor, SQL Security Manager, Storage Account Contributor, SQL Server Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor, HDInsight Cluster Operator, Cosmos DB Operator, Private DNS Zone Contributor, Azure Sentinel Contributor, Azure Sentinel Responder, Azure Sentinel Reader, SignalR Contributor, Kubernetes Cluster - Azure Arc Onboarding, Tag Contributor, Key Vault Administrator (preview), Key Vault Crypto Officer (preview), Key Vault Secrets Officer (preview), Key Vault Certificates Officer (preview), Key Vault Reader (preview), Azure Arc Kubernetes Viewer, Azure Arc Kubernetes Writer, Azure Arc Kubernetes Cluster Admin, Azure Arc Kubernetes Admin, Azure Kubernetes Service RBAC Cluster Admin, Azure Kubernetes Service RBAC Admin, Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Arc Enabled Kubernetes Cluster User Role, Collaborative Data Contributor, Device Update Reader, Device Update Administrator, Device Update Content Administrator, Device Update Deployments Administrator, Device Update Deployments Reader, Device Update Content Reader
Microsoft.ResourceHealth/availabilityStatuses/read Gets the availability statuses for all resources in the specified scope API Management Service Contributor, API Management Service Reader Role, Application Insights Component Contributor , Automation Operator, BizTalk Contributor, Classic Network Contributor, Classic Storage Account Contributor, ClearDB MySQL DB Contributor, Classic Virtual Machine Contributor, Cognitive Services User, Cognitive Services Contributor, Data Box Contributor, Data Box Reader, Data Factory Contributor, Data Lake Analytics Developer, DocumentDB Account Contributor, DNS Zone Contributor, Intelligent Systems Account Contributor, Network Contributor, New Relic APM Account Contributor, Redis Cache Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Manager (Legacy), Site Recovery Contributor, Site Recovery Operator, SQL Managed Instance Contributor, SQL DB Contributor, SQL Security Manager, Storage Account Contributor, SQL Server Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor, Cosmos DB Operator
Microsoft.Resources/deployments/* API Management Service Contributor, API Management Service Reader Role, Application Insights Component Contributor , Application Insights Snapshot Debugger, Automation Job Operator, Automation Runbook Operator, Automation Operator, Avere Contributor, Backup Contributor, Backup Operator, BizTalk Contributor, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, ClearDB MySQL DB Contributor, Classic Virtual Machine Contributor, Cognitive Services Contributor, Data Box Contributor, Data Factory Contributor, Data Lake Analytics Developer, DocumentDB Account Contributor, DNS Zone Contributor, EventGrid EventSubscription Contributor, Intelligent Systems Account Contributor, Key Vault Contributor, Log Analytics Contributor, Logic App Contributor, Managed Applications Reader, Managed Identity Operator, Managed Identity Contributor, Network Contributor, New Relic APM Account Contributor, Redis Cache Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Site Recovery Contributor, Site Recovery Operator, SQL Managed Instance Contributor, SQL DB Contributor, SQL Security Manager, Storage Account Contributor, SQL Server Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor, Cosmos DB Operator, Private DNS Zone Contributor, Blueprint Contributor, Blueprint Operator, Azure Sentinel Contributor, Azure Sentinel Responder, Azure Sentinel Reader, SignalR Contributor, Managed Application Contributor Role, Tag Contributor, Azure Kubernetes Service Contributor Role, Key Vault Administrator (preview), Key Vault Crypto Officer (preview), Key Vault Secrets Officer (preview), Key Vault Certificates Officer (preview), Key Vault Reader (preview), Collaborative Data Contributor, Device Update Reader, Device Update Administrator, Device Update Content Administrator, Device Update Deployments Administrator, Device Update Deployments Reader, Device Update Content Reader
Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. API Management Service Contributor, API Management Service Reader Role, Application Insights Component Contributor , Application Insights Snapshot Debugger, Automation Job Operator, Automation Runbook Operator, Automation Operator, Avere Contributor, Avere Operator, Backup Contributor, Backup Operator, BizTalk Contributor, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, ClearDB MySQL DB Contributor, Classic Virtual Machine Contributor, Cognitive Services User, Cognitive Services Contributor, Cosmos DB Account Reader Role, Cost Management Contributor, Cost Management Reader, Data Box Contributor, Data Factory Contributor, Data Lake Analytics Developer, DevTest Labs User, DocumentDB Account Contributor, DNS Zone Contributor, EventGrid EventSubscription Contributor, EventGrid EventSubscription Reader, Intelligent Systems Account Contributor, Key Vault Contributor, Lab Creator, Logic App Operator, Logic App Contributor, Managed Identity Operator, Managed Identity Contributor, Monitoring Metrics Publisher, Network Contributor, New Relic APM Account Contributor, Redis Cache Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Security Reader, Site Recovery Contributor, Site Recovery Operator, SQL Managed Instance Contributor, SQL DB Contributor, SQL Security Manager, Storage Account Contributor, SQL Server Contributor, Support Request Contributor, Traffic Manager Contributor, Virtual Machine Contributor, Web Plan Contributor, Website Contributor, HDInsight Cluster Operator, Cosmos DB Operator, Private DNS Zone Contributor, Blueprint Contributor, Blueprint Operator, Azure Sentinel Contributor, Azure Sentinel Responder, Azure Sentinel Reader, SignalR AccessKey Reader, SignalR Contributor, Kubernetes Cluster - Azure Arc Onboarding, Experimentation Contributor, Experimentation Administrator, Tag Contributor, Key Vault Administrator (preview), Key Vault Crypto Officer (preview), Key Vault Secrets Officer (preview), Key Vault Certificates Officer (preview), Key Vault Reader (preview), Azure Arc Kubernetes Viewer, Azure Arc Kubernetes Writer, Azure Arc Kubernetes Cluster Admin, Azure Arc Kubernetes Admin, Azure Kubernetes Service RBAC Cluster Admin, Azure Kubernetes Service RBAC Admin, Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Arc Enabled Kubernetes Cluster User Role, Collaborative Data Contributor, Device Update Reader, Device Update Administrator, Device Update Content Administrator, Device Update Deployments Administrator, Device Update Deployments Reader, Device Update Content Reader
Microsoft.Support/* API Management Service Contributor, API Management Service Reader Role, Application Insights Component Contributor , Application Insights Snapshot Debugger, Automation Job Operator, Automation Runbook Operator, Automation Operator, Avere Contributor, Backup Contributor, Billing Reader, Backup Operator, BizTalk Contributor, CDN Endpoint Contributor, CDN Endpoint Reader, CDN Profile Contributor, CDN Profile Reader, Classic Network Contributor, Classic Storage Account Contributor, ClearDB MySQL DB Contributor, Classic Virtual Machine Contributor, Cognitive Services User, Cognitive Services Contributor, Cosmos DB Account Reader Role, Cost Management Contributor, Cost Management Reader, Data Box Contributor, Data Box Reader, Data Factory Contributor, Data Lake Analytics Developer, DocumentDB Account Contributor, DNS Zone Contributor, EventGrid EventSubscription Contributor, Intelligent Systems Account Contributor, Key Vault Contributor, Lab Creator, Log Analytics Reader, Log Analytics Contributor, Logic App Operator, Logic App Contributor, Managed Identity Operator, Managed Identity Contributor, Monitoring Metrics Publisher, Monitoring Reader, Network Contributor, Monitoring Contributor, New Relic APM Account Contributor, Redis Cache Contributor, Resource Policy Contributor, Scheduler Job Collections Contributor, Search Service Contributor, Security Admin, Security Manager (Legacy), Site Recovery Contributor, Site Recovery Operator, Site Recovery Reader, SQL Managed Instance Contributor, SQL DB Contributor, SQL Security Manager, Storage Account Contributor, SQL Server Contributor, Support Request Contributor, Traffic Manager Contributor, User Access Administrator, Virtual Machine Contributor, Web Plan Contributor, Website Contributor, HDInsight Cluster Operator, Cosmos DB Operator, Private DNS Zone Contributor, Blueprint Contributor, Blueprint Operator, Azure Sentinel Contributor, Azure Sentinel Responder, Azure Sentinel Reader, SignalR AccessKey Reader, SignalR Contributor, Kubernetes Cluster - Azure Arc Onboarding, Tag Contributor, Integration Service Environment Developer, Integration Service Environment Contributor, Key Vault Administrator (preview), Key Vault Crypto Officer (preview), Key Vault Secrets Officer (preview), Key Vault Certificates Officer (preview), Key Vault Reader (preview), Azure Arc Kubernetes Viewer, Azure Arc Kubernetes Writer, Azure Arc Kubernetes Cluster Admin, Azure Arc Kubernetes Admin, Azure Kubernetes Service RBAC Cluster Admin, Azure Kubernetes Service RBAC Admin, Azure Kubernetes Service RBAC Reader, Azure Kubernetes Service RBAC Writer, Azure Arc Enabled Kubernetes Cluster User Role, Collaborative Data Contributor, Device Update Reader, Device Update Administrator, Device Update Content Administrator, Device Update Deployments Administrator, Device Update Deployments Reader, Device Update Content Reader
NotActions
Operation Description Used in other Role(s)
Microsoft.ApiManagement/service/users/keys/read Get keys associated with user API Management Service Reader Role
DataActions
NotDataActions
Used in Policy
Role Definition (Json)
{
  "Name": "API Management Service Operator Role",
  "Id": "e022efe7-f5ba-4159-bbe4-b44f577e9b61",
  "IsCustom": false,
  "Description": "Can manage service but not the APIs",
  "Actions": [
    "Microsoft.ApiManagement/service/*/read",
    "Microsoft.ApiManagement/service/backup/action",
    "Microsoft.ApiManagement/service/delete",
    "Microsoft.ApiManagement/service/managedeployments/action",
    "Microsoft.ApiManagement/service/read",
    "Microsoft.ApiManagement/service/restore/action",
    "Microsoft.ApiManagement/service/updatecertificate/action",
    "Microsoft.ApiManagement/service/updatehostname/action",
    "Microsoft.ApiManagement/service/write",
    "Microsoft.Authorization/*/read",
    "Microsoft.Insights/alertRules/*",
    "Microsoft.ResourceHealth/availabilityStatuses/read",
    "Microsoft.Resources/deployments/*",
    "Microsoft.Resources/subscriptions/resourceGroups/read",
    "Microsoft.Support/*"
  ],
  "NotActions": [
    "Microsoft.ApiManagement/service/users/keys/read"
  ],
  "DataActions": [
    
  ],
  "NotDataActions": [
    
  ],
  "AssignableScopes": [
    "/"
  ]
}