AzRoleAdvertizer

last sync: 2025-Apr-29 17:15:48 UTC

Azure AI Project Manager

Azure BuiltIn RBAC Role definition

NameAzure AI Project Manager
Ideadc314b-1a2d-4efa-be10-5d325db5065e
DescriptionLets you perform developer actions and management actions on Azure AI Foundry Projects. Allows for making role assignments, but limited to Cognitive Service User role.
CategoryNone
CreatedOn2025-04-22 15:07:10 UTC
UpdatedOn2025-04-22 15:07:10 UTC
Permissions summary Effective control plane and data plane operations: 1583 (unique operations)
•action: 448
•delete: 217
•read: 666
•write: 252

Actions: 9
Resolved control plane operations from Actions: 88
Effective control plane operations: 88
•action: 8
•delete: 6
•read: 68
•write: 6

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16402

DataActions: 1
Resolved data plane operations: 1495
Effective data plane operations: 1495
•action: 440
•delete: 211
•read: 598
•write: 246

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 1876
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Authorization/roleAssignments/delete conditionedDelete a role assignment at the specified scope.
Microsoft.Authorization/roleAssignments/write conditionedCreate a role assignment at the specified scope.
Microsoft.CognitiveServices/accounts/*/readwildcarded / no description
Microsoft.CognitiveServices/accounts/projects/*wildcarded / no description
Microsoft.CognitiveServices/locations/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
NotActions n/a
DataActions
Operation Description
Microsoft.CognitiveServices/*wildcarded / no description
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2025-04-23 18:17:42 add: Role eadc314b-1a2d-4efa-be10-5d325db5065e
JSON
api-version=2023-07-01-preview
Condition

    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/write'
                }
            )
        )
        OR
        (
            @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            a97b65f3-24c7-4388-baec-2e87135dc908 (Cognitive Services User)
            }
        )
    )
    AND
    (
        (
            !
            (
                ActionMatches {
                'Microsoft.Authorization/roleAssignments/delete'
                }
            )
        )
        OR
        (
            @Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {
            a97b65f3-24c7-4388-baec-2e87135dc908 (Cognitive Services User)
            }
        )
    )