Id | Name | Description | Condition | Effective operations | Actions (control plane) | NotActions (control plane) | DataActions (data plane) | NotDataActions (data plane) | Used in Policy |
---|---|---|---|---|---|---|---|---|---|
76cc9ee4-d5d3-4a45-a930-26add3d73475 | Access Review Operator Service Role | Lets you grant Access Review System app permissions to discover and revoke access as needed by the access review process. | False |
00003 effective control plane operations (unique) •action: 1 •delete: 1 •read: 1 |
Actions: 003 resolved operations: 3 effective operations: 3 •action: 1 •delete: 1 •read: 1 •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleAssignments/delete •Microsoft.Management/getEntities/action | ||||
c2f4ef07-c644-48eb-af81-4b1b4947fb11 | AcrDelete | acr delete | False |
00001 effective control plane operations (unique) •delete: 1 |
Actions: 001 resolved operations: 1 effective operations: 1 •delete: 1 •Microsoft.ContainerRegistry/registries/artifacts/delete | ||||
6cef56e8-d556-48e5-a04f-b8e64114680f | AcrImageSigner | acr image signer | False |
00002 effective control plane and data plane operations (unique) •write: 2 |
Actions: 001 resolved operations: 1 effective operations: 1 •write: 1 •Microsoft.ContainerRegistry/registries/sign/write | DataActions: 001 resolved data operations: 1 effective data operations: 1 •write: 1 •Microsoft.ContainerRegistry/registries/trustedCollections/write | |||
7f951dda-4ed3-4680-a7ca-43fe172d538d | AcrPull | acr pull | False |
00001 effective control plane operations (unique) •read: 1 |
Actions: 001 resolved operations: 1 effective operations: 1 •read: 1 •Microsoft.ContainerRegistry/registries/pull/read | ||||
8311e382-0749-4cb8-b61a-304f252e45ec | AcrPush | acr push | False |
00002 effective control plane operations (unique) •read: 1 •write: 1 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 1 •write: 1 •Microsoft.ContainerRegistry/registries/pull/read •Microsoft.ContainerRegistry/registries/push/write | ||||
cdda3590-29a3-44f6-95f2-9f980659eb04 | AcrQuarantineReader | acr quarantine data reader | False |
00002 effective control plane and data plane operations (unique) •read: 2 |
Actions: 001 resolved operations: 1 effective operations: 1 •read: 1 •Microsoft.ContainerRegistry/registries/quarantine/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •read: 1 •Microsoft.ContainerRegistry/registries/quarantinedArtifacts/read | |||
c8d4ff99-41c3-41a8-9f60-21dfdad59608 | AcrQuarantineWriter | acr quarantine data writer | False |
00004 effective control plane and data plane operations (unique) •read: 2 •write: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 1 •write: 1 •Microsoft.ContainerRegistry/registries/quarantine/read •Microsoft.ContainerRegistry/registries/quarantine/write | DataActions: 002 resolved data operations: 2 effective data operations: 2 •read: 1 •write: 1 •Microsoft.ContainerRegistry/registries/quarantinedArtifacts/read •Microsoft.ContainerRegistry/registries/quarantinedArtifacts/write | |||
6b534d80-e337-47c4-864f-140f5c7f593d | Advisor Recommendations Contributor (Assessments and Reviews) | View assessment recommendations, accepted review recommendations, and manage the recommendations lifecycle (mark recommendations as completed, postponed or dismissed, in progress, or not started). | False |
00003 effective control plane operations (unique) •action: 1 •read: 1 •write: 1 |
Actions: 003 resolved operations: 3 effective operations: 3 •action: 1 •read: 1 •write: 1 •Microsoft.Advisor/recommendations/read •Microsoft.Advisor/recommendations/write •Microsoft.Advisor/recommendations/available/action | ||||
8aac15f0-d885-4138-8afa-bfb5872f7d13 | Advisor Reviews Contributor | View reviews for a workload and triage recommendations linked to them. | False |
00050 effective control plane operations (unique) •: 1 •action: 10 •Delete: 2 •read: 35 •Write: 2 |
Actions: 009 resolved operations: 50 effective operations: 50 •: 1 •action: 10 •Delete: 2 •read: 35 •Write: 2 •Microsoft.Advisor/resiliencyReviews/read •Microsoft.Advisor/triageRecommendations/read •Microsoft.Advisor/triageRecommendations/approve/action •Microsoft.Advisor/triageRecommendations/reject/action •Microsoft.Advisor/triageRecommendations/reset/action •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
c64499e0-74c3-47ad-921c-13865957895c | Advisor Reviews Reader | View reviews for a workload and recommendations linked to them. | False |
00002 effective control plane operations (unique) •read: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 2 •Microsoft.Advisor/resiliencyReviews/read •Microsoft.Advisor/triageRecommendations/read | ||||
a8d4b70f-0fb9-4f72-b267-b87b2f990aec | AgFood Platform Dataset Admin | Provides access to Dataset APIs | False |
00012 effective data plane operations (unique) •action: 6 •delete: 2 •read: 2 •write: 2 |
DataActions: 002 resolved data operations: 12 effective data operations: 12 •action: 6 •delete: 2 •read: 2 •write: 2 •Microsoft.AgFoodPlatform/farmBeats/datasets/* •Microsoft.AgFoodPlatform/farmBeats/datasetRecords/* | ||||
6b77f0a0-0d89-41cc-acd1-579c22c17a67 | AgFood Platform Sensor Partner Contributor | Provides contribute access to manage sensor related entities in AgFood Platform Service | False |
00018 effective data plane operations (unique) •action: 4 •delete: 3 •read: 6 •write: 5 |
DataActions: 001 resolved data operations: 19 effective data operations: 18 •action: 4 •delete: 3 •read: 6 •write: 5 •Microsoft.AgFoodPlatform/farmBeats/sensorPartnerScope/* | NotDataActions: 001 resolved not data operations: 1 effective not data operations: 3285 •Microsoft.AgFoodPlatform/farmBeats/sensorPartnerScope/sensors/delete | |||
f8da80de-1ff9-4747-ad80-a19b7f6079e3 | AgFood Platform Service Admin | Provides admin access to AgFood Platform Service | False |
00335 effective data plane operations (unique) •action: 101 •delete: 58 •read: 89 •write: 87 |
DataActions: 001 resolved data operations: 335 effective data operations: 335 •action: 101 •delete: 58 •read: 89 •write: 87 •Microsoft.AgFoodPlatform/* | ||||
8508508a-4469-4e45-963b-2518ee0bb728 | AgFood Platform Service Contributor | Provides contribute access to AgFood Platform Service | False |
00251 effective data plane operations (unique) •action: 98 •read: 89 •write: 64 |
DataActions: 003 resolved data operations: 277 effective data operations: 251 •action: 98 •read: 89 •write: 64 •Microsoft.AgFoodPlatform/*/action •Microsoft.AgFoodPlatform/*/read •Microsoft.AgFoodPlatform/*/write | NotDataActions: 006 resolved not data operations: 26 effective not data operations: 3052 •Microsoft.AgFoodPlatform/farmBeats/farmers/write •Microsoft.AgFoodPlatform/farmBeats/deletionJobs/*/write •Microsoft.AgFoodPlatform/farmBeats/parties/write •Microsoft.AgFoodPlatform/farmBeats/datasets/write •Microsoft.AgFoodPlatform/farmBeats/datasetRecords/write •Microsoft.AgFoodPlatform/farmBeats/datasets/access/*/action | |||
7ec7ccdc-f61e-41fe-9aaf-980df0a44eba | AgFood Platform Service Reader | Provides read access to AgFood Platform Service | False |
00185 effective data plane operations (unique) •action: 96 •read: 89 |
DataActions: 006 resolved data operations: 185 effective data operations: 185 •action: 96 •read: 89 •Microsoft.AgFoodPlatform/*/list/action •Microsoft.AgFoodPlatform/*/read •Microsoft.AgFoodPlatform/*/search/action •Microsoft.AgFoodPlatform/*/download/action •Microsoft.AgFoodPlatform/*/overlap/action •Microsoft.AgFoodPlatform/*/checkConsent/action | ||||
a2138dac-4907-4679-a376-736901ed8ad8 | AnyBuild Builder | Basic user role for AnyBuild. This role allows listing of agent information and execution of remote build capabilities. | False |
00002 effective data plane operations (unique) •read: 1 •write: 1 |
DataActions: 002 resolved data operations: 2 effective data operations: 2 •read: 1 •write: 1 •Microsoft.AnyBuild/clusters/build/write •Microsoft.AnyBuild/clusters/build/read | ||||
c031e6a8-4391-4de0-8d69-4706a7ed3729 | API Management Developer Portal Content Editor | Can customize the developer portal, edit its content, and publish it. | False |
00008 effective control plane operations (unique) •delete: 2 •read: 3 •write: 3 |
Actions: 008 resolved operations: 8 effective operations: 8 •delete: 2 •read: 3 •write: 3 •Microsoft.ApiManagement/service/portalRevisions/read •Microsoft.ApiManagement/service/portalRevisions/write •Microsoft.ApiManagement/service/contentTypes/read •Microsoft.ApiManagement/service/contentTypes/delete •Microsoft.ApiManagement/service/contentTypes/write •Microsoft.ApiManagement/service/contentTypes/contentItems/read •Microsoft.ApiManagement/service/contentTypes/contentItems/write •Microsoft.ApiManagement/service/contentTypes/contentItems/delete | ||||
312a565d-c81f-4fd8-895a-4e21e48d571c | API Management Service Contributor | Can manage service and the APIs | False |
00516 effective control plane operations (unique) •: 1 •action: 68 •delete: 119 •read: 201 •write: 127 |
Actions: 007 resolved operations: 516 effective operations: 516 •: 1 •action: 68 •delete: 119 •read: 201 •write: 127 •Microsoft.ApiManagement/service/* •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | count: 001 •Configure API Management services to disable access to API Management public service configuration endpoints | |||
e022efe7-f5ba-4159-bbe4-b44f577e9b61 | API Management Service Operator Role | Can manage service but not the APIs | False |
00223 effective control plane operations (unique) •: 1 •action: 15 •delete: 3 •read: 200 •write: 4 |
Actions: 015 resolved operations: 224 effective operations: 223 •: 1 •action: 15 •delete: 3 •read: 200 •write: 4 •Microsoft.ApiManagement/service/*/read •Microsoft.ApiManagement/service/backup/action •Microsoft.ApiManagement/service/delete •Microsoft.ApiManagement/service/managedeployments/action •Microsoft.ApiManagement/service/read •Microsoft.ApiManagement/service/restore/action •Microsoft.ApiManagement/service/updatecertificate/action •Microsoft.ApiManagement/service/updatehostname/action •Microsoft.ApiManagement/service/write •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | NotActions: 001 resolved not operations: 1 effective not operations: 15969 •Microsoft.ApiManagement/service/users/keys/read | |||
71522526-b88f-4d52-b57f-d31fc3546d0d | API Management Service Reader Role | Read-only access to service and APIs | False |
00216 effective control plane operations (unique) •: 1 •Action: 10 •Delete: 2 •read: 200 •Write: 3 |
Actions: 008 resolved operations: 217 effective operations: 216 •: 1 •Action: 10 •Delete: 2 •read: 200 •Write: 3 •Microsoft.ApiManagement/service/*/read •Microsoft.ApiManagement/service/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | NotActions: 001 resolved not operations: 1 effective not operations: 15976 •Microsoft.ApiManagement/service/users/keys/read | |||
9565a273-41b9-4368-97d2-aeb0c976a9b3 | API Management Service Workspace API Developer | Has read access to tags and products and write access to allow: assigning APIs to products, assigning tags to products and APIs. This role should be assigned on the service scope. | False |
00043 effective control plane operations (unique) •delete: 4 •read: 35 •write: 4 |
Actions: 009 resolved operations: 43 effective operations: 43 •delete: 4 •read: 35 •write: 4 •Microsoft.ApiManagement/service/tags/read •Microsoft.ApiManagement/service/tags/apiLinks/* •Microsoft.ApiManagement/service/tags/operationLinks/* •Microsoft.ApiManagement/service/tags/productLinks/* •Microsoft.ApiManagement/service/products/read •Microsoft.ApiManagement/service/products/apiLinks/* •Microsoft.ApiManagement/service/read •Microsoft.ApiManagement/service/authorizationServers/read •Microsoft.Authorization/*/read | ||||
d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da | API Management Service Workspace API Product Manager | Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope. | False |
00048 effective control plane operations (unique) •delete: 5 •read: 38 •write: 5 |
Actions: 012 resolved operations: 48 effective operations: 48 •delete: 5 •read: 38 •write: 5 •Microsoft.ApiManagement/service/users/read •Microsoft.ApiManagement/service/tags/read •Microsoft.ApiManagement/service/tags/apiLinks/* •Microsoft.ApiManagement/service/tags/operationLinks/* •Microsoft.ApiManagement/service/tags/productLinks/* •Microsoft.ApiManagement/service/products/read •Microsoft.ApiManagement/service/products/apiLinks/* •Microsoft.ApiManagement/service/groups/read •Microsoft.ApiManagement/service/groups/users/* •Microsoft.ApiManagement/service/read •Microsoft.ApiManagement/service/authorizationServers/read •Microsoft.Authorization/*/read | ||||
56328988-075d-4c6a-8766-d93edd6725b6 | API Management Workspace API Developer | Has read access to entities in the workspace and read and write access to entities for editing APIs. This role should be assigned on the workspace scope. | False |
00133 effective control plane operations (unique) •action: 5 •delete: 29 •read: 69 •write: 30 |
Actions: 014 resolved operations: 133 effective operations: 133 •action: 5 •delete: 29 •read: 69 •write: 30 •Microsoft.ApiManagement/service/workspaces/*/read •Microsoft.ApiManagement/service/workspaces/apis/* •Microsoft.ApiManagement/service/workspaces/apiVersionSets/* •Microsoft.ApiManagement/service/workspaces/policies/* •Microsoft.ApiManagement/service/workspaces/schemas/* •Microsoft.ApiManagement/service/workspaces/products/* •Microsoft.ApiManagement/service/workspaces/policyFragments/* •Microsoft.ApiManagement/service/workspaces/namedValues/* •Microsoft.ApiManagement/service/workspaces/tags/* •Microsoft.ApiManagement/service/workspaces/backends/* •Microsoft.ApiManagement/service/workspaces/certificates/* •Microsoft.ApiManagement/service/workspaces/diagnostics/* •Microsoft.ApiManagement/service/workspaces/loggers/* •Microsoft.Authorization/*/read | ||||
73c2c328-d004-4c5e-938c-35c6f5679a1f | API Management Workspace API Product Manager | Has read access to entities in the workspace and read and write access to entities for publishing APIs. This role should be assigned on the workspace scope. | False |
00106 effective control plane operations (unique) •action: 4 •delete: 16 •read: 69 •write: 17 |
Actions: 007 resolved operations: 106 effective operations: 106 •action: 4 •delete: 16 •read: 69 •write: 17 •Microsoft.ApiManagement/service/workspaces/*/read •Microsoft.ApiManagement/service/workspaces/products/* •Microsoft.ApiManagement/service/workspaces/subscriptions/* •Microsoft.ApiManagement/service/workspaces/groups/* •Microsoft.ApiManagement/service/workspaces/tags/* •Microsoft.ApiManagement/service/workspaces/notifications/* •Microsoft.Authorization/*/read | ||||
0c34c906-8d99-4cb7-8bb7-33f5b0a1a799 | API Management Workspace Contributor | Can manage the workspace and view, but not modify its members. This role should be assigned on the workspace scope. | False |
00154 effective control plane operations (unique) •action: 10 •delete: 36 •read: 70 •write: 38 |
Actions: 002 resolved operations: 154 effective operations: 154 •action: 10 •delete: 36 •read: 70 •write: 38 •Microsoft.ApiManagement/service/workspaces/* •Microsoft.Authorization/*/read | ||||
ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2 | API Management Workspace Reader | Has read-only access to entities in the workspace. This role should be assigned on the workspace scope. | False |
00069 effective control plane operations (unique) •read: 69 |
Actions: 002 resolved operations: 69 effective operations: 69 •read: 69 •Microsoft.ApiManagement/service/workspaces/*/read •Microsoft.Authorization/*/read | ||||
0f37683f-2463-46b6-9ce7-9b788b988ba2 | App Compliance Automation Administrator | Create, read, download, modify and delete reports objects and related other resource objects. | False |
07008 effective control plane operations (unique) •action: 22 •delete: 6 •read: 6968 •write: 12 |
Actions: 028 resolved operations: 7008 effective operations: 7008 •action: 22 •delete: 6 •read: 6968 •write: 12 •Microsoft.AppComplianceAutomation/* •Microsoft.Storage/storageAccounts/blobServices/write •Microsoft.Storage/storageAccounts/fileservices/write •Microsoft.Storage/storageAccounts/listKeys/action •Microsoft.Storage/storageAccounts/write •Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action •Microsoft.Storage/storageAccounts/read •Microsoft.Storage/storageAccounts/blobServices/containers/read •Microsoft.Storage/storageAccounts/blobServices/containers/write •Microsoft.Storage/storageAccounts/blobServices/read •Microsoft.PolicyInsights/policyStates/queryResults/action •Microsoft.PolicyInsights/policyStates/triggerEvaluation/action •Microsoft.Resources/resources/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/resourceGroups/resources/read •Microsoft.Resources/subscriptions/resources/read •Microsoft.Resources/subscriptions/resourceGroups/delete •Microsoft.Resources/subscriptions/resourceGroups/write •Microsoft.Resources/tags/read •Microsoft.Resources/deployments/validate/action •Microsoft.Security/automations/read •Microsoft.Resources/deployments/write •Microsoft.Security/automations/delete •Microsoft.Security/automations/write •Microsoft.Security/register/action •Microsoft.Security/unregister/action •*/read | ||||
ffc6bbe0-e443-4c3b-bf54-26581bb2f78e | App Compliance Automation Reader | Read, download the reports objects and related other resource objects. | False |
06968 effective control plane operations (unique) •read: 6968 |
Actions: 001 resolved operations: 6968 effective operations: 6968 •read: 6968 •*/read | ||||
fe86443c-f201-4fc4-9d2a-ac61149fbda0 | App Configuration Contributor | Grants permission for all management operations, except purge, for App Configuration resources. | False |
00089 effective control plane operations (unique) •: 1 •action: 20 •delete: 9 •read: 49 •write: 10 |
Actions: 005 resolved operations: 90 effective operations: 89 •: 1 •action: 20 •delete: 9 •read: 49 •write: 10 •Microsoft.AppConfiguration/* •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | NotActions: 001 resolved not operations: 1 effective not operations: 16103 •Microsoft.AppConfiguration/locations/deletedConfigurationStores/purge/action | |||
5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b | App Configuration Data Owner | Allows full access to App Configuration data. | False |
00006 effective data plane operations (unique) •action: 1 •delete: 1 •read: 2 •write: 2 |
DataActions: 004 resolved data operations: 7 effective data operations: 6 •action: 1 •delete: 1 •read: 2 •write: 2 •Microsoft.AppConfiguration/configurationStores/*/read •Microsoft.AppConfiguration/configurationStores/*/write •Microsoft.AppConfiguration/configurationStores/*/delete •Microsoft.AppConfiguration/configurationStores/*/action | NotDataActions: 001 resolved not data operations: 1 effective not data operations: 3297 •Microsoft.AppConfiguration/configurationStores/useSasAuth/action | |||
516239f1-63e1-4d78-a4de-a74fb236a071 | App Configuration Data Reader | Allows read access to App Configuration data. | False |
00002 effective data plane operations (unique) •read: 2 |
DataActions: 001 resolved data operations: 2 effective data operations: 2 •read: 2 •Microsoft.AppConfiguration/configurationStores/*/read | ||||
7fd69092-c9bc-4b59-9e2e-bca63317e147 | App Configuration Data SAS User | Allows the usage of SAS tokens for authentication. | False |
00001 effective data plane operations (unique) •action: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.AppConfiguration/configurationStores/useSasAuth/action | ||||
175b81b9-6e0d-490a-85e4-0d422273c10c | App Configuration Reader | Grants permission for read operations for App Configuration resources. | False |
00046 effective control plane operations (unique) •read: 46 |
Actions: 005 resolved operations: 46 effective operations: 46 •read: 46 •Microsoft.AppConfiguration/*/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/read •Microsoft.Resources/deployments/read •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
8ea85a25-eb16-4e29-ab4d-6f2a26c711a2 | App Service Environment Contributor | Manage App Service Environments but not the App Service Plans or Websites that it hosts. | False |
00101 effective control plane operations (unique) •: 1 •Action: 15 •Delete: 6 •read: 68 •Write: 11 |
Actions: 006 resolved operations: 101 effective operations: 101 •: 1 •Action: 15 •Delete: 6 •read: 68 •Write: 11 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Web/hostingEnvironments/* | ||||
fbc52c3f-28ad-4303-a892-8a056630b8f1 | AppGw for Containers Configuration Manager | Allows access and configuration updates to Application Gateway for Containers resource. | False |
00016 effective control plane and data plane operations (unique) •delete: 4 •read: 7 •write: 5 |
Actions: 016 resolved operations: 13 effective operations: 13 •delete: 3 •read: 6 •write: 4 •Microsoft.ServiceNetworking/trafficControllers/read •Microsoft.ServiceNetworking/trafficControllers/write •Microsoft.ServiceNetworking/trafficControllers/delete •Microsoft.ServiceNetworking/trafficControllers/frontends/read •Microsoft.ServiceNetworking/trafficControllers/frontends/write •Microsoft.ServiceNetworking/trafficControllers/frontends/delete •Microsoft.ServiceNetworking/trafficControllers/associations/read •Microsoft.ServiceNetworking/trafficControllers/associations/write •Microsoft.ServiceNetworking/trafficControllers/associations/delete •Microsoft.ServiceNetworking/trafficControllers/*/read •Microsoft.ServiceNetworking/trafficControllers/*/write •Microsoft.ServiceNetworking/trafficControllers/*/delete •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/write •Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | DataActions: 003 resolved data operations: 3 effective data operations: 3 •delete: 1 •read: 1 •write: 1 •Microsoft.ServiceNetworking/trafficControllers/serviceRoutingConfigurations/read •Microsoft.ServiceNetworking/trafficControllers/serviceRoutingConfigurations/write •Microsoft.ServiceNetworking/trafficControllers/serviceRoutingConfigurations/delete | |||
ca6382a4-1721-4bcf-a114-ff0c70227b6b | Application Group Contributor | Contributor of the Application Group. | False |
00074 effective control plane operations (unique) •: 1 •action: 11 •delete: 5 •read: 49 •write: 8 |
Actions: 009 resolved operations: 74 effective operations: 74 •: 1 •action: 11 •delete: 5 •read: 49 •write: 8 •Microsoft.DesktopVirtualization/applicationgroups/* •Microsoft.DesktopVirtualization/hostpools/read •Microsoft.DesktopVirtualization/hostpools/sessionhosts/read •Microsoft.DesktopVirtualization/workspaces/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/* •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Support/* | ||||
ae349356-3a1b-4a5e-921d-050484c6347e | Application Insights Component Contributor | Can manage Application Insights components | False |
00139 effective control plane operations (unique) •: 1 •Action: 17 •Delete: 16 •read: 84 •Write: 21 |
Actions: 013 resolved operations: 139 effective operations: 139 •: 1 •Action: 17 •Delete: 16 •read: 84 •Write: 21 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Insights/generateLiveToken/read •Microsoft.Insights/metricAlerts/* •Microsoft.Insights/components/* •Microsoft.Insights/scheduledqueryrules/* •Microsoft.Insights/topology/read •Microsoft.Insights/transactions/read •Microsoft.Insights/webtests/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | count: 001 •Configure Azure Application Insights components to disable public network access for log ingestion and querying | |||
08954f03-6346-4c2e-81c0-ec3a5cfae23b | Application Insights Snapshot Debugger | Gives user permission to use Application Insights Snapshot Debugger features | False |
00086 effective control plane operations (unique) •: 1 •Action: 10 •Delete: 2 •read: 70 •Write: 3 |
Actions: 006 resolved operations: 86 effective operations: 86 •: 1 •Action: 10 •Delete: 2 •read: 70 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Insights/components/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
bbf86eb8-f7b4-4cce-96e4-18cddf81d86e | Attestation Contributor | Can read write or delete the attestation provider instance | False |
00003 effective control plane operations (unique) •delete: 1 •read: 1 •write: 1 |
Actions: 003 resolved operations: 3 effective operations: 3 •delete: 1 •read: 1 •write: 1 •Microsoft.Attestation/attestationProviders/attestation/read •Microsoft.Attestation/attestationProviders/attestation/write •Microsoft.Attestation/attestationProviders/attestation/delete | ||||
fd1bd22b-8476-40bc-a0bc-69b95687b9f3 | Attestation Reader | Can read the attestation provider properties | False |
00002 effective control plane operations (unique) •read: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 2 •Microsoft.Attestation/attestationProviders/attestation/read •Microsoft.Attestation/attestationProviders/read | ||||
f353d9bd-d4a6-484e-a77a-8050b599b867 | Automation Contributor | Manage azure automation resources and other resources using azure automation. | False |
00204 effective control plane operations (unique) •action: 34 •delete: 32 •read: 99 •write: 39 |
Actions: 011 resolved operations: 204 effective operations: 204 •action: 34 •delete: 32 •read: 99 •write: 39 •Microsoft.Automation/automationAccounts/* •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •Microsoft.Insights/ActionGroups/* •Microsoft.Insights/ActivityLogAlerts/* •Microsoft.Insights/MetricAlerts/* •Microsoft.Insights/ScheduledQueryRules/* •Microsoft.Insights/diagnosticSettings/* •Microsoft.OperationalInsights/workspaces/sharedKeys/action | ||||
4fe576fe-1146-4730-92eb-48519fa6bf9f | Automation Job Operator | Create and Manage Jobs using Automation Runbooks. | False |
00063 effective control plane operations (unique) •: 1 •action: 13 •Delete: 2 •read: 43 •write: 4 |
Actions: 013 resolved operations: 63 effective operations: 63 •: 1 •action: 13 •Delete: 2 •read: 43 •write: 4 •Microsoft.Authorization/*/read •Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read •Microsoft.Automation/automationAccounts/jobs/read •Microsoft.Automation/automationAccounts/jobs/resume/action •Microsoft.Automation/automationAccounts/jobs/stop/action •Microsoft.Automation/automationAccounts/jobs/streams/read •Microsoft.Automation/automationAccounts/jobs/suspend/action •Microsoft.Automation/automationAccounts/jobs/write •Microsoft.Automation/automationAccounts/jobs/output/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
d3881f73-407a-4167-8283-e981cbba0404 | Automation Operator | Automation Operators are able to start, stop, suspend, and resume jobs | False |
00071 effective control plane operations (unique) •: 1 •action: 13 •Delete: 2 •read: 49 •write: 6 |
Actions: 021 resolved operations: 71 effective operations: 71 •: 1 •action: 13 •Delete: 2 •read: 49 •write: 6 •Microsoft.Authorization/*/read •Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read •Microsoft.Automation/automationAccounts/jobs/read •Microsoft.Automation/automationAccounts/jobs/resume/action •Microsoft.Automation/automationAccounts/jobs/stop/action •Microsoft.Automation/automationAccounts/jobs/streams/read •Microsoft.Automation/automationAccounts/jobs/suspend/action •Microsoft.Automation/automationAccounts/jobs/write •Microsoft.Automation/automationAccounts/jobSchedules/read •Microsoft.Automation/automationAccounts/jobSchedules/write •Microsoft.Automation/automationAccounts/linkedWorkspace/read •Microsoft.Automation/automationAccounts/read •Microsoft.Automation/automationAccounts/runbooks/read •Microsoft.Automation/automationAccounts/schedules/read •Microsoft.Automation/automationAccounts/schedules/write •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Automation/automationAccounts/jobs/output/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
5fb5aef8-1081-4b8e-bb16-9d5d0385bab5 | Automation Runbook Operator | Read Runbook properties - to be able to create Jobs of the runbook. | False |
00056 effective control plane operations (unique) •: 1 •Action: 10 •Delete: 2 •read: 40 •Write: 3 |
Actions: 006 resolved operations: 56 effective operations: 56 •: 1 •Action: 10 •Delete: 2 •read: 40 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Automation/automationAccounts/runbooks/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
b8b15564-4fa6-4a59-ab12-03e1d9594795 | Autonomous Development Platform Data Contributor (Preview) | Grants permissions to upload and manage new Autonomous Development Platform measurements. | False |
00029 effective control plane and data plane operations (unique) •read: 29 |
Actions: 003 resolved operations: 28 effective operations: 28 •read: 28 •Microsoft.AutonomousDevelopmentPlatform/*/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read | DataActions: 012 resolved data operations: 3 effective data operations: 1 •read: 1 •Microsoft.AutonomousDevelopmentPlatform/accounts/dataPools/discoveries/* •Microsoft.AutonomousDevelopmentPlatform/accounts/dataPools/uploads/* •Microsoft.AutonomousDevelopmentPlatform/accounts/dataPools/measurements/states/new/* •Microsoft.AutonomousDevelopmentPlatform/accounts/dataPools/measurementCollections/* •Microsoft.AutonomousDevelopmentPlatform/accounts/measurementCollections/* •Microsoft.AutonomousDevelopmentPlatform/workspaces/read •Microsoft.AutonomousDevelopmentPlatform/workspaces/discoveries/* •Microsoft.AutonomousDevelopmentPlatform/workspaces/uploads/* •Microsoft.AutonomousDevelopmentPlatform/workspaces/measurements/states/new/* •Microsoft.AutonomousDevelopmentPlatform/workspaces/measurements/classifications/* •Microsoft.AutonomousDevelopmentPlatform/workspaces/measurements/dataStreams/classifications/* •Microsoft.AutonomousDevelopmentPlatform/workspaces/measurementCollections/* | NotDataActions: 002 resolved not data operations: 2 effective not data operations: 3302 •Microsoft.AutonomousDevelopmentPlatform/accounts/dataPools/measurements/states/new/changeState/action •Microsoft.AutonomousDevelopmentPlatform/workspaces/measurements/states/new/changeState/action | ||
27f8b550-c507-4db9-86f2-f4b8e816d59d | Autonomous Development Platform Data Owner (Preview) | Grants full access to Autonomous Development Platform data. | False |
00031 effective control plane and data plane operations (unique) •action: 2 •read: 29 |
Actions: 003 resolved operations: 28 effective operations: 28 •read: 28 •Microsoft.AutonomousDevelopmentPlatform/*/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read | DataActions: 001 resolved data operations: 3 effective data operations: 3 •action: 2 •read: 1 •Microsoft.AutonomousDevelopmentPlatform/* | |||
d63b75f7-47ea-4f27-92ac-e0d173aaf093 | Autonomous Development Platform Data Reader (Preview) | Grants read access to Autonomous Development Platform data. | False |
00029 effective control plane and data plane operations (unique) •read: 29 |
Actions: 003 resolved operations: 28 effective operations: 28 •read: 28 •Microsoft.AutonomousDevelopmentPlatform/*/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •read: 1 •Microsoft.AutonomousDevelopmentPlatform/*/read | |||
4f8fab4f-1852-4a58-a46a-8eaf358af14a | Avere Contributor | Can create and manage an Avere vFXT cluster. | False |
00715 effective control plane and data plane operations (unique) •: 1 •action: 78 •delete: 28 •read: 563 •write: 45 |
Actions: 020 resolved operations: 712 effective operations: 712 •: 1 •action: 78 •delete: 27 •read: 562 •write: 44 •Microsoft.Authorization/*/read •Microsoft.Compute/*/read •Microsoft.Compute/availabilitySets/* •Microsoft.Compute/proximityPlacementGroups/* •Microsoft.Compute/virtualMachines/* •Microsoft.Compute/disks/* •Microsoft.Network/*/read •Microsoft.Network/networkInterfaces/* •Microsoft.Network/virtualNetworks/read •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/virtualNetworks/subnets/join/action •Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action •Microsoft.Network/networkSecurityGroups/join/action •Microsoft.Resources/deployments/* •Microsoft.Insights/alertRules/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Storage/*/read •Microsoft.Storage/storageAccounts/* •Microsoft.Support/* •Microsoft.Resources/subscriptions/resourceGroups/resources/read | DataActions: 003 resolved data operations: 3 effective data operations: 3 •delete: 1 •read: 1 •write: 1 •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write | |||
c025889f-8102-4ebf-b32c-fc0c6f0c6bd9 | Avere Operator | Used by the Avere vFXT cluster to manage the cluster | False |
00014 effective control plane and data plane operations (unique) •action: 2 •delete: 2 •read: 7 •write: 3 |
Actions: 011 resolved operations: 11 effective operations: 11 •action: 2 •delete: 1 •read: 6 •write: 2 •Microsoft.Compute/virtualMachines/read •Microsoft.Network/networkInterfaces/read •Microsoft.Network/networkInterfaces/write •Microsoft.Network/virtualNetworks/read •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/virtualNetworks/subnets/join/action •Microsoft.Network/networkSecurityGroups/join/action •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Storage/storageAccounts/blobServices/containers/delete •Microsoft.Storage/storageAccounts/blobServices/containers/read •Microsoft.Storage/storageAccounts/blobServices/containers/write | DataActions: 003 resolved data operations: 3 effective data operations: 3 •delete: 1 •read: 1 •write: 1 •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write | |||
d715fb95-a0f0-4f1c-8be6-5ad2d2767f67 | AVS Orchestrator Role | Custom role for AVS to manage customer resources used for AVS scenarios. | True |
00055 effective control plane operations (unique) •action: 7 •delete: 13 •read: 20 •write: 15 |
Actions: 057 resolved operations: 55 effective operations: 55 •action: 7 •delete: 13 •read: 20 •write: 15 •Microsoft.Authorization/roleAssignments/read •Microsoft.Resources/subscriptions/resourcegroups/read •Microsoft.Resources/deployments/write •Microsoft.Resources/deployments/operationStatuses/read •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/delete •Microsoft.Resources/deployments/read •Microsoft.Network/virtualHubs/delete •Microsoft.Network/publicIPAddresses/delete •Microsoft.Network/networkInterfaces/delete •Microsoft.Network/networkInterfaces/write •Microsoft.Network/networkInterfaces/join/action •Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/delete •Microsoft.Network/virtualNetworks/subnets/delete •Microsoft.Network/networkIntentPolicies/read •Microsoft.Network/networkIntentPolicies/delete •Microsoft.Network/networkIntentPolicies/write •Microsoft.Network/networkSecurityGroups/delete •Microsoft.Network/networkSecurityGroups/write •Microsoft.Network/networkSecurityGroups/read •Microsoft.Network/networkSecurityGroups/join/action •Microsoft.Network/networkSecurityGroups/securityRules/read •Microsoft.Network/networkSecurityGroups/securityRules/write •Microsoft.Network/networkSecurityGroups/securityRules/delete •Microsoft.Network/virtualNetworks/subnets/write •Microsoft.Network/virtualNetworks/subnets/join/action •Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/write •Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read •Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/delete •Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action •Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action •Microsoft.Network/virtualHubs/write •Microsoft.Network/publicIPAddresses/write •Microsoft.Network/publicIPAddresses/read •Microsoft.Network/virtualHubs/ipConfigurations/write •Microsoft.Network/networkSecurityGroups/securityRules/read •Microsoft.Network/virtualHubs/ipConfigurations/read •Microsoft.Network/virtualHubs/bgpConnections/write •Microsoft.Network/virtualHubs/bgpConnections/read •Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write •Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read •Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete •Microsoft.Network/virtualNetworks/peer/action •Microsoft.Network/locations/operations/read •Microsoft.Network/locations/operationResults/read •Microsoft.Network/networkInterfaces/read •Microsoft.Network/virtualNetworks/read •Microsoft.Network/virtualNetworks/write •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/routeTables/read •Microsoft.Network/routeTables/write •Microsoft.Network/routeTables/delete •Microsoft.Network/routeTables/join/action •Microsoft.Network/routeTables/routes/read •Microsoft.Network/routeTables/routes/write •Microsoft.Network/routeTables/routes/delete •Microsoft.Authorization/roleAssignments/delete conditioned | ||||
b78c5d69-af96-48a3-bf8d-a8b4d589de94 | Azure AI Administrator | A Built-In Role that has all control plane permissions to work with Azure AI and its dependencies. | False |
01239 effective control plane operations (unique) •: 1 •action: 261 •delete: 187 •read: 534 •write: 256 |
Actions: 037 resolved operations: 1239 effective operations: 1239 •: 1 •action: 261 •delete: 187 •read: 534 •write: 256 •Microsoft.Authorization/*/read •Microsoft.CognitiveServices/* •Microsoft.ContainerRegistry/registries/* •Microsoft.DocumentDb/databaseAccounts/* •Microsoft.Features/features/read •Microsoft.Features/providers/features/read •Microsoft.Features/providers/features/register/action •Microsoft.Insights/alertRules/* •Microsoft.Insights/components/* •Microsoft.Insights/diagnosticSettings/* •Microsoft.Insights/generateLiveToken/read •Microsoft.Insights/logDefinitions/read •Microsoft.Insights/metricAlerts/* •Microsoft.Insights/metricdefinitions/read •Microsoft.Insights/metrics/read •Microsoft.Insights/scheduledqueryrules/* •Microsoft.Insights/topology/read •Microsoft.Insights/transactions/read •Microsoft.Insights/webtests/* •Microsoft.KeyVault/* •Microsoft.MachineLearningServices/workspaces/* •Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/resourceGroups/write •Microsoft.Storage/storageAccounts/* •Microsoft.Support/* •Microsoft.Search/searchServices/write •Microsoft.Search/searchServices/read •Microsoft.Search/searchServices/delete •Microsoft.Search/searchServices/indexes/* •Microsoft.DataFactory/factories/* | ||||
64702f94-c441-49e6-a78b-ef80e0188fee | Azure AI Developer | Can perform all actions within an Azure AI resource besides managing the resource itself. | False |
00496 effective control plane and data plane operations (unique) •action: 107 •delete: 84 •read: 197 •write: 108 |
Actions: 007 resolved operations: 317 effective operations: 312 •action: 57 •delete: 56 •read: 132 •write: 67 •Microsoft.MachineLearningServices/workspaces/*/read •Microsoft.MachineLearningServices/workspaces/*/action •Microsoft.MachineLearningServices/workspaces/*/delete •Microsoft.MachineLearningServices/workspaces/*/write •Microsoft.MachineLearningServices/locations/*/read •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* | NotActions: 007 resolved not operations: 7 effective not operations: 15880 •Microsoft.MachineLearningServices/workspaces/delete •Microsoft.MachineLearningServices/workspaces/write •Microsoft.MachineLearningServices/workspaces/listKeys/action •Microsoft.MachineLearningServices/workspaces/hubs/write •Microsoft.MachineLearningServices/workspaces/hubs/delete •Microsoft.MachineLearningServices/workspaces/featurestores/write •Microsoft.MachineLearningServices/workspaces/featurestores/delete | DataActions: 003 resolved data operations: 184 effective data operations: 184 •action: 50 •delete: 28 •read: 65 •write: 41 •Microsoft.CognitiveServices/accounts/OpenAI/* •Microsoft.CognitiveServices/accounts/SpeechServices/* •Microsoft.CognitiveServices/accounts/ContentSafety/* | ||
b556d68e-0be0-4f35-a333-ad7ee1ce17ea | Azure AI Enterprise Network Connection Approver | Can approve private endpoint connections to Azure AI common dependency resources | False |
00041 effective control plane operations (unique) •action: 7 •read: 25 •write: 9 |
Actions: 041 resolved operations: 41 effective operations: 41 •action: 7 •read: 25 •write: 9 •Microsoft.ContainerRegistry/registries/privateEndpointConnectionsApproval/action •Microsoft.ContainerRegistry/registries/privateEndpointConnections/read •Microsoft.ContainerRegistry/registries/privateEndpointConnections/write •Microsoft.Cache/redis/read •Microsoft.Cache/redis/privateEndpointConnections/read •Microsoft.Cache/redis/privateEndpointConnections/write •Microsoft.Cache/redis/privateLinkResources/read •Microsoft.Cache/redis/privateEndpointConnectionsApproval/action •Microsoft.Cache/redisEnterprise/read •Microsoft.Cache/redisEnterprise/privateEndpointConnections/read •Microsoft.Cache/redisEnterprise/privateEndpointConnections/write •Microsoft.Cache/redisEnterprise/privateLinkResources/read •Microsoft.Cache/redisEnterprise/privateEndpointConnectionsApproval/action •Microsoft.CognitiveServices/accounts/read •Microsoft.CognitiveServices/accounts/privateEndpointConnections/read •Microsoft.CognitiveServices/accounts/privateEndpointConnections/write •Microsoft.CognitiveServices/accounts/privateLinkResources/read •Microsoft.DocumentDB/databaseAccounts/privateEndpointConnectionsApproval/action •Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/read •Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/write •Microsoft.DocumentDB/databaseAccounts/privateLinkResources/read •Microsoft.DocumentDB/databaseAccounts/read •Microsoft.KeyVault/vaults/privateEndpointConnectionsApproval/action •Microsoft.KeyVault/vaults/privateEndpointConnections/read •Microsoft.KeyVault/vaults/privateEndpointConnections/write •Microsoft.KeyVault/vaults/privateLinkResources/read •Microsoft.KeyVault/vaults/read •Microsoft.MachineLearningServices/workspaces/privateEndpointConnectionsApproval/action •Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read •Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write •Microsoft.MachineLearningServices/workspaces/privateLinkResources/read •Microsoft.MachineLearningServices/workspaces/read •Microsoft.Storage/storageAccounts/privateEndpointConnections/read •Microsoft.Storage/storageAccounts/privateEndpointConnections/write •Microsoft.Storage/storageAccounts/privateLinkResources/read •Microsoft.Storage/storageAccounts/read •Microsoft.Sql/servers/privateEndpointConnectionsApproval/action •Microsoft.Sql/servers/privateEndpointConnections/read •Microsoft.Sql/servers/privateEndpointConnections/write •Microsoft.Sql/servers/privateLinkResources/read •Microsoft.Sql/servers/read | ||||
3afb7f49-54cb-416e-8c09-6dc049efa503 | Azure AI Inference Deployment Operator | Can perform all actions required to create a resource deployment within a resource group. | False |
00037 effective control plane operations (unique) •action: 4 •delete: 1 •read: 30 •Write: 2 |
Actions: 003 resolved operations: 37 effective operations: 37 •action: 4 •delete: 1 •read: 30 •Write: 2 •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Insights/AutoscaleSettings/write | ||||
ede9aaa3-4627-494e-be13-4aa7c256148d | Azure API Center Compliance Manager | Allows managing API compliance in Azure API Center service. | False |
00018 effective control plane operations (unique) •action: 2 •read: 16 |
Actions: 003 resolved operations: 18 effective operations: 18 •action: 2 •read: 16 •Microsoft.ApiCenter/services/*/read •Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/updateAnalysisState/action •Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action | ||||
c7244dfb-f447-457d-b2ba-3999044d1706 | Azure API Center Data Reader | Allows for access to Azure API Center data plane read operations. | False |
00006 effective data plane operations (unique) •action: 1 •read: 5 |
DataActions: 002 resolved data operations: 6 effective data operations: 6 •action: 1 •read: 5 •Microsoft.ApiCenter/services/*/read •Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action | ||||
dd24193f-ef65-44e5-8a7e-6fa6e03f7713 | Azure API Center Service Contributor | Allows managing Azure API Center service. | False |
00095 effective control plane operations (unique) •: 1 •action: 17 •delete: 13 •read: 51 •write: 13 |
Actions: 006 resolved operations: 96 effective operations: 95 •: 1 •action: 17 •delete: 13 •read: 51 •write: 13 •Microsoft.ApiCenter/services/* •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | NotActions: 001 resolved not operations: 1 effective not operations: 16097 •Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/updateAnalysisState/action | |||
6cba8790-29c5-48e5-bab1-c7541b01cb04 | Azure API Center Service Reader | Allows read-only access to Azure API Center service. | False |
00063 effective control plane operations (unique) •: 1 •action: 8 •Delete: 2 •read: 50 •Write: 2 |
Actions: 007 resolved operations: 63 effective operations: 63 •: 1 •action: 8 •Delete: 2 •read: 50 •Write: 2 •Microsoft.ApiCenter/services/*/read •Microsoft.ApiCenter/services/workspaces/apis/versions/definitions/exportSpecification/action •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
00493d72-78f6-4148-b6c5-d3ce8e4799dd | Azure Arc Enabled Kubernetes Cluster User Role | List cluster user credentials action. | False |
00051 effective control plane operations (unique) •: 1 •Action: 8 •Delete: 1 •read: 38 •Write: 3 |
Actions: 009 resolved operations: 51 effective operations: 51 •: 1 •Action: 8 •Delete: 1 •read: 38 •Write: 3 •Microsoft.Resources/deployments/write •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Kubernetes/connectedClusters/listClusterUserCredentials/action •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Support/* •Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action | ||||
dffb1e0c-446f-4dde-a09f-99eb5cc68b96 | Azure Arc Kubernetes Admin | Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. | False |
00135 effective control plane and data plane operations (unique) •: 1 •Action: 10 •Delete: 26 •read: 69 •Write: 29 |
Actions: 007 resolved operations: 49 effective operations: 49 •: 1 •Action: 6 •Delete: 1 •read: 38 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/write •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | DataActions: 033 resolved data operations: 86 effective data operations: 86 •action: 4 •delete: 25 •read: 31 •write: 26 •Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/read •Microsoft.Kubernetes/connectedClusters/apps/daemonsets/* •Microsoft.Kubernetes/connectedClusters/apps/deployments/* •Microsoft.Kubernetes/connectedClusters/apps/replicasets/* •Microsoft.Kubernetes/connectedClusters/apps/statefulsets/* •Microsoft.Kubernetes/connectedClusters/authorization.k8s.io/localsubjectaccessreviews/write •Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/* •Microsoft.Kubernetes/connectedClusters/batch/cronjobs/* •Microsoft.Kubernetes/connectedClusters/batch/jobs/* •Microsoft.Kubernetes/connectedClusters/configmaps/* •Microsoft.Kubernetes/connectedClusters/endpoints/* •Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/read •Microsoft.Kubernetes/connectedClusters/events/read •Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/* •Microsoft.Kubernetes/connectedClusters/extensions/deployments/* •Microsoft.Kubernetes/connectedClusters/extensions/ingresses/* •Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/* •Microsoft.Kubernetes/connectedClusters/extensions/replicasets/* •Microsoft.Kubernetes/connectedClusters/limitranges/read •Microsoft.Kubernetes/connectedClusters/namespaces/read •Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/* •Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/* •Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/* •Microsoft.Kubernetes/connectedClusters/pods/* •Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/* •Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/rolebindings/* •Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/* •Microsoft.Kubernetes/connectedClusters/replicationcontrollers/* •Microsoft.Kubernetes/connectedClusters/replicationcontrollers/* •Microsoft.Kubernetes/connectedClusters/resourcequotas/read •Microsoft.Kubernetes/connectedClusters/secrets/* •Microsoft.Kubernetes/connectedClusters/serviceaccounts/* •Microsoft.Kubernetes/connectedClusters/services/* | |||
8393591c-06b9-48a2-a542-1bd6b377f6a2 | Azure Arc Kubernetes Cluster Admin | Lets you manage all resources in the cluster. | False |
00359 effective control plane and data plane operations (unique) •: 1 •Action: 16 •Delete: 58 •read: 218 •Write: 66 |
Actions: 007 resolved operations: 49 effective operations: 49 •: 1 •Action: 6 •Delete: 1 •read: 38 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/write •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | DataActions: 001 resolved data operations: 310 effective data operations: 310 •action: 10 •delete: 57 •read: 180 •write: 63 •Microsoft.Kubernetes/connectedClusters/* | |||
63f0a09d-1495-4db4-a681-037d84835eb4 | Azure Arc Kubernetes Viewer | Lets you view all resources in cluster/namespace, except secrets. | False |
00077 effective control plane and data plane operations (unique) •: 1 •Action: 6 •Delete: 1 •read: 66 •Write: 3 |
Actions: 007 resolved operations: 49 effective operations: 49 •: 1 •Action: 6 •Delete: 1 •read: 38 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/write •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | DataActions: 029 resolved data operations: 28 effective data operations: 28 •read: 28 •Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/read •Microsoft.Kubernetes/connectedClusters/apps/daemonsets/read •Microsoft.Kubernetes/connectedClusters/apps/deployments/read •Microsoft.Kubernetes/connectedClusters/apps/replicasets/read •Microsoft.Kubernetes/connectedClusters/apps/statefulsets/read •Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/read •Microsoft.Kubernetes/connectedClusters/batch/cronjobs/read •Microsoft.Kubernetes/connectedClusters/batch/jobs/read •Microsoft.Kubernetes/connectedClusters/configmaps/read •Microsoft.Kubernetes/connectedClusters/endpoints/read •Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/read •Microsoft.Kubernetes/connectedClusters/events/read •Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/read •Microsoft.Kubernetes/connectedClusters/extensions/deployments/read •Microsoft.Kubernetes/connectedClusters/extensions/ingresses/read •Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/read •Microsoft.Kubernetes/connectedClusters/extensions/replicasets/read •Microsoft.Kubernetes/connectedClusters/limitranges/read •Microsoft.Kubernetes/connectedClusters/namespaces/read •Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/read •Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/read •Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/read •Microsoft.Kubernetes/connectedClusters/pods/read •Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/read •Microsoft.Kubernetes/connectedClusters/replicationcontrollers/read •Microsoft.Kubernetes/connectedClusters/replicationcontrollers/read •Microsoft.Kubernetes/connectedClusters/resourcequotas/read •Microsoft.Kubernetes/connectedClusters/serviceaccounts/read •Microsoft.Kubernetes/connectedClusters/services/read | |||
5b999177-9696-4545-85c7-50de3797e5a1 | Azure Arc Kubernetes Writer | Lets you update everything in cluster/namespace, except (cluster)roles and (cluster)role bindings. | False |
00126 effective control plane and data plane operations (unique) •: 1 •Action: 8 •Delete: 24 •read: 67 •Write: 26 |
Actions: 007 resolved operations: 49 effective operations: 49 •: 1 •Action: 6 •Delete: 1 •read: 38 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/write •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | DataActions: 030 resolved data operations: 77 effective data operations: 77 •action: 2 •delete: 23 •read: 29 •write: 23 •Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/read •Microsoft.Kubernetes/connectedClusters/apps/daemonsets/* •Microsoft.Kubernetes/connectedClusters/apps/deployments/* •Microsoft.Kubernetes/connectedClusters/apps/replicasets/* •Microsoft.Kubernetes/connectedClusters/apps/statefulsets/* •Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/* •Microsoft.Kubernetes/connectedClusters/batch/cronjobs/* •Microsoft.Kubernetes/connectedClusters/batch/jobs/* •Microsoft.Kubernetes/connectedClusters/configmaps/* •Microsoft.Kubernetes/connectedClusters/endpoints/* •Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/read •Microsoft.Kubernetes/connectedClusters/events/read •Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/* •Microsoft.Kubernetes/connectedClusters/extensions/deployments/* •Microsoft.Kubernetes/connectedClusters/extensions/ingresses/* •Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/* •Microsoft.Kubernetes/connectedClusters/extensions/replicasets/* •Microsoft.Kubernetes/connectedClusters/limitranges/read •Microsoft.Kubernetes/connectedClusters/namespaces/read •Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/* •Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/* •Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/* •Microsoft.Kubernetes/connectedClusters/pods/* •Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/* •Microsoft.Kubernetes/connectedClusters/replicationcontrollers/* •Microsoft.Kubernetes/connectedClusters/replicationcontrollers/* •Microsoft.Kubernetes/connectedClusters/resourcequotas/read •Microsoft.Kubernetes/connectedClusters/secrets/* •Microsoft.Kubernetes/connectedClusters/serviceaccounts/* •Microsoft.Kubernetes/connectedClusters/services/* | |||
a92dfd61-77f9-4aec-a531-19858b406c87 | Azure Arc ScVmm Administrator role | Arc ScVmm VM Administrator has permissions to perform all ScVmm actions. | False |
00124 effective control plane operations (unique) •action: 23 •delete: 16 •read: 68 •write: 17 |
Actions: 057 resolved operations: 124 effective operations: 124 •action: 23 •delete: 16 •read: 68 •write: 17 •Microsoft.ScVmm/* •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/deployments/delete •Microsoft.Resources/deployments/cancel/action •Microsoft.Resources/deployments/validate/action •Microsoft.Resources/deployments/whatIf/action •Microsoft.Resources/deployments/exportTemplate/action •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/operationstatuses/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/write •Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.ExtendedLocation/customLocations/Read •Microsoft.ExtendedLocation/customLocations/deploy/action •Microsoft.HybridCompute/machines/read •Microsoft.HybridCompute/machines/write •Microsoft.HybridCompute/machines/delete •Microsoft.HybridCompute/machines/UpgradeExtensions/action •Microsoft.HybridCompute/machines/assessPatches/action •Microsoft.HybridCompute/machines/installPatches/action •Microsoft.HybridCompute/machines/extensions/read •Microsoft.HybridCompute/machines/extensions/write •Microsoft.HybridCompute/machines/extensions/delete •Microsoft.HybridCompute/operations/read •Microsoft.HybridCompute/locations/operationresults/read •Microsoft.HybridCompute/locations/operationstatus/read •Microsoft.HybridCompute/machines/patchAssessmentResults/read •Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read •Microsoft.HybridCompute/machines/patchInstallationResults/read •Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read •Microsoft.HybridCompute/locations/updateCenterOperationResults/read •Microsoft.HybridCompute/machines/hybridIdentityMetadata/read •Microsoft.HybridCompute/osType/agentVersions/read •Microsoft.HybridCompute/osType/agentVersions/latest/read •Microsoft.HybridCompute/machines/runcommands/read •Microsoft.HybridCompute/machines/runcommands/write •Microsoft.HybridCompute/machines/runcommands/delete •Microsoft.HybridCompute/machines/licenseProfiles/read •Microsoft.HybridCompute/machines/licenseProfiles/write •Microsoft.HybridCompute/machines/licenseProfiles/delete •Microsoft.HybridCompute/licenses/read •Microsoft.HybridCompute/licenses/write •Microsoft.HybridCompute/licenses/delete | ||||
c0781e91-8102-4553-8951-97c6d4243cda | Azure Arc ScVmm Private Cloud User | Azure Arc ScVmm Private Cloud User has permissions to use the ScVmm resources to deploy VMs. | False |
00060 effective control plane operations (unique) •action: 11 •Delete: 2 •read: 44 •Write: 3 |
Actions: 034 resolved operations: 60 effective operations: 60 •action: 11 •Delete: 2 •read: 44 •Write: 3 •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/deployments/delete •Microsoft.Resources/deployments/cancel/action •Microsoft.Resources/deployments/validate/action •Microsoft.Resources/deployments/whatIf/action •Microsoft.Resources/deployments/exportTemplate/action •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/operationstatuses/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/write •Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/operationresults/read •microsoft.scvmm/virtualnetworks/join/action •microsoft.scvmm/virtualnetworks/Read •microsoft.scvmm/virtualmachinetemplates/clone/action •microsoft.scvmm/virtualmachinetemplates/Read •microsoft.scvmm/clouds/deploy/action •microsoft.scvmm/clouds/Read •Microsoft.ExtendedLocation/customLocations/Read •Microsoft.ExtendedLocation/customLocations/deploy/action •Microsoft.ExtendedLocation/customLocations/enabledresourcetypes/read | ||||
6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9 | Azure Arc ScVmm Private Clouds Onboarding | Azure Arc ScVmm Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vmm server instances to Azure. | False |
00056 effective control plane operations (unique) •action: 8 •Delete: 3 •read: 41 •Write: 4 |
Actions: 030 resolved operations: 56 effective operations: 56 •action: 8 •Delete: 3 •read: 41 •Write: 4 •microsoft.scvmm/vmmservers/Read •microsoft.scvmm/vmmservers/Write •microsoft.scvmm/vmmservers/Delete •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/deployments/delete •Microsoft.Resources/deployments/cancel/action •Microsoft.Resources/deployments/validate/action •Microsoft.Resources/deployments/whatIf/action •Microsoft.Resources/deployments/exportTemplate/action •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/operationstatuses/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/write •Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.ExtendedLocation/customLocations/Read •Microsoft.ExtendedLocation/customLocations/deploy/action | ||||
e582369a-e17b-42a5-b10c-874c387c530b | Azure Arc ScVmm VM Contributor | Arc ScVmm VM Contributor has permissions to perform all VM actions. | False |
00096 effective control plane operations (unique) •action: 17 •delete: 10 •read: 59 •write: 10 |
Actions: 058 resolved operations: 96 effective operations: 96 •action: 17 •delete: 10 •read: 59 •write: 10 •microsoft.scvmm/virtualmachines/* •microsoft.scvmm/virtualMachineInstances/* •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/deployments/delete •Microsoft.Resources/deployments/cancel/action •Microsoft.Resources/deployments/validate/action •Microsoft.Resources/deployments/whatIf/action •Microsoft.Resources/deployments/exportTemplate/action •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/operationstatuses/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/write •Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.ExtendedLocation/customLocations/Read •Microsoft.ExtendedLocation/customLocations/deploy/action •Microsoft.HybridCompute/machines/read •Microsoft.HybridCompute/machines/write •Microsoft.HybridCompute/machines/delete •Microsoft.HybridCompute/machines/UpgradeExtensions/action •Microsoft.HybridCompute/machines/assessPatches/action •Microsoft.HybridCompute/machines/installPatches/action •Microsoft.HybridCompute/machines/extensions/read •Microsoft.HybridCompute/machines/extensions/write •Microsoft.HybridCompute/machines/extensions/delete •Microsoft.HybridCompute/operations/read •Microsoft.HybridCompute/locations/operationresults/read •Microsoft.HybridCompute/locations/operationstatus/read •Microsoft.HybridCompute/machines/patchAssessmentResults/read •Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read •Microsoft.HybridCompute/machines/patchInstallationResults/read •Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read •Microsoft.HybridCompute/locations/updateCenterOperationResults/read •Microsoft.HybridCompute/machines/hybridIdentityMetadata/read •Microsoft.HybridCompute/osType/agentVersions/read •Microsoft.HybridCompute/osType/agentVersions/latest/read •Microsoft.HybridCompute/machines/runcommands/read •Microsoft.HybridCompute/machines/runcommands/write •Microsoft.HybridCompute/machines/runcommands/delete •Microsoft.HybridCompute/machines/licenseProfiles/read •Microsoft.HybridCompute/machines/licenseProfiles/write •Microsoft.HybridCompute/machines/licenseProfiles/delete •Microsoft.HybridCompute/licenses/read •Microsoft.HybridCompute/licenses/write •Microsoft.HybridCompute/licenses/delete | ||||
ddc140ed-e463-4246-9145-7c664192013f | Azure Arc VMware Administrator role | Arc VMware VM Contributor has permissions to perform all connected VMwarevSphere actions. | False |
00143 effective control plane operations (unique) •action: 26 •Delete: 20 •read: 75 •Write: 22 |
Actions: 058 resolved operations: 143 effective operations: 143 •action: 26 •Delete: 20 •read: 75 •Write: 22 •Microsoft.ConnectedVMwarevSphere/* •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/deployments/delete •Microsoft.Resources/deployments/cancel/action •Microsoft.Resources/deployments/validate/action •Microsoft.Resources/deployments/whatIf/action •Microsoft.Resources/deployments/exportTemplate/action •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/operationstatuses/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/write •Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.HybridCompute/machines/read •Microsoft.HybridCompute/machines/write •Microsoft.HybridCompute/machines/delete •Microsoft.HybridCompute/machines/UpgradeExtensions/action •Microsoft.HybridCompute/machines/assessPatches/action •Microsoft.HybridCompute/machines/installPatches/action •Microsoft.HybridCompute/machines/extensions/read •Microsoft.HybridCompute/machines/extensions/write •Microsoft.HybridCompute/machines/extensions/delete •Microsoft.HybridCompute/operations/read •Microsoft.HybridCompute/locations/operationresults/read •Microsoft.HybridCompute/locations/operationstatus/read •Microsoft.HybridCompute/machines/patchAssessmentResults/read •Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read •Microsoft.HybridCompute/machines/patchInstallationResults/read •Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read •Microsoft.HybridCompute/locations/updateCenterOperationResults/read •Microsoft.HybridCompute/machines/hybridIdentityMetadata/read •Microsoft.HybridCompute/osType/agentVersions/read •Microsoft.HybridCompute/osType/agentVersions/latest/read •Microsoft.HybridCompute/machines/runcommands/read •Microsoft.HybridCompute/machines/runcommands/write •Microsoft.HybridCompute/machines/runcommands/delete •Microsoft.HybridCompute/machines/licenseProfiles/read •Microsoft.HybridCompute/machines/licenseProfiles/write •Microsoft.HybridCompute/machines/licenseProfiles/delete •Microsoft.HybridCompute/licenses/read •Microsoft.HybridCompute/licenses/write •Microsoft.HybridCompute/licenses/delete •Microsoft.ExtendedLocation/customLocations/read •Microsoft.ExtendedLocation/customLocations/deploy/action •Microsoft.KubernetesConfiguration/extensions/read | ||||
ce551c02-7c42-47e0-9deb-e3b6fc3a9a83 | Azure Arc VMware Private Cloud User | Azure Arc VMware Private Cloud User has permissions to use the VMware cloud resources to deploy VMs. | False |
00066 effective control plane operations (unique) •action: 14 •Delete: 2 •read: 47 •Write: 3 |
Actions: 040 resolved operations: 66 effective operations: 66 •action: 14 •Delete: 2 •read: 47 •Write: 3 •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/deployments/delete •Microsoft.Resources/deployments/cancel/action •Microsoft.Resources/deployments/validate/action •Microsoft.Resources/deployments/whatIf/action •Microsoft.Resources/deployments/exportTemplate/action •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/operationstatuses/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/write •Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.ConnectedVMwarevSphere/virtualnetworks/join/action •Microsoft.ConnectedVMwarevSphere/virtualnetworks/Read •Microsoft.ConnectedVMwarevSphere/virtualmachinetemplates/clone/action •Microsoft.ConnectedVMwarevSphere/virtualmachinetemplates/Read •Microsoft.ConnectedVMwarevSphere/resourcepools/deploy/action •Microsoft.ConnectedVMwarevSphere/resourcepools/Read •Microsoft.ConnectedVMwarevSphere/hosts/deploy/action •Microsoft.ConnectedVMwarevSphere/hosts/Read •Microsoft.ConnectedVMwarevSphere/clusters/deploy/action •Microsoft.ConnectedVMwarevSphere/clusters/Read •Microsoft.ConnectedVMwarevSphere/datastores/allocateSpace/action •Microsoft.ConnectedVMwarevSphere/datastores/Read •Microsoft.ExtendedLocation/customLocations/Read •Microsoft.ExtendedLocation/customLocations/deploy/action •Microsoft.KubernetesConfiguration/extensions/read | ||||
67d33e57-3129-45e6-bb0b-7cc522f762fa | Azure Arc VMware Private Clouds Onboarding | Azure Arc VMware Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vCenter instances to Azure. | False |
00070 effective control plane operations (unique) •action: 9 •delete: 7 •read: 46 •write: 8 |
Actions: 044 resolved operations: 70 effective operations: 70 •action: 9 •delete: 7 •read: 46 •write: 8 •Microsoft.ConnectedVMwarevSphere/vcenters/Write •Microsoft.ConnectedVMwarevSphere/vcenters/Read •Microsoft.ConnectedVMwarevSphere/vcenters/Delete •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/deployments/delete •Microsoft.Resources/deployments/cancel/action •Microsoft.Resources/deployments/validate/action •Microsoft.Resources/deployments/whatIf/action •Microsoft.Resources/deployments/exportTemplate/action •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/operationstatuses/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/write •Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.KubernetesConfiguration/extensions/Write •Microsoft.KubernetesConfiguration/extensions/Read •Microsoft.KubernetesConfiguration/extensions/Delete •Microsoft.KubernetesConfiguration/operations/read •Microsoft.KubernetesConfiguration/extensions/operations/read •Microsoft.ExtendedLocation/customLocations/Read •Microsoft.ExtendedLocation/customLocations/Write •Microsoft.ExtendedLocation/customLocations/Delete •Microsoft.ExtendedLocation/customLocations/deploy/action •Microsoft.ResourceConnector/appliances/Read •Microsoft.ResourceConnector/appliances/Write •Microsoft.ResourceConnector/appliances/Delete •Microsoft.ResourceConnector/appliances/listClusterUserCredential/action •Microsoft.BackupSolutions/vmwareapplications/write •Microsoft.BackupSolutions/vmwareapplications/delete •Microsoft.BackupSolutions/vmwareapplications/read | ||||
b748a06d-6150-4f8a-aaa9-ce3940cd96cb | Azure Arc VMware VM Contributor | Arc VMware VM Contributor has permissions to perform all VM actions. | False |
00101 effective control plane operations (unique) •action: 16 •Delete: 12 •read: 60 •Write: 13 |
Actions: 056 resolved operations: 101 effective operations: 101 •action: 16 •Delete: 12 •read: 60 •Write: 13 •Microsoft.ConnectedVMwarevSphere/virtualmachines/* •Microsoft.ConnectedVMwarevSphere/virtualmachineinstances/* •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/deployments/delete •Microsoft.Resources/deployments/cancel/action •Microsoft.Resources/deployments/validate/action •Microsoft.Resources/deployments/whatIf/action •Microsoft.Resources/deployments/exportTemplate/action •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/operationstatuses/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/write •Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.HybridCompute/machines/read •Microsoft.HybridCompute/machines/write •Microsoft.HybridCompute/machines/delete •Microsoft.HybridCompute/machines/UpgradeExtensions/action •Microsoft.HybridCompute/machines/assessPatches/action •Microsoft.HybridCompute/machines/installPatches/action •Microsoft.HybridCompute/machines/extensions/read •Microsoft.HybridCompute/machines/extensions/write •Microsoft.HybridCompute/machines/extensions/delete •Microsoft.HybridCompute/operations/read •Microsoft.HybridCompute/locations/operationresults/read •Microsoft.HybridCompute/locations/operationstatus/read •Microsoft.HybridCompute/machines/patchAssessmentResults/read •Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read •Microsoft.HybridCompute/machines/patchInstallationResults/read •Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read •Microsoft.HybridCompute/locations/updateCenterOperationResults/read •Microsoft.HybridCompute/machines/hybridIdentityMetadata/read •Microsoft.HybridCompute/osType/agentVersions/read •Microsoft.HybridCompute/osType/agentVersions/latest/read •Microsoft.HybridCompute/machines/runcommands/read •Microsoft.HybridCompute/machines/runcommands/write •Microsoft.HybridCompute/machines/runcommands/delete •Microsoft.HybridCompute/machines/licenseProfiles/read •Microsoft.HybridCompute/machines/licenseProfiles/write •Microsoft.HybridCompute/machines/licenseProfiles/delete •Microsoft.HybridCompute/licenses/read •Microsoft.HybridCompute/licenses/write •Microsoft.HybridCompute/licenses/delete | ||||
8d6517c1-e434-405c-9f3f-e0ae65085d76 | Azure Automanage Contributor | Azure Automanage Contributor | False |
00033 effective control plane operations (unique) •Action: 2 •Delete: 8 •Read: 14 •Write: 9 |
Actions: 001 resolved operations: 33 effective operations: 33 •Action: 2 •Delete: 8 •Read: 14 •Write: 9 •Microsoft.Automanage/* | ||||
29fe4964-1e60-436b-bd3a-77fd4c178b3c | Azure Batch Account Contributor | Grants full access to manage all Batch resources, including Batch accounts, pools and jobs. | False |
00099 effective control plane and data plane operations (unique) •: 1 •action: 17 •delete: 12 •read: 56 •write: 13 |
Actions: 005 resolved operations: 93 effective operations: 93 •: 1 •action: 17 •delete: 10 •read: 54 •write: 11 •Microsoft.Authorization/*/read •Microsoft.Batch/batchAccounts/* •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | DataActions: 001 resolved data operations: 6 effective data operations: 6 •delete: 2 •read: 2 •write: 2 •Microsoft.Batch/batchAccounts/* | |||
11076f67-66f6-4be0-8f6b-f0609fd05cc9 | Azure Batch Account Reader | Lets you view all resources including pools and jobs in the Batch account. | False |
00024 effective control plane and data plane operations (unique) •read: 24 |
Actions: 003 resolved operations: 22 effective operations: 22 •read: 22 •Microsoft.Batch/batchAccounts/read •Microsoft.Batch/batchAccounts/*/read •Microsoft.Resources/subscriptions/resourceGroups/read | DataActions: 001 resolved data operations: 2 effective data operations: 2 •read: 2 •Microsoft.Batch/batchAccounts/*/read | |||
6aaa78f1-f7de-44ca-8722-c64a23943cae | Azure Batch Data Contributor | Grants permissions to manage Batch pools and jobs but not to modify accounts. | False |
00073 effective control plane and data plane operations (unique) •: 1 •action: 11 •delete: 8 •read: 45 •write: 8 |
Actions: 011 resolved operations: 67 effective operations: 67 •: 1 •action: 11 •delete: 6 •read: 43 •write: 6 •Microsoft.Authorization/*/read •Microsoft.Batch/batchAccounts/read •Microsoft.Batch/batchAccounts/applications/* •Microsoft.Batch/batchAccounts/certificates/* •Microsoft.Batch/batchAccounts/certificateOperationResults/* •Microsoft.Batch/batchAccounts/pools/* •Microsoft.Batch/batchAccounts/poolOperationResults/* •Microsoft.Batch/locations/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | DataActions: 002 resolved data operations: 6 effective data operations: 6 •delete: 2 •read: 2 •write: 2 •Microsoft.Batch/batchAccounts/jobSchedules/* •Microsoft.Batch/batchAccounts/jobs/* | |||
48e5e92e-a480-4e71-aa9c-2778f4c13781 | Azure Batch Job Submitter | Lets you submit and manage jobs in the Batch account. | False |
00018 effective control plane and data plane operations (unique) •: 1 •Action: 3 •delete: 3 •read: 8 •write: 3 |
Actions: 005 resolved operations: 12 effective operations: 12 •: 1 •Action: 3 •Delete: 1 •read: 6 •Write: 1 •Microsoft.Batch/batchAccounts/applications/read •Microsoft.Batch/batchAccounts/applications/versions/read •Microsoft.Batch/batchAccounts/pools/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/subscriptions/resourceGroups/read | DataActions: 002 resolved data operations: 6 effective data operations: 6 •delete: 2 •read: 2 •write: 2 •Microsoft.Batch/batchAccounts/jobSchedules/* •Microsoft.Batch/batchAccounts/jobs/* | |||
a35466a1-cfd6-450a-b35e-683fcdf30363 | Azure Batch Service Orchestration Role | Grants the required permissions to Azure Batch Resource Provider to manage compute and other backing resources in the subscription. | False |
00048 effective control plane operations (unique) •: 1 •action: 15 •delete: 6 •read: 20 •write: 6 |
Actions: 033 resolved operations: 48 effective operations: 48 •: 1 •action: 15 •delete: 6 •read: 20 •write: 6 •Microsoft.Security/assessments/read •Microsoft.AzureFleet/fleets/write •Microsoft.AzureFleet/fleets/read •Microsoft.AzureFleet/fleets/delete •Microsoft.Compute/locations/DiskOperations/read •Microsoft.Compute/locations/operations/read •Microsoft.Compute/virtualMachineScaleSets/approveRollingUpgrade/action •Microsoft.Compute/virtualMachineScaleSets/deallocate/action •Microsoft.Compute/virtualMachineScaleSets/delete •Microsoft.Compute/virtualMachineScaleSets/delete/action •Microsoft.Compute/VirtualMachineScaleSets/read •Microsoft.Compute/virtualMachineScaleSets/reimage/action •Microsoft.Compute/virtualMachineScaleSets/reimageall/action •Microsoft.Compute/virtualMachineScaleSets/restart/action •Microsoft.Compute/virtualMachineScaleSets/start/action •Microsoft.Compute/virtualMachineScaleSets/write •Microsoft.Compute/virtualMachineScaleSets/extensions/read •microsoft.Compute/virtualMachineScaleSets/networkInterfaces/read •Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read •Microsoft.Compute/virtualMachineScaleSets/virtualmachines/restart/action •Microsoft.Insights/alertRules/* •Microsoft.Insights/dataCollectionRuleAssociations/read •Microsoft.Resources/deployments/* •Microsoft.Insights/diagnosticSettings/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/resourceGroups/delete •Microsoft.Resources/subscriptions/resourceGroups/write •Microsoft.Resources/subscriptions/resourceGroups/resources/read •Microsoft.Network/networkWatchers/read •Microsoft.Network/virtualNetworks/delete •Microsoft.Network/virtualNetworks/write | ||||
9fc6112f-f48e-4e27-8b09-72a5c94e4ae9 | Azure Bot Service Contributor Role | To perform actions on the bots by copilot studio platform and extensibility team | False |
00077 effective control plane operations (unique) •: 1 •action: 16 •delete: 8 •read: 36 •write: 16 |
Actions: 036 resolved operations: 77 effective operations: 77 •: 1 •action: 16 •delete: 8 •read: 36 •write: 16 •Microsoft.BotService/listAuthServiceProviders/action •Microsoft.BotService/listauthserviceproviders/providers/Microsoft.Insights/diagnosticSettings/write •Microsoft.BotService/botServices/read •Microsoft.BotService/botServices/write •Microsoft.BotService/botServices/delete •Microsoft.BotService/botServices/channels/write •Microsoft.BotService/botServices/channels/read •Microsoft.BotService/botServices/channels/listchannelwithkeys/action •Microsoft.BotService/botServices/channels/delete •Microsoft.BotService/botServices/channels/providers/Microsoft.Insights/diagnosticSettings/write •Microsoft.BotService/botServices/connections/read •Microsoft.BotService/botServices/connections/write •Microsoft.BotService/botServices/connections/delete •Microsoft.BotService/botServices/connections/listwithsecrets/write •Microsoft.BotService/botServices/connections/providers/Microsoft.Insights/diagnosticSettings/write •Microsoft.BotService/botServices/createemailsigninurl/action •Microsoft.BotService/botServices/privateEndpointConnectionsApproval/action •Microsoft.BotService/botServices/joinPerimeter/action •Microsoft.BotService/botServices/providers/Microsoft.Insights/diagnosticSettings/write •Microsoft.BotService/checknameavailability/providers/Microsoft.Insights/diagnosticSettings/write •Microsoft.BotService/hostsettings/providers/Microsoft.Insights/diagnosticSettings/write •Microsoft.BotService/botServices/privateEndpointConnectionProxies/write •Microsoft.BotService/botServices/privateEndpointConnectionProxies/delete •Microsoft.BotService/botServices/privateEndpointConnectionProxies/validate/action •Microsoft.BotService/botServices/privateEndpointConnections/write •Microsoft.BotService/botServices/privateEndpointConnections/delete •Microsoft.BotService/listqnamakerendpointkeys/providers/Microsoft.Insights/diagnosticSettings/write •Microsoft.BotService/botServices/networkSecurityPerimeterConfigurations/reconcile/action •Microsoft.BotService/botServices/networkSecurityPerimeterAssociationProxies/write •Microsoft.BotService/botServices/networkSecurityPerimeterAssociationProxies/delete •Microsoft.BotService/locations/notifyNetworkSecurityPerimeterUpdatesAvailable/action •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.BotService/botServices/channels/regeneratekeys/action | ||||
7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 | Azure Center for SAP solutions administrator | This role provides read and write access to all capabilities of Azure Center for SAP solutions. | False |
00117 effective control plane and data plane operations (unique) •: 1 •Action: 19 •delete: 8 •read: 78 •write: 11 |
Actions: 057 resolved operations: 116 effective operations: 116 •: 1 •Action: 19 •delete: 8 •read: 77 •write: 11 •Microsoft.Advisor/configurations/read •Microsoft.Advisor/recommendations/read •Microsoft.Workloads/sapvirtualInstances/*/read •Microsoft.Workloads/sapVirtualInstances/*/write •Microsoft.Workloads/sapVirtualInstances/*/delete •Microsoft.Workloads/Locations/*/action •Microsoft.Workloads/Locations/*/read •Microsoft.Workloads/sapVirtualInstances/*/start/action •Microsoft.Workloads/sapVirtualInstances/*/stop/action •Microsoft.Workloads/connectors/*/read •Microsoft.Workloads/connectors/*/write •Microsoft.Workloads/connectors/*/delete •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Insights/alertRules/* •Microsoft.Insights/metrics/read •Microsoft.Insights/metricDefinitions/read •Microsoft.Resources/deployments/* •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/write •Microsoft.Resources/subscriptions/resourcegroups/deployments/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Network/virtualNetworks/read •Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/virtualNetworks/subnets/write •Microsoft.Network/virtualNetworks/subnets/virtualMachines/read •Microsoft.Network/networkInterfaces/read •Microsoft.Network/networkInterfaces/ipconfigurations/read •Microsoft.Network/networkInterfaces/loadBalancers/read •Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read •Microsoft.Network/loadBalancers/read •Microsoft.Network/loadBalancers/backendAddressPools/read •Microsoft.Network/loadBalancers/frontendIPConfigurations/read •Microsoft.Network/loadBalancers/loadBalancingRules/read •Microsoft.Network/loadBalancers/inboundNatRules/read •Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read •Microsoft.Network/loadBalancers/networkInterfaces/read •Microsoft.Network/loadBalancers/outboundRules/read •Microsoft.Network/loadBalancers/virtualMachines/read •Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read •Microsoft.Network/privateEndpoints/read •Microsoft.Network/networkSecurityGroups/join/action •Microsoft.Network/routeTables/join/action •Microsoft.Storage/storageAccounts/read •Microsoft.Storage/storageAccounts/blobServices/read •Microsoft.Storage/storageAccounts/blobServices/containers/read •Microsoft.Storage/storageAccounts/fileServices/read •Microsoft.Storage/storageAccounts/fileServices/shares/read •Microsoft.Compute/virtualMachines/read •Microsoft.Compute/availabilitySets/read •Microsoft.Compute/sshPublicKeys/read •Microsoft.Compute/sshPublicKeys/write •Microsoft.Compute/sshPublicKeys/*/generateKeyPair/action •Microsoft.Compute/virtualMachines/extensions/read •Microsoft.Compute/virtualMachines/extensions/delete •Microsoft.Compute/disks/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •read: 1 •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read | |||
6d949e1d-41e2-46e3-8920-c6e4f31a8310 | Azure Center for SAP solutions Management role | This role has permissions which allow users to register existing systems, view and manage systems. | False | n/a | |||||
05352d14-a920-4328-a0de-4cbe7430e26b | Azure Center for SAP solutions reader | This role provides read access to all capabilities of Azure Center for SAP solutions. | False |
00070 effective control plane operations (unique) •read: 70 |
Actions: 043 resolved operations: 70 effective operations: 70 •read: 70 •Microsoft.Advisor/configurations/read •Microsoft.Advisor/recommendations/read •Microsoft.Workloads/sapvirtualInstances/*/read •Microsoft.Workloads/Locations/*/read •Microsoft.Workloads/Operations/read •Microsoft.Workloads/Locations/OperationStatuses/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Insights/alertRules/read •Microsoft.Insights/metrics/read •Microsoft.Insights/metricDefinitions/read •Microsoft.Resources/deployments/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Network/virtualNetworks/read •Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/virtualNetworks/subnets/virtualMachines/read •Microsoft.Network/networkInterfaces/read •Microsoft.Network/networkInterfaces/ipconfigurations/read •Microsoft.Network/networkInterfaces/loadBalancers/read •Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read •Microsoft.Network/loadBalancers/read •Microsoft.Network/loadBalancers/backendAddressPools/read •Microsoft.Network/loadBalancers/frontendIPConfigurations/read •Microsoft.Network/loadBalancers/loadBalancingRules/read •Microsoft.Network/loadBalancers/inboundNatRules/read •Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read •Microsoft.Network/loadBalancers/networkInterfaces/read •Microsoft.Network/loadBalancers/outboundRules/read •Microsoft.Network/loadBalancers/virtualMachines/read •Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read •Microsoft.Network/privateEndpoints/read •Microsoft.Storage/storageAccounts/read •Microsoft.Storage/storageAccounts/blobServices/read •Microsoft.Storage/storageAccounts/blobServices/containers/read •Microsoft.Storage/storageAccounts/fileServices/read •Microsoft.Storage/storageAccounts/fileServices/shares/read •Microsoft.Compute/virtualMachines/read •Microsoft.Compute/availabilitySets/read •Microsoft.Compute/virtualMachines/extensions/read •Microsoft.Compute/disks/read | ||||
aabbc5dd-1af0-458b-a942-81af88f9c138 | Azure Center for SAP solutions service role | Azure Center for SAP solutions service role - This role is intended to be used for providing the permissions to user assigned managed identity. Azure Center for SAP solutions will use this identity to deploy and manage SAP systems. | False |
00066 effective control plane operations (unique) •action: 11 •delete: 2 •read: 39 •write: 14 |
Actions: 055 resolved operations: 66 effective operations: 66 •action: 11 •delete: 2 •read: 39 •write: 14 •Microsoft.Resources/subscriptions/resourceGroups/write •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/* •Microsoft.Network/loadBalancers/read •Microsoft.Network/loadBalancers/write •Microsoft.Network/loadBalancers/backendAddressPools/read •Microsoft.Network/loadBalancers/backendAddressPools/write •Microsoft.Network/loadBalancers/frontendIPConfigurations/read •Microsoft.Network/loadBalancers/loadBalancingRules/read •Microsoft.Network/loadBalancers/inboundNatRules/read •Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read •Microsoft.Network/loadBalancers/networkInterfaces/read •Microsoft.Network/loadBalancers/outboundRules/read •Microsoft.Network/loadBalancers/virtualMachines/read •Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read •Microsoft.Network/networkInterfaces/read •Microsoft.Network/networkInterfaces/write •Microsoft.Network/networkInterfaces/ipconfigurations/read •Microsoft.Network/networkInterfaces/loadBalancers/read •Microsoft.Network/virtualNetworks/read •Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/virtualNetworks/subnets/virtualMachines/read •Microsoft.Network/virtualNetworks/virtualMachines/read •Microsoft.Network/networkInterfaces/ipconfigurations/join/action •Microsoft.Network/privateEndpoints/read •Microsoft.Network/privateEndpoints/write •Microsoft.Network/networkInterfaces/join/action •Microsoft.Network/loadBalancers/backendAddressPools/join/action •Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action •Microsoft.Network/virtualNetworks/subnets/join/action •Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action •Microsoft.Storage/storageAccounts/read •Microsoft.Storage/storageAccounts/write •Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action •Microsoft.Storage/storageAccounts/blobServices/read •Microsoft.Storage/storageAccounts/blobServices/containers/read •Microsoft.Storage/storageAccounts/fileServices/read •Microsoft.Storage/storageAccounts/fileServices/write •Microsoft.Storage/storageAccounts/fileServices/shares/read •Microsoft.Storage/storageAccounts/fileServices/shares/write •Microsoft.Compute/virtualMachines/read •Microsoft.Compute/virtualMachines/write •Microsoft.Compute/virtualMachines/instanceView/read •Microsoft.Compute/availabilitySets/read •Microsoft.Compute/availabilitySets/write •Microsoft.Compute/skus/read •Microsoft.Compute/sshPublicKeys/read •Microsoft.Compute/virtualMachines/extensions/read •Microsoft.Compute/virtualMachines/extensions/write •Microsoft.Compute/virtualMachines/extensions/delete •Microsoft.Compute/disks/read •Microsoft.Compute/disks/write | ||||
0105a6b0-4bb9-43d2-982a-12806f9faddb | Azure Center for SAP solutions Service role for management | This role has permissions that the user assigned managed identity must have to enable registration for the existing systems. | False | n/a | |||||
b64e21ea-ac4e-4cdf-9dc9-5b892992bee7 | Azure Connected Machine Onboarding | Can onboard Azure Connected Machines. | False |
00004 effective control plane operations (unique) •read: 3 •write: 1 |
Actions: 004 resolved operations: 4 effective operations: 4 •read: 3 •write: 1 •Microsoft.HybridCompute/machines/read •Microsoft.HybridCompute/machines/write •Microsoft.HybridCompute/privateLinkScopes/read •Microsoft.GuestConfiguration/guestConfigurationAssignments/read | ||||
cd570a14-e51a-42ad-bac8-bafd67325302 | Azure Connected Machine Resource Administrator | Can read, write, delete and re-onboard Azure Connected Machines. | False |
00062 effective control plane operations (unique) •action: 14 •delete: 10 •read: 28 •write: 10 |
Actions: 010 resolved operations: 62 effective operations: 62 •action: 14 •delete: 10 •read: 28 •write: 10 •Microsoft.HybridCompute/machines/* •Microsoft.HybridCompute/machines/extensions/* •Microsoft.HybridCompute/machines/licenseProfiles/* •Microsoft.HybridCompute/machines/runCommands/* •Microsoft.HybridCompute/machines/UpgradeExtensions/action •Microsoft.HybridCompute/privateLinkScopes/* •Microsoft.HybridCompute/licenses/* •Microsoft.HybridCompute/locations/* •Microsoft.HybridCompute/*/read •Microsoft.Resources/deployments/* | count: 011 •Configure Arc-enabled SQL Servers to automatically install Azure Monitor Agent •Configure Azure Arc Private Link Scopes to disable public network access •Configure Azure Arc Private Link Scopes with private endpoints •Configure Azure Arc-enabled servers to use an Azure Arc Private Link Scope •Configure ChangeTracking Extension for Linux Arc machines •Configure ChangeTracking Extension for Windows Arc machines •Configure Linux Arc-enabled machines to run Azure Monitor Agent •Configure Linux Arc-enabled machines to to install AMA for ChangeTracking and Inventory •Configure periodic checking for missing system updates on azure Arc-enabled servers •Configure Windows Arc-enabled machines to install AMA for ChangeTracking and Inventory •Configure Windows Arc-enabled machines to run Azure Monitor Agent | |||
f5819b54-e033-4d82-ac66-4fec3cbf3f4c | Azure Connected Machine Resource Manager | Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group | False |
00079 effective control plane operations (unique) •action: 3 •delete: 5 •read: 63 •write: 8 |
Actions: 032 resolved operations: 79 effective operations: 79 •action: 3 •delete: 5 •read: 63 •write: 8 •Microsoft.Authorization/*/read •Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read •Microsoft.GuestConfiguration/guestConfigurationAssignments/read •Microsoft.GuestConfiguration/guestConfigurationAssignments/write •Microsoft.HybridCompute/machines/read •Microsoft.HybridCompute/machines/extensions/read •Microsoft.HybridCompute/*/read •Microsoft.HybridCompute/machines/delete •Microsoft.HybridCompute/machines/extensions/delete •Microsoft.HybridCompute/machines/extensions/write •Microsoft.HybridCompute/machines/licenseProfiles/delete •Microsoft.HybridCompute/machines/licenseProfiles/read •Microsoft.HybridCompute/machines/licenseProfiles/write •Microsoft.HybridCompute/machines/UpgradeExtensions/action •Microsoft.HybridCompute/machines/write •Microsoft.HybridConnectivity/endpoints/read •Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read •Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write •Microsoft.HybridConnectivity/endpoints/write •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.EdgeMarketplace/locations/operationStatuses/read •Microsoft.EdgeMarketPlace/offers/getAccessToken/action •Microsoft.EdgeMarketPlace/offers/generateAccessToken/action •Microsoft.EdgeMarketplace/publishers/read •Microsoft.EdgeMarketplace/offers/read •Microsoft.ExtendedLocation/customLocations/read •Microsoft.Attestation/attestationProviders/write •Microsoft.Attestation/attestationProviders/read •Microsoft.Attestation/attestationProviders/delete •Microsoft.Attestation/attestationProviders/attestation/read •Microsoft.Attestation/attestationProviders/attestation/write •Microsoft.Attestation/attestationProviders/attestation/delete | ||||
e8113dce-c529-4d33-91fa-e9b972617508 | Azure Connected SQL Server Onboarding | Microsoft.AzureArcData service role to access the resources of Microsoft.AzureArcData stored with RPSAAS. | False |
00002 effective control plane operations (unique) •read: 1 •write: 1 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 1 •write: 1 •Microsoft.AzureArcData/sqlServerInstances/read •Microsoft.AzureArcData/sqlServerInstances/write | ||||
5d977122-f97e-4b4d-a52f-6b43003ddb4d | Azure Container Instances Contributor Role | Grants read/write access to container groups provided by Azure Container Instances | False |
00062 effective control plane operations (unique) •: 1 •action: 13 •delete: 3 •read: 41 •write: 4 |
Actions: 005 resolved operations: 62 effective operations: 62 •: 1 •action: 13 •delete: 3 •read: 41 •write: 4 •Microsoft.ContainerInstance/containerGroups/* •Microsoft.Resources/deployments/* •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
96062cf7-95ca-4f89-9b9d-2a2aa47356af | Azure Container Registry secure supply chain operator service role | Grants Microsoft Defender for Cloud access to Azure Container Registry for security assessment of container images | False |
00009 effective control plane and data plane operations (unique) •delete: 3 •read: 3 •write: 3 |
Actions: 003 resolved operations: 3 effective operations: 3 •delete: 1 •read: 1 •write: 1 •Microsoft.ContainerRegistry/registries/pull/read •Microsoft.ContainerRegistry/registries/push/write •Microsoft.ContainerRegistry/registries/artifacts/delete | DataActions: 006 resolved data operations: 6 effective data operations: 6 •delete: 2 •read: 2 •write: 2 •Microsoft.ContainerRegistry/registries/repositories/metadata/read •Microsoft.ContainerRegistry/registries/repositories/content/read •Microsoft.ContainerRegistry/registries/repositories/metadata/write •Microsoft.ContainerRegistry/registries/repositories/content/write •Microsoft.ContainerRegistry/registries/repositories/metadata/delete •Microsoft.ContainerRegistry/registries/repositories/content/delete | |||
95dd08a6-00bd-4661-84bf-f6726f83a4d0 | Azure Container Storage Contributor | Lets you install Azure Container Storage and manage its storage resources | True |
00055 effective control plane operations (unique) •action: 7 •delete: 3 •read: 41 •write: 4 |
Actions: 012 resolved operations: 55 effective operations: 55 •action: 7 •delete: 3 •read: 41 •write: 4 •Microsoft.KubernetesConfiguration/extensions/write •Microsoft.KubernetesConfiguration/extensions/read •Microsoft.KubernetesConfiguration/extensions/delete •Microsoft.KubernetesConfiguration/extensions/operations/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/read •Microsoft.Management/managementGroups/read •Microsoft.Resources/deployments/* •Microsoft.Support/* •Microsoft.Authorization/roleAssignments/write conditioned •Microsoft.Authorization/roleAssignments/delete conditioned | ||||
08d4c71a-cc63-4ce4-a9c8-5dd251b4d619 | Azure Container Storage Operator | Role required by a Managed Identity for Azure Container Storage operations | False |
00039 effective control plane operations (unique) •action: 7 •delete: 7 •read: 14 •write: 11 |
Actions: 018 resolved operations: 39 effective operations: 39 •action: 7 •delete: 7 •read: 14 •write: 11 •Microsoft.ElasticSan/elasticSans/* •Microsoft.ElasticSan/locations/asyncoperations/read •Microsoft.Network/routeTables/join/action •Microsoft.Network/networkSecurityGroups/join/action •Microsoft.Network/virtualNetworks/write •Microsoft.Network/virtualNetworks/delete •Microsoft.Network/virtualNetworks/join/action •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/virtualNetworks/subnets/write •Microsoft.Compute/virtualMachines/read •Microsoft.Compute/virtualMachines/write •Microsoft.Compute/virtualMachineScaleSets/read •Microsoft.Compute/virtualMachineScaleSets/write •Microsoft.Compute/virtualMachineScaleSets/virtualMachines/write •Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read •Microsoft.Resources/subscriptions/providers/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Network/virtualNetworks/read | ||||
95de85bd-744d-4664-9dde-11430bc34793 | Azure Container Storage Owner | Lets you install Azure Container Storage and grants access to its storage resources | True |
00078 effective control plane operations (unique) •action: 11 •delete: 9 •read: 48 •write: 10 |
Actions: 017 resolved operations: 78 effective operations: 78 •action: 11 •delete: 9 •read: 48 •write: 10 •Microsoft.ElasticSan/elasticSans/* •Microsoft.ElasticSan/locations/* •Microsoft.ElasticSan/elasticSans/volumeGroups/* •Microsoft.ElasticSan/elasticSans/volumeGroups/volumes/* •Microsoft.ElasticSan/locations/asyncoperations/read •Microsoft.KubernetesConfiguration/extensions/write •Microsoft.KubernetesConfiguration/extensions/read •Microsoft.KubernetesConfiguration/extensions/delete •Microsoft.KubernetesConfiguration/extensions/operations/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/read •Microsoft.Management/managementGroups/read •Microsoft.Resources/deployments/* •Microsoft.Support/* •Microsoft.Authorization/roleAssignments/write conditioned •Microsoft.Authorization/roleAssignments/delete conditioned | ||||
0fb8eba5-a2bb-4abe-b1c1-49dfad359bb0 | Azure ContainerApps Session Executor | Create and execute sessions in a sessionPool | False |
00045 effective control plane and data plane operations (unique) •: 1 •action: 7 •delete: 2 •read: 34 •Write: 1 |
Actions: 004 resolved operations: 37 effective operations: 37 •: 1 •action: 4 •Delete: 1 •read: 30 •Write: 1 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.App/sessionPools/*/read •Microsoft.App/sessionPools/sessions/generatesessions/action | DataActions: 005 resolved data operations: 8 effective data operations: 8 •action: 3 •delete: 1 •read: 4 •Microsoft.App/sessionPools/*/read •Microsoft.App/sessionPools/interpreters/execute/action •Microsoft.App/sessionPools/interpreters/read •Microsoft.App/sessionPools/executions/* •Microsoft.App/sessionPools/files/* | |||
4dae6930-7baf-46f5-909e-0383bc931c46 | Azure Customer Lockbox Approver for Subscription | Can approve Microsoft support requests to access specific resources contained within a subscription, or the subscription itself, when Customer Lockbox for Microsoft Azure is enabled on the tenant where the subscription resides. | False |
00032 effective control plane operations (unique) •action: 1 •read: 31 |
Actions: 006 resolved operations: 32 effective operations: 32 •action: 1 •read: 31 •Microsoft.Resources/subscriptions/read •Microsoft.CustomerLockbox/requests/UpdateApproval/action •Microsoft.CustomerLockbox/requests/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Insights/eventtypes/values/read | ||||
bf7f8882-3383-422a-806a-6526c631a88a | Azure Deployment Stack Contributor | Allows a user to manage deployment stacks, but cannot create or delete deny assignments within the deployment stack. | False |
00047 effective control plane operations (unique) •: 1 •Action: 7 •Delete: 2 •read: 34 •Write: 3 |
Actions: 006 resolved operations: 47 effective operations: 47 •: 1 •Action: 7 •Delete: 2 •read: 34 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deploymentStacks/write •Microsoft.Resources/deploymentStacks/read | ||||
adb29209-aa1d-457b-a786-c913953d2891 | Azure Deployment Stack Owner | Allows a user to manage deployment stacks, including those with deny assignments. | False |
00049 effective control plane operations (unique) •: 1 •Action: 8 •Delete: 3 •read: 34 •Write: 3 |
Actions: 005 resolved operations: 49 effective operations: 49 •: 1 •Action: 8 •Delete: 3 •read: 34 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deploymentStacks/* | ||||
2a740172-0fc2-4039-972c-b31864cd47d6 | Azure Device Update Agent | Provide full access to all Azure Device Update agent operations | False |
00001 effective data plane operations (unique) •action: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.DeviceUpdate/updateAccounts/agents/requestUpdate/action | ||||
bcd981a7-7f74-457b-83e1-cceb9e632ffe | Azure Digital Twins Data Owner | Full access role for Digital Twins data-plane | False |
00023 effective data plane operations (unique) •action: 3 •delete: 5 •read: 8 •write: 7 |
DataActions: 007 resolved data operations: 23 effective data operations: 23 •action: 3 •delete: 5 •read: 8 •write: 7 •Microsoft.DigitalTwins/digitaltwins/* •Microsoft.DigitalTwins/digitaltwins/commands/* •Microsoft.DigitalTwins/digitaltwins/relationships/* •Microsoft.DigitalTwins/eventroutes/* •Microsoft.DigitalTwins/jobs/* •Microsoft.DigitalTwins/models/* •Microsoft.DigitalTwins/query/* | ||||
d57506d4-4c8d-48b1-8587-93c323f6a5a3 | Azure Digital Twins Data Reader | Read-only role for Digital Twins data-plane properties | False |
00008 effective data plane operations (unique) •action: 1 •read: 7 |
DataActions: 008 resolved data operations: 8 effective data operations: 8 •action: 1 •read: 7 •Microsoft.DigitalTwins/digitaltwins/read •Microsoft.DigitalTwins/digitaltwins/relationships/read •Microsoft.DigitalTwins/eventroutes/read •Microsoft.DigitalTwins/jobs/import/read •Microsoft.DigitalTwins/jobs/imports/read •Microsoft.DigitalTwins/jobs/deletions/read •Microsoft.DigitalTwins/models/read •Microsoft.DigitalTwins/query/action | ||||
9295f069-25d0-4f44-bb6a-3da70d11aa00 | Azure Edge Hardware Center Administrator | Grants you access to take actions as an edge order administrator | False |
00025 effective control plane operations (unique) •action: 9 •delete: 3 •read: 10 •write: 3 |
Actions: 001 resolved operations: 25 effective operations: 25 •action: 9 •delete: 3 •read: 10 •write: 3 •Microsoft.EdgeOrder/* | ||||
207bcc4b-86a6-4487-9141-d6c1f4c238aa | Azure Edge On-Site Deployment Engineer | Grants you access to take actions as an on-site person to assist in the provisioning of an edge device | False |
00001 effective control plane operations (unique) •read: 1 |
Actions: 001 resolved operations: 1 effective operations: 1 •read: 1 •Microsoft.EdgeOrder/orderItems/read | ||||
f526a384-b230-433a-b45c-95f59c4a2dec | Azure Event Hubs Data Owner | Allows for full access to Azure Event Hubs resources. | False |
00087 effective control plane and data plane operations (unique) •action: 23 •delete: 15 •read: 32 •write: 17 |
Actions: 001 resolved operations: 82 effective operations: 82 •action: 21 •delete: 14 •read: 31 •write: 16 •Microsoft.EventHub/* | DataActions: 001 resolved data operations: 5 effective data operations: 5 •action: 2 •delete: 1 •read: 1 •write: 1 •Microsoft.EventHub/* | count: 142 •Configure Azure Event Hub namespaces to disable local authentication •Configure Event Hub namespaces with private endpoints •Enable logging by category group for 1ES Hosted Pools (microsoft.cloudtest/hostedpools) to Event Hub •Enable logging by category group for Analysis Services (microsoft.analysisservices/servers) to Event Hub •Enable logging by category group for Apache Spark pools (microsoft.synapse/workspaces/bigdatapools) to Event Hub •Enable logging by category group for API Management services (microsoft.apimanagement/service) to Event Hub •Enable logging by category group for App Configuration (microsoft.appconfiguration/configurationstores) to Event Hub •Enable logging by category group for App Service Environments (microsoft.web/hostingenvironments) to Event Hub •Enable logging by category group for Application gateways (microsoft.network/applicationgateways) to Event Hub •Enable logging by category group for Application groups (microsoft.desktopvirtualization/applicationgroups) to Event Hub •Enable logging by category group for Application Insights (microsoft.insights/components) to Event Hub •Enable logging by category group for Attestation providers (microsoft.attestation/attestationproviders) to Event Hub •Enable logging by category group for Automation Accounts (microsoft.automation/automationaccounts) to Event Hub •Enable logging by category group for AVS Private clouds (microsoft.avs/privateclouds) to Event Hub •Enable logging by category group for Azure AD Domain Services (microsoft.aad/domainservices) to Event Hub •Enable logging by category group for Azure API for FHIR (microsoft.healthcareapis/services) to Event Hub •Enable logging by category group for Azure Cache for Redis (microsoft.cache/redis) to Event Hub •Enable logging by category group for Azure Cosmos DB accounts (microsoft.documentdb/databaseaccounts) to Event Hub •Enable logging by category group for Azure Data Explorer Clusters (microsoft.kusto/clusters) to Event Hub •Enable logging by category group for Azure Database for MariaDB servers (microsoft.dbformariadb/servers) to Event Hub •Enable logging by category group for Azure Database for MySQL servers (microsoft.dbformysql/servers) to Event Hub •Enable logging by category group for Azure Databricks Services (microsoft.databricks/workspaces) to Event Hub •Enable logging by category group for Azure Digital Twins (microsoft.digitaltwins/digitaltwinsinstances) to Event Hub •Enable logging by category group for Azure FarmBeats (microsoft.agfoodplatform/farmbeats) to Event Hub •Enable logging by category group for Azure Load Testing (microsoft.loadtestservice/loadtests) to Event Hub •Enable logging by category group for Azure Machine Learning (microsoft.machinelearningservices/workspaces) to Event Hub •Enable logging by category group for Azure Managed Grafana (microsoft.dashboard/grafana) to Event Hub •Enable logging by category group for Azure Spring Apps (microsoft.appplatform/spring) to Event Hub •Enable logging by category group for Azure Synapse Analytics (microsoft.synapse/workspaces) to Event Hub •Enable logging by category group for Azure Video Indexer (microsoft.videoindexer/accounts) to Event Hub •Enable logging by category group for Backup vaults (microsoft.dataprotection/backupvaults) to Event Hub •Enable logging by category group for Bastions (microsoft.network/bastionhosts) to Event Hub •Enable logging by category group for Batch accounts (microsoft.batch/batchaccounts) to Event Hub •Enable logging by category group for Bot Services (microsoft.botservice/botservices) to Event Hub •Enable logging by category group for Caches (microsoft.cache/redisenterprise/databases) to Event Hub •Enable logging by category group for Chaos Experiments (microsoft.chaos/experiments) to Event Hub •Enable logging by category group for Code Signing Accounts (microsoft.codesigning/codesigningaccounts) to Event Hub •Enable logging by category group for Cognitive Services (microsoft.cognitiveservices/accounts) to Event Hub •Enable logging by category group for Communication Services (microsoft.communication/communicationservices) to Event Hub •Enable logging by category group for Connected Cache Resources (microsoft.connectedcache/ispcustomers) to Event Hub •Enable logging by category group for Container Apps Environments (microsoft.app/managedenvironments) to Event Hub •Enable logging by category group for Container instances (microsoft.containerinstance/containergroups) to Event Hub •Enable logging by category group for Container registries (microsoft.containerregistry/registries) to Event Hub •Enable logging by category group for Data collection rules (microsoft.insights/datacollectionrules) to Event Hub •Enable logging by category group for Data factories (V2) (microsoft.datafactory/factories) to Event Hub •Enable logging by category group for Data Lake Analytics (microsoft.datalakeanalytics/accounts) to Event Hub •Enable logging by category group for Data Lake Storage Gen1 (microsoft.datalakestore/accounts) to Event Hub •Enable logging by category group for Data Shares (microsoft.datashare/accounts) to Event Hub •Enable logging by category group for Dedicated SQL pools (microsoft.synapse/workspaces/sqlpools) to Event Hub •Enable logging by category group for Dev centers (microsoft.devcenter/devcenters) to Event Hub •Enable logging by category group for DICOM service (microsoft.healthcareapis/workspaces/dicomservices) to Event Hub •Enable logging by category group for Endpoints (microsoft.cdn/profiles/endpoints) to Event Hub •Enable logging by category group for Event Grid Domains (microsoft.eventgrid/domains) to Event Hub •Enable logging by category group for Event Grid Partner Namespaces (microsoft.eventgrid/partnernamespaces) to Event Hub •Enable logging by category group for Event Grid Partner Topics (microsoft.eventgrid/partnertopics) to Event Hub •Enable logging by category group for Event Grid System Topics (microsoft.eventgrid/systemtopics) to Event Hub •Enable logging by category group for Event Grid Topics (microsoft.eventgrid/topics) to Event Hub •Enable logging by category group for Event Hubs Namespaces (microsoft.eventhub/namespaces) to Event Hub •Enable logging by category group for Experiment Workspaces (microsoft.experimentation/experimentworkspaces) to Event Hub •Enable logging by category group for ExpressRoute circuits (microsoft.network/expressroutecircuits) to Event Hub •Enable logging by category group for FHIR service (microsoft.healthcareapis/workspaces/fhirservices) to Event Hub •Enable logging by category group for Firewalls (microsoft.network/azurefirewalls) to Event Hub •Enable logging by category group for Front Door and CDN profiles (microsoft.cdn/profiles) to Event Hub •Enable logging by category group for Front Door and CDN profiles (microsoft.network/frontdoors) to Event Hub •Enable logging by category group for Host pools (microsoft.desktopvirtualization/hostpools) to Event Hub •Enable logging by category group for HPC caches (microsoft.storagecache/caches) to Event Hub •Enable logging by category group for Integration accounts (microsoft.logic/integrationaccounts) to Event Hub •Enable logging by category group for IoT Hub (microsoft.devices/iothubs) to Event Hub •Enable logging by category group for Key vaults (microsoft.keyvault/vaults) to Event Hub •Enable logging by category group for Live events (microsoft.media/mediaservices/liveevents) to Event Hub •Enable logging by category group for Load balancers (microsoft.network/loadbalancers) to Event Hub •Enable logging by category group for Log Analytics workspaces (microsoft.operationalinsights/workspaces) to Event Hub •Enable logging by category group for Logic apps (microsoft.logic/workflows) to Event Hub •Enable logging by category group for Managed CCF Apps (microsoft.confidentialledger/managedccfs) to Event Hub •Enable logging by category group for Managed databases (microsoft.sql/managedinstances/databases) to Event Hub •Enable logging by category group for Managed HSMs (microsoft.keyvault/managedhsms) to Event Hub •Enable logging by category group for Media Services (microsoft.media/mediaservices) to Event Hub •Enable logging by category group for MedTech service (microsoft.healthcareapis/workspaces/iotconnectors) to Event Hub •Enable logging by category group for Microsoft Purview accounts (microsoft.purview/accounts) to Event Hub •Enable logging by category group for microsoft.autonomousdevelopmentplatform/workspaces to Event Hub •Enable logging by category group for microsoft.azuresphere/catalogs to Event Hub •Enable logging by category group for microsoft.cdn/cdnwebapplicationfirewallpolicies to Event Hub •Enable logging by category group for microsoft.classicnetwork/networksecuritygroups to Event Hub •Enable logging by category group for microsoft.community/communitytrainings to Event Hub •Enable logging by category group for microsoft.connectedcache/enterprisemcccustomers to Event Hub •Enable logging by category group for microsoft.customproviders/resourceproviders to Event Hub •Enable logging by category group for microsoft.d365customerinsights/instances to Event Hub •Enable logging by category group for microsoft.dbformysql/flexibleservers to Event Hub •Enable logging by category group for microsoft.dbforpostgresql/flexibleservers to Event Hub •Enable logging by category group for microsoft.dbforpostgresql/servergroupsv2 to Event Hub •Enable logging by category group for microsoft.dbforpostgresql/servers to Event Hub •Enable logging by category group for microsoft.devices/provisioningservices to Event Hub •Enable logging by category group for microsoft.documentdb/cassandraclusters to Event Hub •Enable logging by category group for microsoft.documentdb/mongoclusters to Event Hub •Enable logging by category group for microsoft.insights/autoscalesettings to Event Hub •Enable logging by category group for microsoft.machinelearningservices/registries to Event Hub •Enable logging by category group for microsoft.machinelearningservices/workspaces/onlineendpoints to Event Hub •Enable logging by category group for microsoft.managednetworkfabric/networkdevices to Event Hub •Enable logging by category group for microsoft.network/dnsresolverpolicies to Event Hub •Enable logging by category group for microsoft.network/networkmanagers/ipampools to Event Hub •Enable logging by category group for microsoft.network/networksecurityperimeters to Event Hub •Enable logging by category group for microsoft.network/p2svpngateways to Event Hub •Enable logging by category group for microsoft.network/vpngateways to Event Hub •Enable logging by category group for microsoft.networkanalytics/dataproducts to Event Hub •Enable logging by category group for microsoft.networkcloud/baremetalmachines to Event Hub •Enable logging by category group for microsoft.networkcloud/clusters to Event Hub •Enable logging by category group for microsoft.networkcloud/storageappliances to Event Hub •Enable logging by category group for microsoft.networkfunction/azuretrafficcollectors to Event Hub •Enable logging by category group for microsoft.notificationhubs/namespaces/notificationhubs to Event Hub •Enable logging by category group for microsoft.openenergyplatform/energyservices to Event Hub •Enable logging by category group for microsoft.powerbi/tenants/workspaces to Event Hub •Enable logging by category group for microsoft.servicenetworking/trafficcontrollers to Event Hub •Enable logging by category group for microsoft.synapse/workspaces/kustopools to Event Hub •Enable logging by category group for microsoft.timeseriesinsights/environments to Event Hub •Enable logging by category group for microsoft.timeseriesinsights/environments/eventsources to Event Hub •Enable logging by category group for microsoft.workloads/sapvirtualinstances to Event Hub •Enable logging by category group for Network Managers (microsoft.network/networkmanagers) to Event Hub •Enable logging by category group for Network security groups (microsoft.network/networksecuritygroups) to Event Hub •Enable logging by category group for Notification Hub Namespaces (microsoft.notificationhubs/namespaces) to Event Hub •Enable logging by category group for Playwright Testing (microsoft.azureplaywrightservice/accounts) to Event Hub •Enable logging by category group for Power BI Embedded (microsoft.powerbidedicated/capacities) to Event Hub •Enable logging by category group for Public IP addresses (microsoft.network/publicipaddresses) to Event Hub •Enable logging by category group for Public IP Prefixes (microsoft.network/publicipprefixes) to Event Hub •Enable logging by category group for Recovery Services vaults (microsoft.recoveryservices/vaults) to Event Hub •Enable logging by category group for Relays (microsoft.relay/namespaces) to Event Hub •Enable logging by category group for Scaling plans (microsoft.desktopvirtualization/scalingplans) to Event Hub •Enable logging by category group for SCOPE pools (microsoft.synapse/workspaces/scopepools) to Event Hub •Enable logging by category group for Search services (microsoft.search/searchservices) to Event Hub •Enable logging by category group for Service Bus Namespaces (microsoft.servicebus/namespaces) to Event Hub •Enable logging by category group for SignalR (microsoft.signalrservice/signalr) to Event Hub •Enable logging by category group for SQL databases (microsoft.sql/servers/databases) to Event Hub •Enable logging by category group for SQL managed instances (microsoft.sql/managedinstances) to Event Hub •Enable logging by category group for Storage movers (microsoft.storagemover/storagemovers) to Event Hub •Enable logging by category group for Stream Analytics jobs (microsoft.streamanalytics/streamingjobs) to Event Hub •Enable logging by category group for Streaming Endpoints (microsoft.media/mediaservices/streamingendpoints) to Event Hub •Enable logging by category group for Traffic Manager profiles (microsoft.network/trafficmanagerprofiles) to Event Hub •Enable logging by category group for Video Analyzers (microsoft.media/videoanalyzers) to Event Hub •Enable logging by category group for Virtual network gateways (microsoft.network/virtualnetworkgateways) to Event Hub •Enable logging by category group for Virtual networks (microsoft.network/virtualnetworks) to Event Hub •Enable logging by category group for Volumes (microsoft.netapp/netappaccounts/capacitypools/volumes) to Event Hub •Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Event Hub •Enable logging by category group for Workspaces (microsoft.desktopvirtualization/workspaces) to Event Hub | ||
a638d3c7-ab3a-418d-83e6-5f17a39d4fde | Azure Event Hubs Data Receiver | Allows receive access to Azure Event Hubs resources. | False |
00002 effective control plane and data plane operations (unique) •action: 1 •read: 1 |
Actions: 001 resolved operations: 1 effective operations: 1 •read: 1 •Microsoft.EventHub/*/eventhubs/consumergroups/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.EventHub/*/receive/action | |||
2b629674-e913-4c01-ae53-ef4638d8f975 | Azure Event Hubs Data Sender | Allows send access to Azure Event Hubs resources. | False |
00002 effective control plane and data plane operations (unique) •action: 1 •read: 1 |
Actions: 001 resolved operations: 1 effective operations: 1 •read: 1 •Microsoft.EventHub/*/eventhubs/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.EventHub/*/send/action | |||
7392c568-9289-4bde-aaaa-b7131215889d | Azure Extension for SQL Server Deployment | Microsoft.AzureArcData service role to enable deployment of Azure Extension for SQL Server | False |
00002 effective control plane operations (unique) •write: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •write: 2 •Microsoft.Resources/deployments/write •Microsoft.HybridCompute/machines/extensions/write | count: 002 •[Deprecated]: Configure Arc-enabled machines running SQL Server to have SQL Server extension installed. •Subscribe eligible Arc-enabled SQL Servers instances to Extended Security Updates. | |||
0ab34830-df19-4f8c-b84e-aa85b8afa6e8 | Azure Front Door Domain Contributor | For internal use within Azure. Can manage Azure Front Door domains, but can't grant access to other users. | False |
00005 effective control plane operations (unique) •delete: 1 •read: 3 •write: 1 |
Actions: 005 resolved operations: 5 effective operations: 5 •delete: 1 •read: 3 •write: 1 •Microsoft.Cdn/operationresults/profileresults/customdomainresults/read •Microsoft.Cdn/profiles/customdomains/read •Microsoft.Cdn/profiles/customdomains/write •Microsoft.Cdn/profiles/customdomains/delete •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
0f99d363-226e-4dca-9920-b807cf8e1a5f | Azure Front Door Domain Reader | For internal use within Azure. Can view Azure Front Door domains, but can't make changes. | False |
00003 effective control plane operations (unique) •read: 3 |
Actions: 003 resolved operations: 3 effective operations: 3 •read: 3 •Microsoft.Cdn/operationresults/profileresults/customdomainresults/read •Microsoft.Cdn/profiles/customdomains/read •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
662802e2-50f6-46b0-aed2-e834bacc6d12 | Azure Front Door Profile Reader | Can view AFD standard and premium profiles and their endpoints, but can't make changes. | False |
00153 effective control plane operations (unique) •: 1 •action: 42 •delete: 18 •read: 74 •write: 18 |
Actions: 017 resolved operations: 153 effective operations: 153 •: 1 •action: 42 •delete: 18 •read: 74 •write: 18 •Microsoft.Authorization/*/read •Microsoft.Cdn/edgenodes/read •Microsoft.Cdn/operationresults/* •Microsoft.Cdn/profiles/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Cdn/operationresults/profileresults/afdendpointresults/CheckCustomDomainDNSMappingStatus/action •Microsoft.Cdn/profiles/queryloganalyticsmetrics/action •Microsoft.Cdn/profiles/queryloganalyticsrankings/action •Microsoft.Cdn/profiles/querywafloganalyticsmetrics/action •Microsoft.Cdn/profiles/querywafloganalyticsrankings/action •Microsoft.Cdn/profiles/afdendpoints/CheckCustomDomainDNSMappingStatus/action •Microsoft.Cdn/profiles/Usages/action •Microsoft.Cdn/profiles/afdendpoints/Usages/action •Microsoft.Cdn/profiles/origingroups/Usages/action •Microsoft.Cdn/profiles/rulesets/Usages/action | ||||
3f2eb865-5811-4578-b90a-6fc6fa0df8e5 | Azure Front Door Secret Contributor | For internal use within Azure. Can manage Azure Front Door secrets, but can't grant access to other users. | False |
00005 effective control plane operations (unique) •delete: 1 •read: 3 •write: 1 |
Actions: 005 resolved operations: 5 effective operations: 5 •delete: 1 •read: 3 •write: 1 •Microsoft.Cdn/operationresults/profileresults/secretresults/read •Microsoft.Cdn/profiles/secrets/read •Microsoft.Cdn/profiles/secrets/write •Microsoft.Cdn/profiles/secrets/delete •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
0db238c4-885e-4c4f-a933-aa2cef684fca | Azure Front Door Secret Reader | For internal use within Azure. Can view Azure Front Door secrets, but can't make changes. | False |
00003 effective control plane operations (unique) •read: 3 |
Actions: 003 resolved operations: 3 effective operations: 3 •read: 3 •Microsoft.Cdn/operationresults/profileresults/secretresults/read •Microsoft.Cdn/profiles/secrets/read •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
5d9c6a55-fc0e-4e21-ae6f-f7b095497342 | Azure Hybrid Database Administrator - Read Only Service Role | Read only access to Azure hybrid database services resources. | False |
00016 effective control plane operations (unique) •action: 2 •read: 14 |
Actions: 006 resolved operations: 16 effective operations: 16 •action: 2 •read: 14 •Microsoft.AzureArcData/*/read •Microsoft.AzureArcData/sqlServerInstances/getTelemetry/action •Microsoft.AzureArcData/sqlServerInstances/availabilityGroups/getDetailView/action •Microsoft.HybridCompute/machines/read •Microsoft.HybridCompute/machines/extensions/read •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
dfb2f09d-25f8-4558-8986-497084006d7a | Azure impact-insight reader | built-in role for azure impact-insight read access | False |
00001 effective control plane operations (unique) •Read: 1 |
Actions: 001 resolved operations: 1 effective operations: 1 •Read: 1 •Microsoft.Impact/WorkloadImpacts/*/read | ||||
63bb64ad-9799-4770-b5c3-24ed299a07bf | Azure Kubernetes Fleet Manager Contributor Role | Grants read/write access to Azure resources provided by Azure Kubernetes Fleet Manager, including fleets, fleet members, fleet update strategies, fleet update runs, etc. | False |
00027 effective control plane operations (unique) •action: 7 •delete: 6 •read: 8 •write: 6 |
Actions: 002 resolved operations: 27 effective operations: 27 •action: 7 •delete: 6 •read: 8 •write: 6 •Microsoft.ContainerService/fleets/* •Microsoft.Resources/deployments/* | ||||
434fb43a-c01c-447e-9f67-c3ad923cfaba | Azure Kubernetes Fleet Manager RBAC Admin | Grants read/write access to Kubernetes resources within a namespace in the fleet-managed hub cluster - provides write permissions on most objects within a a namespace, with the exception of ResourceQuota object and the namespace object itself. Applying this role at cluster scope will give access across all namespaces. | False |
00114 effective control plane and data plane operations (unique) •action: 4 •delete: 23 •read: 63 •write: 24 |
Actions: 006 resolved operations: 32 effective operations: 32 •action: 1 •read: 31 •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.ContainerService/fleets/read •Microsoft.ContainerService/fleets/listCredentials/action | DataActions: 034 resolved data operations: 82 effective data operations: 82 •action: 3 •delete: 23 •read: 32 •write: 24 •Microsoft.ContainerService/fleets/apps/controllerrevisions/read •Microsoft.ContainerService/fleets/apps/daemonsets/* •Microsoft.ContainerService/fleets/apps/deployments/* •Microsoft.ContainerService/fleets/apps/statefulsets/* •Microsoft.ContainerService/fleets/authorization.k8s.io/localsubjectaccessreviews/write •Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/* •Microsoft.ContainerService/fleets/batch/cronjobs/* •Microsoft.ContainerService/fleets/batch/jobs/* •Microsoft.ContainerService/fleets/configmaps/* •Microsoft.ContainerService/fleets/endpoints/* •Microsoft.ContainerService/fleets/events.k8s.io/events/read •Microsoft.ContainerService/fleets/events/read •Microsoft.ContainerService/fleets/extensions/daemonsets/* •Microsoft.ContainerService/fleets/extensions/deployments/* •Microsoft.ContainerService/fleets/extensions/ingresses/* •Microsoft.ContainerService/fleets/extensions/networkpolicies/* •Microsoft.ContainerService/fleets/limitranges/read •Microsoft.ContainerService/fleets/namespaces/read •Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/* •Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/* •Microsoft.ContainerService/fleets/persistentvolumeclaims/* •Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/* •Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/rolebindings/* •Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/roles/* •Microsoft.ContainerService/fleets/replicationcontrollers/* •Microsoft.ContainerService/fleets/replicationcontrollers/* •Microsoft.ContainerService/fleets/resourcequotas/read •Microsoft.ContainerService/fleets/secrets/* •Microsoft.ContainerService/fleets/serviceaccounts/* •Microsoft.ContainerService/fleets/services/* •Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/internalmemberclusters/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverrides/* •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverridesnapshots/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/works/read | |||
18ab4d3d-a1bf-4477-8ad9-8359bc988f69 | Azure Kubernetes Fleet Manager RBAC Cluster Admin | Grants read/write access to all Kubernetes resources in the fleet-managed hub cluster. | False |
00351 effective control plane and data plane operations (unique) •action: 10 •delete: 60 •read: 215 •write: 66 |
Actions: 006 resolved operations: 32 effective operations: 32 •action: 1 •read: 31 •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.ContainerService/fleets/read •Microsoft.ContainerService/fleets/listCredentials/action | DataActions: 001 resolved data operations: 319 effective data operations: 319 •action: 9 •delete: 60 •read: 184 •write: 66 •Microsoft.ContainerService/fleets/* | |||
bd80684d-2f5f-4130-892a-0955546282de | Azure Kubernetes Fleet Manager RBAC Cluster Reader | Grants read-only access to most Kubernetes cluster-scoped resources in the fleet-managed hub cluster. | False |
00037 effective control plane and data plane operations (unique) •action: 1 •read: 36 |
Actions: 002 resolved operations: 2 effective operations: 2 •action: 1 •read: 1 •Microsoft.ContainerService/fleets/read •Microsoft.ContainerService/fleets/listCredentials/action | DataActions: 035 resolved data operations: 35 effective data operations: 35 •read: 35 •Microsoft.ContainerService/fleets/apiextensions.k8s.io/customresourcedefinitions/read •Microsoft.ContainerService/fleets/apps/controllerrevisions/read •Microsoft.ContainerService/fleets/apps/daemonsets/read •Microsoft.ContainerService/fleets/apps/deployments/read •Microsoft.ContainerService/fleets/apps/statefulsets/read •Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/read •Microsoft.ContainerService/fleets/batch/cronjobs/read •Microsoft.ContainerService/fleets/batch/jobs/read •Microsoft.ContainerService/fleets/configmaps/read •Microsoft.ContainerService/fleets/endpoints/read •Microsoft.ContainerService/fleets/events.k8s.io/events/read •Microsoft.ContainerService/fleets/events/read •Microsoft.ContainerService/fleets/extensions/daemonsets/read •Microsoft.ContainerService/fleets/extensions/deployments/read •Microsoft.ContainerService/fleets/extensions/ingresses/read •Microsoft.ContainerService/fleets/extensions/networkpolicies/read •Microsoft.ContainerService/fleets/limitranges/read •Microsoft.ContainerService/fleets/namespaces/read •Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/read •Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/read •Microsoft.ContainerService/fleets/nodes/read •Microsoft.ContainerService/fleets/persistentvolumes/read •Microsoft.ContainerService/fleets/persistentvolumeclaims/read •Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/read •Microsoft.ContainerService/fleets/replicationcontrollers/read •Microsoft.ContainerService/fleets/resourcequotas/read •Microsoft.ContainerService/fleets/serviceaccounts/read •Microsoft.ContainerService/fleets/services/read •Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/memberclusters/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceplacements/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourcebindings/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourcesnapshots/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterschedulingpolicysnapshots/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverrides/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverridesnapshots/read | |||
1dc4cd5a-de51-4ee4-bc8e-b40e9c17e320 | Azure Kubernetes Fleet Manager RBAC Cluster Writer | Grants read/write access to most Kubernetes cluster-scoped resources in the fleet-managed hub cluster. | False |
00063 effective control plane and data plane operations (unique) •action: 1 •read: 37 •write: 25 |
Actions: 002 resolved operations: 2 effective operations: 2 •action: 1 •read: 1 •Microsoft.ContainerService/fleets/read •Microsoft.ContainerService/fleets/listCredentials/action | DataActions: 061 resolved data operations: 61 effective data operations: 61 •read: 36 •write: 25 •Microsoft.ContainerService/fleets/apiextensions.k8s.io/customresourcedefinitions/read •Microsoft.ContainerService/fleets/apps/controllerrevisions/read •Microsoft.ContainerService/fleets/apps/daemonsets/read •Microsoft.ContainerService/fleets/apps/daemonsets/write •Microsoft.ContainerService/fleets/apps/deployments/read •Microsoft.ContainerService/fleets/apps/deployments/write •Microsoft.ContainerService/fleets/apps/statefulsets/read •Microsoft.ContainerService/fleets/apps/statefulsets/write •Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/read •Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/write •Microsoft.ContainerService/fleets/batch/cronjobs/read •Microsoft.ContainerService/fleets/batch/cronjobs/write •Microsoft.ContainerService/fleets/batch/jobs/read •Microsoft.ContainerService/fleets/batch/jobs/write •Microsoft.ContainerService/fleets/configmaps/read •Microsoft.ContainerService/fleets/configmaps/write •Microsoft.ContainerService/fleets/endpoints/read •Microsoft.ContainerService/fleets/endpoints/write •Microsoft.ContainerService/fleets/events.k8s.io/events/read •Microsoft.ContainerService/fleets/events/read •Microsoft.ContainerService/fleets/extensions/daemonsets/read •Microsoft.ContainerService/fleets/extensions/daemonsets/write •Microsoft.ContainerService/fleets/extensions/deployments/read •Microsoft.ContainerService/fleets/extensions/deployments/write •Microsoft.ContainerService/fleets/extensions/ingresses/read •Microsoft.ContainerService/fleets/extensions/ingresses/write •Microsoft.ContainerService/fleets/extensions/networkpolicies/read •Microsoft.ContainerService/fleets/extensions/networkpolicies/write •Microsoft.ContainerService/fleets/limitranges/read •Microsoft.ContainerService/fleets/namespaces/read •Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/read •Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/write •Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/read •Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/write •Microsoft.ContainerService/fleets/nodes/read •Microsoft.ContainerService/fleets/nodes/write •Microsoft.ContainerService/fleets/persistentvolumes/read •Microsoft.ContainerService/fleets/persistentvolumes/write •Microsoft.ContainerService/fleets/persistentvolumeclaims/read •Microsoft.ContainerService/fleets/persistentvolumeclaims/write •Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/read •Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/write •Microsoft.ContainerService/fleets/replicationcontrollers/read •Microsoft.ContainerService/fleets/replicationcontrollers/write •Microsoft.ContainerService/fleets/resourcequotas/read •Microsoft.ContainerService/fleets/secrets/read •Microsoft.ContainerService/fleets/secrets/write •Microsoft.ContainerService/fleets/serviceaccounts/read •Microsoft.ContainerService/fleets/serviceaccounts/write •Microsoft.ContainerService/fleets/services/read •Microsoft.ContainerService/fleets/services/write •Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/memberclusters/read •Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/memberclusters/write •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceplacements/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceplacements/write •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourcebindings/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourcesnapshots/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterschedulingpolicysnapshots/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverrides/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverrides/write •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/clusterresourceoverridesnapshots/read | |||
30b27cfc-9c84-438e-b0ce-70e35255df80 | Azure Kubernetes Fleet Manager RBAC Reader | Grants read-only access to most Kubernetes resources within a namespace in the fleet-managed hub cluster. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. | False |
00061 effective control plane and data plane operations (unique) •action: 1 •read: 60 |
Actions: 006 resolved operations: 32 effective operations: 32 •action: 1 •read: 31 •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.ContainerService/fleets/read •Microsoft.ContainerService/fleets/listCredentials/action | DataActions: 030 resolved data operations: 29 effective data operations: 29 •read: 29 •Microsoft.ContainerService/fleets/apps/controllerrevisions/read •Microsoft.ContainerService/fleets/apps/daemonsets/read •Microsoft.ContainerService/fleets/apps/deployments/read •Microsoft.ContainerService/fleets/apps/statefulsets/read •Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/read •Microsoft.ContainerService/fleets/batch/cronjobs/read •Microsoft.ContainerService/fleets/batch/jobs/read •Microsoft.ContainerService/fleets/configmaps/read •Microsoft.ContainerService/fleets/endpoints/read •Microsoft.ContainerService/fleets/events.k8s.io/events/read •Microsoft.ContainerService/fleets/events/read •Microsoft.ContainerService/fleets/extensions/daemonsets/read •Microsoft.ContainerService/fleets/extensions/deployments/read •Microsoft.ContainerService/fleets/extensions/ingresses/read •Microsoft.ContainerService/fleets/extensions/networkpolicies/read •Microsoft.ContainerService/fleets/limitranges/read •Microsoft.ContainerService/fleets/namespaces/read •Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/read •Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/read •Microsoft.ContainerService/fleets/persistentvolumeclaims/read •Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/read •Microsoft.ContainerService/fleets/replicationcontrollers/read •Microsoft.ContainerService/fleets/replicationcontrollers/read •Microsoft.ContainerService/fleets/resourcequotas/read •Microsoft.ContainerService/fleets/serviceaccounts/read •Microsoft.ContainerService/fleets/services/read •Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/internalmemberclusters/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverrides/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverridesnapshots/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/works/read | |||
5af6afb3-c06c-4fa4-8848-71a8aee05683 | Azure Kubernetes Fleet Manager RBAC Writer | Grants read/write access to most Kubernetes resources within a namespace in the fleet-managed hub cluster. This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces. | False |
00083 effective control plane and data plane operations (unique) •action: 1 •read: 61 •write: 21 |
Actions: 006 resolved operations: 32 effective operations: 32 •action: 1 •read: 31 •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.ContainerService/fleets/read •Microsoft.ContainerService/fleets/listCredentials/action | DataActions: 051 resolved data operations: 51 effective data operations: 51 •read: 30 •write: 21 •Microsoft.ContainerService/fleets/apps/controllerrevisions/read •Microsoft.ContainerService/fleets/apps/daemonsets/read •Microsoft.ContainerService/fleets/apps/daemonsets/write •Microsoft.ContainerService/fleets/apps/deployments/read •Microsoft.ContainerService/fleets/apps/deployments/write •Microsoft.ContainerService/fleets/apps/statefulsets/read •Microsoft.ContainerService/fleets/apps/statefulsets/write •Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/read •Microsoft.ContainerService/fleets/autoscaling/horizontalpodautoscalers/write •Microsoft.ContainerService/fleets/batch/cronjobs/read •Microsoft.ContainerService/fleets/batch/cronjobs/write •Microsoft.ContainerService/fleets/batch/jobs/read •Microsoft.ContainerService/fleets/batch/jobs/write •Microsoft.ContainerService/fleets/configmaps/read •Microsoft.ContainerService/fleets/configmaps/write •Microsoft.ContainerService/fleets/endpoints/read •Microsoft.ContainerService/fleets/endpoints/write •Microsoft.ContainerService/fleets/events.k8s.io/events/read •Microsoft.ContainerService/fleets/events/read •Microsoft.ContainerService/fleets/extensions/daemonsets/read •Microsoft.ContainerService/fleets/extensions/daemonsets/write •Microsoft.ContainerService/fleets/extensions/deployments/read •Microsoft.ContainerService/fleets/extensions/deployments/write •Microsoft.ContainerService/fleets/extensions/ingresses/read •Microsoft.ContainerService/fleets/extensions/ingresses/write •Microsoft.ContainerService/fleets/extensions/networkpolicies/read •Microsoft.ContainerService/fleets/extensions/networkpolicies/write •Microsoft.ContainerService/fleets/limitranges/read •Microsoft.ContainerService/fleets/namespaces/read •Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/read •Microsoft.ContainerService/fleets/networking.k8s.io/ingresses/write •Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/read •Microsoft.ContainerService/fleets/networking.k8s.io/networkpolicies/write •Microsoft.ContainerService/fleets/persistentvolumeclaims/read •Microsoft.ContainerService/fleets/persistentvolumeclaims/write •Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/read •Microsoft.ContainerService/fleets/policy/poddisruptionbudgets/write •Microsoft.ContainerService/fleets/replicationcontrollers/read •Microsoft.ContainerService/fleets/replicationcontrollers/write •Microsoft.ContainerService/fleets/resourcequotas/read •Microsoft.ContainerService/fleets/secrets/read •Microsoft.ContainerService/fleets/secrets/write •Microsoft.ContainerService/fleets/serviceaccounts/read •Microsoft.ContainerService/fleets/serviceaccounts/write •Microsoft.ContainerService/fleets/services/read •Microsoft.ContainerService/fleets/services/write •Microsoft.ContainerService/fleets/cluster.kubernetes-fleet.io/internalmemberclusters/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverrides/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverrides/write •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/resourceoverridesnapshots/read •Microsoft.ContainerService/fleets/placement.kubernetes-fleet.io/works/read | |||
b29efa5f-7782-4dc3-9537-4d5bc70a5e9f | Azure Kubernetes Service Arc Cluster Admin Role | List cluster admin credential action. | False |
00003 effective control plane operations (unique) •action: 1 •read: 2 |
Actions: 003 resolved operations: 3 effective operations: 3 •action: 1 •read: 2 •Microsoft.HybridContainerService/provisionedClusterInstances/read •Microsoft.HybridContainerService/provisionedClusterInstances/listAdminKubeconfig/action •Microsoft.Kubernetes/connectedClusters/Read | ||||
233ca253-b031-42ff-9fba-87ef12d6b55f | Azure Kubernetes Service Arc Cluster User Role | List cluster user credential action. | False |
00003 effective control plane operations (unique) •action: 1 •read: 2 |
Actions: 003 resolved operations: 3 effective operations: 3 •action: 1 •read: 2 •Microsoft.HybridContainerService/provisionedClusterInstances/read •Microsoft.HybridContainerService/provisionedClusterInstances/listUserKubeconfig/action •Microsoft.Kubernetes/connectedClusters/Read | ||||
5d3f1697-4507-4d08-bb4a-477695db5f82 | Azure Kubernetes Service Arc Contributor Role | Grants access to read and write Azure Kubernetes Services hybrid clusters | False |
00025 effective control plane operations (unique) •action: 2 •delete: 6 •Read: 11 •write: 6 |
Actions: 025 resolved operations: 25 effective operations: 25 •action: 2 •delete: 6 •Read: 11 •write: 6 •Microsoft.HybridContainerService/Locations/operationStatuses/read •Microsoft.HybridContainerService/Operations/read •Microsoft.HybridContainerService/kubernetesVersions/read •Microsoft.HybridContainerService/kubernetesVersions/write •Microsoft.HybridContainerService/kubernetesVersions/delete •Microsoft.HybridContainerService/provisionedClusterInstances/read •Microsoft.HybridContainerService/provisionedClusterInstances/write •Microsoft.HybridContainerService/provisionedClusterInstances/delete •Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/read •Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/write •Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/delete •Microsoft.HybridContainerService/provisionedClusterInstances/upgradeProfiles/read •Microsoft.HybridContainerService/skus/read •Microsoft.HybridContainerService/skus/write •Microsoft.HybridContainerService/skus/delete •Microsoft.HybridContainerService/virtualNetworks/read •Microsoft.HybridContainerService/virtualNetworks/write •Microsoft.HybridContainerService/virtualNetworks/delete •Microsoft.ExtendedLocation/customLocations/deploy/action •Microsoft.ExtendedLocation/customLocations/read •Microsoft.Kubernetes/connectedClusters/Read •Microsoft.Kubernetes/connectedClusters/Write •Microsoft.Kubernetes/connectedClusters/Delete •Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action •Microsoft.AzureStackHCI/clusters/read | ||||
0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8 | Azure Kubernetes Service Cluster Admin Role | List cluster admin credential action. | False |
00004 effective control plane operations (unique) •action: 3 •read: 1 |
Actions: 004 resolved operations: 4 effective operations: 4 •action: 3 •read: 1 •Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action •Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action •Microsoft.ContainerService/managedClusters/read •Microsoft.ContainerService/managedClusters/runcommand/action | ||||
1afdec4b-e479-420e-99e7-f82237c7c5e6 | Azure Kubernetes Service Cluster Monitoring User | List cluster monitoring user credential action. | False |
00002 effective control plane operations (unique) •action: 1 •read: 1 |
Actions: 002 resolved operations: 2 effective operations: 2 •action: 1 •read: 1 •Microsoft.ContainerService/managedClusters/listClusterMonitoringUserCredential/action •Microsoft.ContainerService/managedClusters/read | ||||
4abbcc35-e782-43d8-92c5-2d3f1bd2253f | Azure Kubernetes Service Cluster User Role | List cluster user credential action. | False |
00002 effective control plane operations (unique) •action: 1 •read: 1 |
Actions: 002 resolved operations: 2 effective operations: 2 •action: 1 •read: 1 •Microsoft.ContainerService/managedClusters/listClusterUserCredential/action •Microsoft.ContainerService/managedClusters/read | ||||
ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8 | Azure Kubernetes Service Contributor Role | Grants access to read and write Azure Kubernetes Service clusters | False |
00118 effective control plane operations (unique) •: 1 •action: 23 •delete: 13 •read: 66 •write: 15 |
Actions: 008 resolved operations: 118 effective operations: 118 •: 1 •action: 23 •delete: 13 •read: 66 •write: 15 •Microsoft.Authorization/*/read •Microsoft.ContainerService/locations/* •Microsoft.ContainerService/managedClusters/* •Microsoft.ContainerService/managedclustersnapshots/* •Microsoft.ContainerService/snapshots/* •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | count: 006 •[Preview]: Deploy Image Integrity on Azure Kubernetes Service •Configure Microsoft Entra ID integrated Azure Kubernetes Service Clusters with required Admin Group Access •Configure Node OS Auto upgrade on Azure Kubernetes Cluster •Deploy Azure Policy Add-on to Azure Kubernetes Service clusters •Deploy Image Cleaner on Azure Kubernetes Service •Disable Command Invoke on Azure Kubernetes Service clusters | |||
b5092dac-c796-4349-8681-1a322a31c3f9 | Azure Kubernetes Service Hybrid Cluster Admin Role | List cluster admin credential action. | False |
00003 effective control plane operations (unique) •action: 1 •read: 2 |
Actions: 003 resolved operations: 3 effective operations: 3 •action: 1 •read: 2 •Microsoft.HybridContainerService/provisionedClusterInstances/read •Microsoft.HybridContainerService/provisionedClusterInstances/listAdminKubeconfig/action •Microsoft.Kubernetes/connectedClusters/Read | ||||
fc3f91a1-40bf-4439-8c46-45edbd83563a | Azure Kubernetes Service Hybrid Cluster User Role | List cluster user credential action. | False |
00003 effective control plane operations (unique) •action: 1 •read: 2 |
Actions: 003 resolved operations: 3 effective operations: 3 •action: 1 •read: 2 •Microsoft.HybridContainerService/provisionedClusterInstances/read •Microsoft.HybridContainerService/provisionedClusterInstances/listUserKubeconfig/action •Microsoft.Kubernetes/connectedClusters/Read | ||||
e7037d40-443a-4434-a3fb-8cd202011e1d | Azure Kubernetes Service Hybrid Contributor Role | Grants access to read and write Azure Kubernetes Services hybrid clusters | False |
00024 effective control plane operations (unique) •action: 2 •delete: 6 •read: 10 •write: 6 |
Actions: 024 resolved operations: 24 effective operations: 24 •action: 2 •delete: 6 •read: 10 •write: 6 •Microsoft.HybridContainerService/Locations/operationStatuses/read •Microsoft.HybridContainerService/Operations/read •Microsoft.HybridContainerService/kubernetesVersions/read •Microsoft.HybridContainerService/kubernetesVersions/write •Microsoft.HybridContainerService/kubernetesVersions/delete •Microsoft.HybridContainerService/provisionedClusterInstances/read •Microsoft.HybridContainerService/provisionedClusterInstances/write •Microsoft.HybridContainerService/provisionedClusterInstances/delete •Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/read •Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/write •Microsoft.HybridContainerService/provisionedClusterInstances/agentPools/delete •Microsoft.HybridContainerService/provisionedClusterInstances/upgradeProfiles/read •Microsoft.HybridContainerService/skus/read •Microsoft.HybridContainerService/skus/write •Microsoft.HybridContainerService/skus/delete •Microsoft.HybridContainerService/virtualNetworks/read •Microsoft.HybridContainerService/virtualNetworks/write •Microsoft.HybridContainerService/virtualNetworks/delete •Microsoft.Kubernetes/connectedClusters/Read •Microsoft.Kubernetes/connectedClusters/Write •Microsoft.Kubernetes/connectedClusters/Delete •Microsoft.Kubernetes/connectedClusters/listClusterUserCredential/action •Microsoft.ExtendedLocation/customLocations/deploy/action •Microsoft.ExtendedLocation/customLocations/read | ||||
18ed5180-3e48-46fd-8541-4ea054d57064 | Azure Kubernetes Service Policy Add-on Deployment | Deploy the Azure Policy add-on on Azure Kubernetes Service clusters | False |
00014 effective control plane operations (unique) •action: 7 •delete: 1 •read: 4 •write: 2 |
Actions: 006 resolved operations: 14 effective operations: 14 •action: 7 •delete: 1 •read: 4 •write: 2 •Microsoft.Resources/deployments/* •Microsoft.Network/virtualNetworks/subnets/join/action •Microsoft.Network/publicIPPrefixes/join/action •Microsoft.Network/publicIPAddresses/join/action •Microsoft.Compute/diskEncryptionSets/read •Microsoft.Compute/proximityPlacementGroups/write | count: 006 •[Preview]: Deploy Image Integrity on Azure Kubernetes Service •Configure Microsoft Entra ID integrated Azure Kubernetes Service Clusters with required Admin Group Access •Configure Node OS Auto upgrade on Azure Kubernetes Cluster •Deploy Azure Policy Add-on to Azure Kubernetes Service clusters •Deploy Image Cleaner on Azure Kubernetes Service •Disable Command Invoke on Azure Kubernetes Service clusters | |||
3498e952-d568-435e-9b2c-8d77e338d7f7 | Azure Kubernetes Service RBAC Admin | Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. | False |
00371 effective control plane and data plane operations (unique) •action: 11 •delete: 66 •read: 222 •write: 72 |
Actions: 005 resolved operations: 31 effective operations: 31 •action: 1 •read: 30 •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.ContainerService/managedClusters/listClusterUserCredential/action | DataActions: 001 resolved data operations: 344 effective data operations: 340 •action: 10 •delete: 66 •read: 192 •write: 72 •Microsoft.ContainerService/managedClusters/* | NotDataActions: 004 resolved not data operations: 4 effective not data operations: 2963 •Microsoft.ContainerService/managedClusters/resourcequotas/write •Microsoft.ContainerService/managedClusters/resourcequotas/delete •Microsoft.ContainerService/managedClusters/namespaces/write •Microsoft.ContainerService/managedClusters/namespaces/delete | ||
b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b | Azure Kubernetes Service RBAC Cluster Admin | Lets you manage all resources in the cluster. | False |
00375 effective control plane and data plane operations (unique) •action: 11 •delete: 68 •read: 222 •write: 74 |
Actions: 005 resolved operations: 31 effective operations: 31 •action: 1 •read: 30 •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.ContainerService/managedClusters/listClusterUserCredential/action | DataActions: 001 resolved data operations: 344 effective data operations: 344 •action: 10 •delete: 68 •read: 192 •write: 74 •Microsoft.ContainerService/managedClusters/* | |||
7f6c6a51-bcf8-42ba-9220-52d62157d7db | Azure Kubernetes Service RBAC Reader | Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. | False |
00061 effective control plane and data plane operations (unique) •read: 61 |
Actions: 004 resolved operations: 30 effective operations: 30 •read: 30 •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read | DataActions: 031 resolved data operations: 31 effective data operations: 31 •read: 31 •Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read •Microsoft.ContainerService/managedClusters/apps/daemonsets/read •Microsoft.ContainerService/managedClusters/apps/deployments/read •Microsoft.ContainerService/managedClusters/apps/replicasets/read •Microsoft.ContainerService/managedClusters/apps/statefulsets/read •Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read •Microsoft.ContainerService/managedClusters/batch/cronjobs/read •Microsoft.ContainerService/managedClusters/batch/jobs/read •Microsoft.ContainerService/managedClusters/configmaps/read •Microsoft.ContainerService/managedClusters/discovery.k8s.io/endpointslices/read •Microsoft.ContainerService/managedClusters/endpoints/read •Microsoft.ContainerService/managedClusters/events.k8s.io/events/read •Microsoft.ContainerService/managedClusters/events/read •Microsoft.ContainerService/managedClusters/extensions/daemonsets/read •Microsoft.ContainerService/managedClusters/extensions/deployments/read •Microsoft.ContainerService/managedClusters/extensions/ingresses/read •Microsoft.ContainerService/managedClusters/extensions/networkpolicies/read •Microsoft.ContainerService/managedClusters/extensions/replicasets/read •Microsoft.ContainerService/managedClusters/limitranges/read •Microsoft.ContainerService/managedClusters/metrics.k8s.io/pods/read •Microsoft.ContainerService/managedClusters/metrics.k8s.io/nodes/read •Microsoft.ContainerService/managedClusters/namespaces/read •Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read •Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read •Microsoft.ContainerService/managedClusters/persistentvolumeclaims/read •Microsoft.ContainerService/managedClusters/pods/read •Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read •Microsoft.ContainerService/managedClusters/replicationcontrollers/read •Microsoft.ContainerService/managedClusters/resourcequotas/read •Microsoft.ContainerService/managedClusters/serviceaccounts/read •Microsoft.ContainerService/managedClusters/services/read | |||
a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb | Azure Kubernetes Service RBAC Writer | Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces. | False |
00115 effective control plane and data plane operations (unique) •action: 2 •delete: 25 •read: 63 •write: 25 |
Actions: 004 resolved operations: 30 effective operations: 30 •read: 30 •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read | DataActions: 035 resolved data operations: 85 effective data operations: 85 •action: 2 •delete: 25 •read: 33 •write: 25 •Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read •Microsoft.ContainerService/managedClusters/apps/daemonsets/* •Microsoft.ContainerService/managedClusters/apps/deployments/* •Microsoft.ContainerService/managedClusters/apps/replicasets/* •Microsoft.ContainerService/managedClusters/apps/statefulsets/* •Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/* •Microsoft.ContainerService/managedClusters/batch/cronjobs/* •Microsoft.ContainerService/managedClusters/coordination.k8s.io/leases/read •Microsoft.ContainerService/managedClusters/coordination.k8s.io/leases/write •Microsoft.ContainerService/managedClusters/coordination.k8s.io/leases/delete •Microsoft.ContainerService/managedClusters/discovery.k8s.io/endpointslices/read •Microsoft.ContainerService/managedClusters/batch/jobs/* •Microsoft.ContainerService/managedClusters/configmaps/* •Microsoft.ContainerService/managedClusters/endpoints/* •Microsoft.ContainerService/managedClusters/events.k8s.io/events/read •Microsoft.ContainerService/managedClusters/events/* •Microsoft.ContainerService/managedClusters/extensions/daemonsets/* •Microsoft.ContainerService/managedClusters/extensions/deployments/* •Microsoft.ContainerService/managedClusters/extensions/ingresses/* •Microsoft.ContainerService/managedClusters/extensions/networkpolicies/* •Microsoft.ContainerService/managedClusters/extensions/replicasets/* •Microsoft.ContainerService/managedClusters/limitranges/read •Microsoft.ContainerService/managedClusters/metrics.k8s.io/pods/read •Microsoft.ContainerService/managedClusters/metrics.k8s.io/nodes/read •Microsoft.ContainerService/managedClusters/namespaces/read •Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/* •Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/* •Microsoft.ContainerService/managedClusters/persistentvolumeclaims/* •Microsoft.ContainerService/managedClusters/pods/* •Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/* •Microsoft.ContainerService/managedClusters/replicationcontrollers/* •Microsoft.ContainerService/managedClusters/resourcequotas/read •Microsoft.ContainerService/managedClusters/secrets/* •Microsoft.ContainerService/managedClusters/serviceaccounts/* •Microsoft.ContainerService/managedClusters/services/* | |||
ea01e6af-a1c1-4350-9563-ad00f8c72ec5 | Azure Machine Learning Workspace Connection Secrets Reader | Can list workspace connection secrets | False |
00002 effective control plane operations (unique) •action: 1 •read: 1 |
Actions: 002 resolved operations: 2 effective operations: 2 •action: 1 •read: 1 •Microsoft.MachineLearningServices/workspaces/connections/listsecrets/action •Microsoft.MachineLearningServices/workspaces/metadata/secrets/read | ||||
5c2d7e57-b7c2-4d8a-be4f-82afa42c6e95 | Azure Managed Grafana Workspace Contributor | Can manage Azure Managed Grafana resources, without providing access to the workspaces themselves. | False |
00056 effective control plane operations (unique) •action: 10 •delete: 6 •read: 33 •write: 7 |
Actions: 030 resolved operations: 56 effective operations: 56 •action: 10 •delete: 6 •read: 33 •write: 7 •Microsoft.Dashboard/grafana/write •Microsoft.Dashboard/grafana/delete •Microsoft.Dashboard/grafana/PrivateEndpointConnectionsApproval/action •Microsoft.Dashboard/grafana/managedPrivateEndpoints/action •Microsoft.Dashboard/locations/operationStatuses/write •Microsoft.Dashboard/grafana/privateEndpointConnectionProxies/validate/action •Microsoft.Dashboard/grafana/privateEndpointConnectionProxies/write •Microsoft.Dashboard/grafana/privateEndpointConnectionProxies/delete •Microsoft.Dashboard/grafana/privateEndpointConnections/write •Microsoft.Dashboard/grafana/privateEndpointConnections/delete •Microsoft.Dashboard/grafana/managedPrivateEndpoints/write •Microsoft.Dashboard/grafana/managedPrivateEndpoints/delete •Microsoft.Authorization/*/read •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/deployments/delete •Microsoft.Resources/deployments/cancel/action •Microsoft.Resources/deployments/validate/action •Microsoft.Resources/deployments/whatIf/action •Microsoft.Resources/deployments/exportTemplate/action •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/operationstatuses/read •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
dba33070-676a-4fb0-87fa-064dc56ff7fb | Azure Maps Contributor | Grants access all Azure Maps resource management. | False |
00062 effective control plane operations (unique) •action: 10 •delete: 5 •read: 41 •write: 6 |
Actions: 004 resolved operations: 62 effective operations: 62 •action: 10 •delete: 5 •read: 41 •write: 6 •Microsoft.Maps/* •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204 | Azure Maps Data Contributor | Grants access to read, write, and delete access to map related data from an Azure maps account. | False |
00019 effective data plane operations (unique) •action: 1 •delete: 2 •read: 12 •write: 4 |
DataActions: 004 resolved data operations: 19 effective data operations: 19 •action: 1 •delete: 2 •read: 12 •write: 4 •Microsoft.Maps/accounts/*/read •Microsoft.Maps/accounts/*/write •Microsoft.Maps/accounts/*/delete •Microsoft.Maps/accounts/*/action | ||||
d6470a16-71bd-43ab-86b3-6f3a73f4e787 | Azure Maps Data Read and Batch Role | This role can be used to assign read and batch actions on Azure Maps. | False |
00013 effective data plane operations (unique) •action: 1 •read: 12 |
DataActions: 002 resolved data operations: 13 effective data operations: 13 •action: 1 •read: 12 •Microsoft.Maps/accounts/services/*/read •Microsoft.Maps/accounts/services/batch/action | ||||
423170ca-a8f6-4b0f-8487-9e4eb8f49bfa | Azure Maps Data Reader | Grants access to read map related data from an Azure maps account. | False |
00012 effective data plane operations (unique) •read: 12 |
DataActions: 001 resolved data operations: 12 effective data operations: 12 •read: 12 •Microsoft.Maps/accounts/*/read | ||||
6be48352-4f82-47c9-ad5e-0acacefdb005 | Azure Maps Search and Render Data Reader | Grants access to very limited set of data APIs for common visual web SDK scenarios. Specifically, render and search data APIs. | False |
00002 effective data plane operations (unique) •read: 2 |
DataActions: 002 resolved data operations: 2 effective data operations: 2 •read: 2 •Microsoft.Maps/accounts/services/render/read •Microsoft.Maps/accounts/services/search/read | ||||
f27b7598-bc64-41f7-8a44-855ff16326c2 | Azure Messaging Catalog Data Owner | Allows for full access to Azure Messaging Catalog resources. | False |
00009 effective control plane and data plane operations (unique) •delete: 3 •read: 3 •write: 3 |
Actions: 001 resolved operations: n/a effective operations: n/a •Microsoft.MessagingCatalog/* | DataActions: 001 resolved data operations: 9 effective data operations: 9 •delete: 3 •read: 3 •write: 3 •Microsoft.MessagingCatalog/* | |||
ff478a4e-8633-416e-91bc-ec33ce7c9516 | Azure Messaging Connectors Owner | Allows for full access to Azure Messaging Connectors resources. | False |
00005 effective control plane and data plane operations (unique) •action: 2 •delete: 1 •read: 1 •write: 1 |
Actions: 001 resolved operations: 5 effective operations: 5 •action: 2 •delete: 1 •read: 1 •write: 1 •Microsoft.MessagingConnectors/* | DataActions: 001 resolved data operations: n/a effective data operations: n/a •Microsoft.MessagingConnectors/* | |||
c20923c5-b089-47a5-bf67-fd89569c4ad9 | Azure Programmable Connectivity Gateway Dataplane User | Allows access to all Gateway dataplane APIs. | False |
00040 effective control plane and data plane operations (unique) •: 1 •action: 4 •delete: 1 •NetworkAPIAccess: 1 •read: 32 •write: 1 |
Actions: 005 resolved operations: 39 effective operations: 39 •: 1 •action: 4 •delete: 1 •read: 32 •write: 1 •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/ •Microsoft.Resources/deployments/* | DataActions: 001 resolved data operations: 1 effective data operations: 1 •NetworkAPIAccess: 1 •Microsoft.ProgrammableConnectivity/Gateways/NetworkAPIAccess | |||
609c0c20-e0a0-4a71-b99f-e7e755ac493d | Azure Programmable Connectivity Gateway User | Allows access to all Gateway dataplane APIs. | False |
00046 effective control plane operations (unique) •: 1 •Action: 7 •Delete: 2 •read: 34 •Write: 2 |
Actions: 005 resolved operations: 46 effective operations: 46 •: 1 •Action: 7 •Delete: 2 •read: 34 •Write: 2 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
0d7aedc0-15fd-4a67-a412-efad370c947e | Azure Red Hat OpenShift Azure Files Storage Operator Role | Enables permissions to set OpenShift cluster-wide storage defaults. It ensures a default storageclass exists for clusters. It also installs Container Storage Interface (CSI) drivers which enable your cluster to use Azure Files. | False |
00011 effective control plane operations (unique) •action: 2 •delete: 2 •read: 4 •write: 3 |
Actions: 011 resolved operations: 11 effective operations: 11 •action: 2 •delete: 2 •read: 4 •write: 3 •Microsoft.Storage/storageAccounts/delete •Microsoft.Storage/storageAccounts/fileServices/read •Microsoft.Storage/storageAccounts/fileServices/shares/delete •Microsoft.Storage/storageAccounts/fileServices/shares/read •Microsoft.Storage/storageAccounts/fileServices/shares/write •Microsoft.Storage/storageAccounts/listKeys/action •Microsoft.Storage/storageAccounts/read •Microsoft.Storage/storageAccounts/write •Microsoft.Network/networkSecurityGroups/join/action •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/virtualNetworks/subnets/write | ||||
a1f96423-95ce-4224-ab27-4e3dc72facd4 | Azure Red Hat OpenShift Cloud Controller Manager Role | Enables permissions for the operator to manage and update the cloud controller managers deployed on top of OpenShift. | False |
00013 effective control plane operations (unique) •action: 3 •read: 6 •write: 4 |
Actions: 013 resolved operations: 13 effective operations: 13 •action: 3 •read: 6 •write: 4 •Microsoft.Compute/virtualMachines/read •Microsoft.Network/loadBalancers/read •Microsoft.Network/loadBalancers/write •Microsoft.Network/networkInterfaces/read •Microsoft.Network/networkSecurityGroups/read •Microsoft.Network/networkSecurityGroups/write •Microsoft.Network/publicIPAddresses/join/action •Microsoft.Network/publicIPAddresses/read •Microsoft.Network/publicIPAddresses/write •Microsoft.Network/virtualNetworks/subnets/join/action •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/loadBalancers/backendAddressPools/join/action •Microsoft.Network/networkInterfaces/write | ||||
0336e1d3-7a87-462b-b6db-342b63f7802c | Azure Red Hat OpenShift Cluster Ingress Operator Role | Enables permissions for the operator to configure and manage the OpenShift router. | False |
00004 effective control plane operations (unique) •delete: 2 •write: 2 |
Actions: 004 resolved operations: 4 effective operations: 4 •delete: 2 •write: 2 •Microsoft.Network/dnsZones/A/delete •Microsoft.Network/dnsZones/A/write •Microsoft.Network/privateDnsZones/A/delete •Microsoft.Network/privateDnsZones/A/write | ||||
ef318e2a-8334-4a05-9e4a-295a196c6a6e | Azure Red Hat OpenShift Federated Credential Role | This role grants the permissions required in order to patch cluster managed identities with the federated credential to build a trust relationship between the managed identity, OIDC, and the service account. | False |
00003 effective control plane operations (unique) •read: 2 •write: 1 |
Actions: 003 resolved operations: 3 effective operations: 3 •read: 2 •write: 1 •Microsoft.ManagedIdentity/userAssignedIdentities/read •Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/read •Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/write | ||||
8b32b316-c2f5-4ddf-b05b-83dacd2d08b5 | Azure Red Hat OpenShift Image Registry Operator Role | Enables permissions for the operator to manage a singleton instance of the OpenShift image registry. It manages all configuration of the registry, including creating storage. | False |
00014 effective control plane and data plane operations (unique) •action: 4 •delete: 2 •read: 4 •write: 4 |
Actions: 009 resolved operations: 9 effective operations: 9 •action: 2 •delete: 1 •read: 3 •write: 3 •Microsoft.Storage/storageAccounts/blobServices/read •Microsoft.Storage/storageAccounts/blobServices/containers/read •Microsoft.Storage/storageAccounts/blobServices/containers/write •Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action •Microsoft.Storage/storageAccounts/read •Microsoft.Storage/storageAccounts/write •Microsoft.Storage/storageAccounts/delete •Microsoft.Storage/storageAccounts/listKeys/action •Microsoft.Resources/tags/write | DataActions: 005 resolved data operations: 5 effective data operations: 5 •action: 2 •delete: 1 •read: 1 •write: 1 •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action | |||
0358943c-7e01-48ba-8889-02cc51d78637 | Azure Red Hat OpenShift Machine API Operator Role | Enables permissions for the operator to manage the lifecycle of specific purpose custom resource definitions (CRD), controllers, and RBAC objects that extend the Kubernetes API. This declares the desired state of machines in a cluster. | False |
00033 effective control plane operations (unique) •action: 6 •delete: 6 •read: 15 •write: 6 |
Actions: 033 resolved operations: 33 effective operations: 33 •action: 6 •delete: 6 •read: 15 •write: 6 •Microsoft.Compute/availabilitySets/delete •Microsoft.Compute/availabilitySets/read •Microsoft.Compute/availabilitySets/write •Microsoft.Compute/diskEncryptionSets/read •Microsoft.Compute/disks/delete •Microsoft.Compute/galleries/images/versions/read •Microsoft.Compute/skus/read •Microsoft.Compute/virtualMachines/delete •Microsoft.Compute/virtualMachines/read •Microsoft.Compute/virtualMachines/write •Microsoft.Compute/capacityReservationGroups/deploy/action •Microsoft.ManagedIdentity/userAssignedIdentities/assign/action •Microsoft.Network/applicationSecurityGroups/read •Microsoft.Network/loadBalancers/backendAddressPools/join/action •Microsoft.Network/loadBalancers/read •Microsoft.Network/loadBalancers/write •Microsoft.Network/networkInterfaces/delete •Microsoft.Network/networkInterfaces/join/action •Microsoft.Network/networkInterfaces/loadBalancers/read •Microsoft.Network/networkInterfaces/read •Microsoft.Network/networkInterfaces/write •Microsoft.Network/networkSecurityGroups/read •Microsoft.Network/networkSecurityGroups/write •Microsoft.Network/publicIPAddresses/delete •Microsoft.Network/publicIPAddresses/join/action •Microsoft.Network/publicIPAddresses/read •Microsoft.Network/publicIPAddresses/write •Microsoft.Network/routeTables/read •Microsoft.Network/virtualNetworks/delete •Microsoft.Network/virtualNetworks/read •Microsoft.Network/virtualNetworks/subnets/join/action •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
be7a6435-15ae-4171-8f30-4a343eff9e8f | Azure Red Hat OpenShift Network Operator Role | Enables permissions to install and upgrade the networking components on an OpenShift cluster. | False |
00006 effective control plane operations (unique) •action: 2 •read: 3 •write: 1 |
Actions: 006 resolved operations: 6 effective operations: 6 •action: 2 •read: 3 •write: 1 •Microsoft.Network/networkInterfaces/read •Microsoft.Network/networkInterfaces/write •Microsoft.Network/virtualNetworks/read •Microsoft.Network/virtualNetworks/subnets/join/action •Microsoft.Network/loadBalancers/backendAddressPools/join/action •Microsoft.Compute/virtualMachines/read | ||||
4436bae4-7702-4c84-919b-c4069ff25ee2 | Azure Red Hat OpenShift Service Operator Role | The ARO Operator is responsible for maintaining features, checks, and resources that are specific to an Azure Red Hat OpenShift cluster's continued functionality as a managed service. This includes, but is not limited to, machine management and health, network configuration, and monitoring. | False |
00007 effective control plane operations (unique) •action: 4 •read: 2 •write: 1 |
Actions: 007 resolved operations: 7 effective operations: 7 •action: 4 •read: 2 •write: 1 •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/virtualNetworks/subnets/write •Microsoft.Network/natGateways/join/action •Microsoft.Network/routeTables/join/action •Microsoft.Network/networkSecurityGroups/join/action •Microsoft.Storage/storageAccounts/listKeys/action •Microsoft.Storage/storageAccounts/read | ||||
5b7237c5-45e1-49d6-bc18-a1f62f400748 | Azure Red Hat OpenShift Storage Operator Role | Enables permissions to set OpenShift cluster-wide storage defaults. It ensures a default storageclass exists for clusters. It also installs Container Storage Interface (CSI) drivers which enable your cluster to use various storage backends. | False |
00014 effective control plane operations (unique) •delete: 2 •read: 8 •write: 4 |
Actions: 014 resolved operations: 14 effective operations: 14 •delete: 2 •read: 8 •write: 4 •Microsoft.Compute/virtualMachines/write •Microsoft.Compute/virtualMachines/read •Microsoft.Compute/virtualMachineScaleSets/virtualMachines/write •Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read •Microsoft.Compute/virtualMachineScaleSets/read •Microsoft.Compute/snapshots/write •Microsoft.Compute/snapshots/read •Microsoft.Compute/snapshots/delete •Microsoft.Compute/locations/operations/read •Microsoft.Compute/locations/DiskOperations/read •Microsoft.Compute/disks/write •Microsoft.Compute/disks/read •Microsoft.Compute/disks/delete •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
26e0b698-aa6d-4085-9386-aadae190014d | Azure Relay Listener | Allows for listen access to Azure Relay resources. | False |
00003 effective control plane and data plane operations (unique) •action: 1 •read: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 2 •Microsoft.Relay/*/wcfRelays/read •Microsoft.Relay/*/hybridConnections/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.Relay/*/listen/action | |||
2787bf04-f1f5-4bfe-8383-c8a24483ee38 | Azure Relay Owner | Allows for full access to Azure Relay resources. | False |
00064 effective control plane and data plane operations (unique) •action: 22 •delete: 10 •read: 20 •write: 12 |
Actions: 001 resolved operations: 62 effective operations: 62 •action: 20 •delete: 10 •read: 20 •write: 12 •Microsoft.Relay/* | DataActions: 001 resolved data operations: 2 effective data operations: 2 •action: 2 •Microsoft.Relay/* | |||
26baccc8-eea7-41f1-98f4-1762cc7f685d | Azure Relay Sender | Allows for send access to Azure Relay resources. | False |
00003 effective control plane and data plane operations (unique) •action: 1 •read: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 2 •Microsoft.Relay/*/wcfRelays/read •Microsoft.Relay/*/hybridConnections/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.Relay/*/send/action | |||
7b1f81f9-4196-4058-8aae-762e593270df | Azure Resource Bridge Deployment Role | Azure Resource Bridge Deployment Role | False |
00036 effective control plane operations (unique) •Action: 10 •delete: 3 •read: 17 •Write: 6 |
Actions: 036 resolved operations: 36 effective operations: 36 •Action: 10 •delete: 3 •read: 17 •Write: 6 •Microsoft.Authorization/roleassignments/read •Microsoft.AzureStackHCI/Register/Action •Microsoft.ResourceConnector/register/action •Microsoft.ResourceConnector/appliances/read •Microsoft.ResourceConnector/appliances/write •Microsoft.ResourceConnector/appliances/delete •Microsoft.ResourceConnector/locations/operationresults/read •Microsoft.ResourceConnector/locations/operationsstatus/read •Microsoft.ResourceConnector/appliances/listClusterUserCredential/action •Microsoft.ResourceConnector/appliances/listKeys/action •Microsoft.ResourceConnector/appliances/upgradeGraphs/read •Microsoft.ResourceConnector/telemetryconfig/read •Microsoft.ResourceConnector/operations/read •Microsoft.ExtendedLocation/register/action •Microsoft.ExtendedLocation/customLocations/deploy/action •Microsoft.ExtendedLocation/customLocations/read •Microsoft.ExtendedLocation/customLocations/write •Microsoft.ExtendedLocation/customLocations/delete •Microsoft.HybridConnectivity/register/action •Microsoft.Kubernetes/register/action •Microsoft.KubernetesConfiguration/register/action •Microsoft.KubernetesConfiguration/extensions/write •Microsoft.KubernetesConfiguration/extensions/read •Microsoft.KubernetesConfiguration/extensions/delete •Microsoft.KubernetesConfiguration/extensions/operations/read •Microsoft.KubernetesConfiguration/namespaces/read •Microsoft.KubernetesConfiguration/operations/read •Microsoft.GuestConfiguration/guestConfigurationAssignments/read •Microsoft.HybridContainerService/register/action •Microsoft.HybridContainerService/kubernetesVersions/read •Microsoft.HybridContainerService/kubernetesVersions/write •Microsoft.HybridContainerService/skus/read •Microsoft.HybridContainerService/skus/write •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.AzureStackHCI/StorageContainers/Write •Microsoft.AzureStackHCI/StorageContainers/Read | ||||
0b962ed2-6d56-471c-bd5f-3477d83a7ba4 | Azure Resource Notifications System Topics Subscriber | Lets you create system topics and event subscriptions on all system topics exposed currently and in the future by Azure Resource Notifications | False |
00008 effective control plane operations (unique) •action: 6 •write: 2 |
Actions: 008 resolved operations: 8 effective operations: 8 •action: 6 •write: 2 •Microsoft.ResourceNotifications/systemTopics/subscribeToResources/action •Microsoft.ResourceNotifications/systemTopics/subscribeToHealthResources/action •Microsoft.ResourceNotifications/systemTopics/subscribeToMaintenanceResources/action •Microsoft.ResourceNotifications/systemTopics/subscribeToComputeResources/action •Microsoft.ResourceNotifications/systemTopics/subscribeToComputeScheduleResources/action •Microsoft.ResourceNotifications/systemTopics/subscribeToContainerServiceEventResources/action •Microsoft.EventGrid/eventSubscriptions/write •Microsoft.EventGrid/systemTopics/eventSubscriptions/write | ||||
090c5cfd-751d-490a-894a-3ce6f1109419 | Azure Service Bus Data Owner | Allows for full access to Azure Service Bus resources. | False |
00092 effective control plane and data plane operations (unique) •action: 26 •delete: 17 •read: 30 •write: 19 |
Actions: 001 resolved operations: 90 effective operations: 90 •action: 24 •delete: 17 •read: 30 •write: 19 •Microsoft.ServiceBus/* | DataActions: 001 resolved data operations: 2 effective data operations: 2 •action: 2 •Microsoft.ServiceBus/* | count: 002 •Configure Azure Service Bus namespaces to disable local authentication •Configure Service Bus namespaces with private endpoints | ||
4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0 | Azure Service Bus Data Receiver | Allows for receive access to Azure Service Bus resources. | False |
00004 effective control plane and data plane operations (unique) •action: 1 •read: 3 |
Actions: 003 resolved operations: 3 effective operations: 3 •read: 3 •Microsoft.ServiceBus/*/queues/read •Microsoft.ServiceBus/*/topics/read •Microsoft.ServiceBus/*/topics/subscriptions/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.ServiceBus/*/receive/action | |||
69a216fc-b8fb-44d8-bc22-1f3c2cd27a39 | Azure Service Bus Data Sender | Allows for send access to Azure Service Bus resources. | False |
00004 effective control plane and data plane operations (unique) •action: 1 •read: 3 |
Actions: 003 resolved operations: 3 effective operations: 3 •read: 3 •Microsoft.ServiceBus/*/queues/read •Microsoft.ServiceBus/*/topics/read •Microsoft.ServiceBus/*/topics/subscriptions/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.ServiceBus/*/send/action | |||
8b9dfcab-4b77-4632-a6df-94bd07820648 | Azure Sphere Contributor | Allows user read and write access to Azure Sphere resources. | False |
00086 effective control plane operations (unique) •: 1 •action: 22 •delete: 9 •read: 44 •write: 10 |
Actions: 007 resolved operations: 86 effective operations: 86 •: 1 •action: 22 •delete: 9 •read: 44 •write: 10 •Microsoft.AzureSphere/* •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Insights/alertRules/* •Microsoft.Insights/DiagnosticSettings/* •Microsoft.Insights/DiagnosticSettingsCategories/Read | ||||
5a382001-fe36-41ff-bba4-8bf06bd54da9 | Azure Sphere Owner | Allows user read and write access to Azure Sphere resources and RBAC configuration, includes an ABAC condition to constrain role assignments. | True |
00100 effective control plane operations (unique) •: 1 •action: 25 •delete: 10 •read: 52 •write: 12 |
Actions: 015 resolved operations: 100 effective operations: 100 •: 1 •action: 25 •delete: 10 •read: 52 •write: 12 •Microsoft.AzureSphere/* •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Insights/alertRules/* •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/read •Microsoft.Management/managementGroups/read •Microsoft.Resources/deployments/* •Microsoft.Support/* •Microsoft.Insights/DiagnosticSettings/* •Microsoft.Insights/DiagnosticSettingsCategories/Read •Microsoft.Authorization/roleAssignments/write •Microsoft.Authorization/roleAssignments/delete | ||||
6d994134-994b-4a59-9974-f479f0b227fb | Azure Sphere Publisher | Allows user to read and download Azure Sphere resources and upload images. | False |
00048 effective control plane operations (unique) •action: 9 •read: 38 •write: 1 |
Actions: 014 resolved operations: 48 effective operations: 48 •action: 9 •read: 38 •write: 1 •Microsoft.AzureSphere/*/read •Microsoft.AzureSphere/catalogs/countDevices/action •Microsoft.AzureSphere/catalogs/listDeviceGroups/action •Microsoft.AzureSphere/catalogs/listDeviceInsights/action •Microsoft.AzureSphere/catalogs/listDevices/action •Microsoft.AzureSphere/catalogs/products/countDevices/action •Microsoft.AzureSphere/catalogs/products/deviceGroups/countDevices/action •Microsoft.AzureSphere/catalogs/certificates/retrieveProofOfPossessionNonce/action •Microsoft.AzureSphere/catalogs/certificates/retrieveCertChain/action •Microsoft.AzureSphere/catalogs/images/write •Microsoft.AzureSphere/catalogs/uploadImage/action •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Insights/DiagnosticSettings/Read | ||||
c8ae6279-5a0b-4cb2-b3f0-d4d62845742c | Azure Sphere Reader | Allows user to read Azure Sphere resources. | False |
00046 effective control plane operations (unique) •action: 8 •read: 38 |
Actions: 012 resolved operations: 46 effective operations: 46 •action: 8 •read: 38 •Microsoft.AzureSphere/*/read •Microsoft.AzureSphere/catalogs/countDevices/action •Microsoft.AzureSphere/catalogs/listDeviceGroups/action •Microsoft.AzureSphere/catalogs/listDeviceInsights/action •Microsoft.AzureSphere/catalogs/listDevices/action •Microsoft.AzureSphere/catalogs/listDeployments/action •Microsoft.AzureSphere/catalogs/products/countDevices/action •Microsoft.AzureSphere/catalogs/products/deviceGroups/countDevices/action •Microsoft.AzureSphere/catalogs/certificates/retrieveCertChain/action •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Insights/DiagnosticSettings/Read | ||||
25211fc6-dc78-40b6-b205-e4ac934fd9fd | Azure Spring Apps Application Configuration Service Config File Pattern Reader Role | Read content of config file pattern for Application Configuration Service in Azure Spring Apps | False |
00003 effective control plane and data plane operations (unique) •read: 3 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 2 •Microsoft.AppPlatform/Spring/read •Microsoft.AppPlatform/Spring/configurationServices/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •read: 1 •Microsoft.AppPlatform/Spring/ApplicationConfigurationService/read | |||
6593e776-2a30-40f9-8a32-4fe28b77655d | Azure Spring Apps Application Configuration Service Log Reader Role | Read real-time logs for Application Configuration Service in Azure Spring Apps | False |
00003 effective control plane and data plane operations (unique) •action: 1 •read: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 2 •Microsoft.AppPlatform/Spring/read •Microsoft.AppPlatform/Spring/configurationServices/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.AppPlatform/Spring/ApplicationConfigurationService/logstream/action | |||
80558df3-64f9-4c0f-b32d-e5094b036b0b | Azure Spring Apps Connect Role | Azure Spring Apps Connect Role | False |
00001 effective data plane operations (unique) •action: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.AppPlatform/Spring/apps/deployments/connect/action | ||||
91422e52-bb88-4415-bb4a-90f5b71f6dcb | Azure Spring Apps Job Execution Instance List Role | List instances for job executions in Azure Spring Apps | False |
00001 effective data plane operations (unique) •action: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.AppPlatform/Spring/jobs/executions/listInstances/action | ||||
b459aa1d-e3c8-436f-ae21-c0531140f43e | Azure Spring Apps Job Log Reader Role | Read real-time logs for jobs in Azure Spring Apps | False |
00005 effective control plane and data plane operations (unique) •action: 2 •read: 3 |
Actions: 003 resolved operations: 3 effective operations: 3 •read: 3 •Microsoft.AppPlatform/Spring/read •Microsoft.AppPlatform/Spring/jobs/read •Microsoft.AppPlatform/Spring/jobs/executions/read | DataActions: 002 resolved data operations: 2 effective data operations: 2 •action: 2 •Microsoft.AppPlatform/Spring/jobs/executions/logstream/action •Microsoft.AppPlatform/Spring/jobs/executions/listInstances/action | |||
52fd16bd-6ed5-46af-9c40-29cbd7952a29 | Azure Spring Apps Managed Components Log Reader Role | Read real-time logs for all managed components in Azure Spring Apps | False |
00001 effective data plane operations (unique) •action: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.AppPlatform/Spring/managedComponents/logstream/action | ||||
a99b0159-1064-4c22-a57b-c9b3caa1c054 | Azure Spring Apps Remote Debugging Role | Azure Spring Apps Remote Debugging Role | False |
00001 effective data plane operations (unique) •action: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.AppPlatform/Spring/apps/deployments/remotedebugging/action | ||||
74252426-c508-480e-9345-4607bbebead4 | Azure Spring Apps Spring Cloud Config Server Log Reader Role | Read real-time logs for Spring Cloud Config Server in Azure Spring Apps | False |
00003 effective control plane and data plane operations (unique) •action: 1 •read: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 2 •Microsoft.AppPlatform/Spring/read •Microsoft.AppPlatform/Spring/configServers/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.AppPlatform/Spring/configService/logstream/action | |||
4301dc2a-25a9-44b0-ae63-3636cf7f2bd2 | Azure Spring Apps Spring Cloud Gateway Log Reader Role | Read real-time logs for Spring Cloud Gateway in Azure Spring Apps | False |
00003 effective control plane and data plane operations (unique) •action: 1 •read: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 2 •Microsoft.AppPlatform/Spring/read •Microsoft.AppPlatform/Spring/gateways/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.AppPlatform/Spring/SpringCloudGateway/logstream/action | |||
a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b | Azure Spring Cloud Config Server Contributor | Allow read, write and delete access to Azure Spring Cloud Config Server | False |
00003 effective data plane operations (unique) •delete: 1 •read: 1 •write: 1 |
DataActions: 003 resolved data operations: 3 effective data operations: 3 •delete: 1 •read: 1 •write: 1 •Microsoft.AppPlatform/Spring/configService/read •Microsoft.AppPlatform/Spring/configService/write •Microsoft.AppPlatform/Spring/configService/delete | ||||
d04c6db6-4947-4782-9e91-30a88feb7be7 | Azure Spring Cloud Config Server Reader | Allow read access to Azure Spring Cloud Config Server | False |
00001 effective data plane operations (unique) •read: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •read: 1 •Microsoft.AppPlatform/Spring/configService/read | ||||
b5537268-8956-4941-a8f0-646150406f0c | Azure Spring Cloud Data Reader | Allow read access to Azure Spring Cloud Data | False |
00004 effective data plane operations (unique) •read: 4 |
DataActions: 001 resolved data operations: 4 effective data operations: 4 •read: 4 •Microsoft.AppPlatform/Spring/*/read | ||||
f5880b48-c26d-48be-b172-7927bfa1c8f1 | Azure Spring Cloud Service Registry Contributor | Allow read, write and delete access to Azure Spring Cloud Service Registry | False |
00003 effective data plane operations (unique) •delete: 1 •read: 1 •write: 1 |
DataActions: 003 resolved data operations: 3 effective data operations: 3 •delete: 1 •read: 1 •write: 1 •Microsoft.AppPlatform/Spring/eurekaService/read •Microsoft.AppPlatform/Spring/eurekaService/write •Microsoft.AppPlatform/Spring/eurekaService/delete | ||||
cff1b556-2399-4e7e-856d-a8f754be7b65 | Azure Spring Cloud Service Registry Reader | Allow read access to Azure Spring Cloud Service Registry | False |
00001 effective data plane operations (unique) •read: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •read: 1 •Microsoft.AppPlatform/Spring/eurekaService/read | ||||
bda0d508-adf1-4af0-9c28-88919fc3ae06 | Azure Stack HCI Administrator | Grants full access to the cluster and its resources, including the ability to register Azure Stack HCI and assign others as Azure Arc HCI VM Contributor and/or Azure Arc HCI VM Reader | True |
00215 effective control plane operations (unique) •Action: 50 •delete: 31 •read: 101 •write: 33 |
Actions: 096 resolved operations: 215 effective operations: 215 •Action: 50 •delete: 31 •read: 101 •write: 33 •Microsoft.AzureStackHCI/register/action •Microsoft.AzureStackHCI/Unregister/Action •Microsoft.AzureStackHCI/clusters/* •Microsoft.AzureStackHCI/NetworkSecurityGroups/Read •Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read •Microsoft.AzureStackHCI/NetworkSecurityGroups/Write •Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Write •Microsoft.AzureStackHCI/NetworkSecurityGroups/Delete •Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Delete •Microsoft.AzureStackHCI/NetworkSecurityGroups/join/action •Microsoft.HybridCompute/register/action •Microsoft.GuestConfiguration/register/action •Microsoft.GuestConfiguration/guestConfigurationAssignments/read •Microsoft.Resources/subscriptions/resourceGroups/write •Microsoft.Resources/subscriptions/resourceGroups/delete •Microsoft.HybridConnectivity/register/action •Microsoft.Authorization/roleAssignments/write conditioned •Microsoft.Authorization/roleAssignments/delete conditioned •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/read •Microsoft.Management/managementGroups/read •Microsoft.Support/* •Microsoft.AzureStackHCI/* •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/write •Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.HybridCompute/machines/read •Microsoft.HybridCompute/machines/write •Microsoft.HybridCompute/machines/delete •Microsoft.HybridCompute/machines/UpgradeExtensions/action •Microsoft.HybridCompute/machines/assessPatches/action •Microsoft.HybridCompute/machines/installPatches/action •Microsoft.HybridCompute/machines/extensions/read •Microsoft.HybridCompute/machines/extensions/write •Microsoft.HybridCompute/machines/extensions/delete •Microsoft.HybridCompute/operations/read •Microsoft.HybridCompute/locations/operationresults/read •Microsoft.HybridCompute/locations/operationstatus/read •Microsoft.HybridCompute/machines/patchAssessmentResults/read •Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read •Microsoft.HybridCompute/machines/patchInstallationResults/read •Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read •Microsoft.HybridCompute/locations/updateCenterOperationResults/read •Microsoft.HybridCompute/machines/hybridIdentityMetadata/read •Microsoft.HybridCompute/osType/agentVersions/read •Microsoft.HybridCompute/osType/agentVersions/latest/read •Microsoft.HybridCompute/machines/runcommands/read •Microsoft.HybridCompute/machines/runcommands/write •Microsoft.HybridCompute/machines/runcommands/delete •Microsoft.HybridCompute/machines/licenseProfiles/read •Microsoft.HybridCompute/machines/licenseProfiles/write •Microsoft.HybridCompute/machines/licenseProfiles/delete •Microsoft.HybridCompute/licenses/read •Microsoft.HybridCompute/licenses/write •Microsoft.HybridCompute/licenses/delete •Microsoft.ResourceConnector/register/action •Microsoft.ResourceConnector/appliances/read •Microsoft.ResourceConnector/appliances/write •Microsoft.ResourceConnector/appliances/delete •Microsoft.ResourceConnector/locations/operationresults/read •Microsoft.ResourceConnector/locations/operationsstatus/read •Microsoft.ResourceConnector/appliances/listClusterUserCredential/action •Microsoft.ResourceConnector/appliances/listKeys/action •Microsoft.ResourceConnector/operations/read •Microsoft.ExtendedLocation/register/action •Microsoft.ExtendedLocation/customLocations/read •Microsoft.ExtendedLocation/customLocations/deploy/action •Microsoft.ExtendedLocation/customLocations/write •Microsoft.ExtendedLocation/customLocations/delete •Microsoft.EdgeMarketplace/offers/read •Microsoft.EdgeMarketplace/publishers/read •Microsoft.Kubernetes/register/action •Microsoft.KubernetesConfiguration/register/action •Microsoft.KubernetesConfiguration/extensions/write •Microsoft.KubernetesConfiguration/extensions/read •Microsoft.KubernetesConfiguration/extensions/delete •Microsoft.KubernetesConfiguration/extensions/operations/read •Microsoft.KubernetesConfiguration/namespaces/read •Microsoft.KubernetesConfiguration/operations/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.AzureStackHCI/StorageContainers/Write •Microsoft.AzureStackHCI/StorageContainers/Read •Microsoft.HybridContainerService/register/action | ||||
c99c945f-8bd1-4fb1-a903-01460aae6068 | Azure Stack HCI Connected InfraVMs | Role of Arc Integration for Azure Stack HCI Infrastructure Virtual Machines. | False |
00030 effective control plane operations (unique) •action: 1 •delete: 2 •read: 25 •write: 2 |
Actions: 007 resolved operations: 30 effective operations: 30 •action: 1 •delete: 2 •read: 25 •write: 2 •Microsoft.HybridCompute/*/read •Microsoft.HybridCompute/machines/write •Microsoft.HybridCompute/machines/delete •Microsoft.HybridCompute/machines/extensions/read •Microsoft.HybridCompute/machines/extensions/write •Microsoft.HybridCompute/machines/extensions/delete •Microsoft.HybridCompute/machines/UpgradeExtensions/action | ||||
865ae368-6a45-4bd1-8fbf-0d5151f56fc1 | Azure Stack HCI Device Management Role | Microsoft.AzureStackHCI Device Management Role | False |
00035 effective control plane operations (unique) •Action: 10 •Delete: 7 •Read: 11 •Write: 7 |
Actions: 003 resolved operations: 35 effective operations: 35 •Action: 10 •Delete: 7 •Read: 11 •Write: 7 •Microsoft.AzureStackHCI/Clusters/* •Microsoft.AzureStackHCI/EdgeDevices/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
874d1c73-6003-4e60-a13a-cb31ea190a85 | Azure Stack HCI VM Contributor | Grants permissions to perform all VM actions | False |
00123 effective control plane operations (unique) •action: 24 •Delete: 12 •read: 74 •Write: 13 |
Actions: 075 resolved operations: 123 effective operations: 123 •action: 24 •Delete: 12 •read: 74 •Write: 13 •Microsoft.AzureStackHCI/VirtualMachines/* •Microsoft.AzureStackHCI/virtualMachineInstances/* •Microsoft.AzureStackHCI/NetworkInterfaces/* •Microsoft.AzureStackHCI/VirtualHardDisks/* •Microsoft.AzureStackHCI/VirtualNetworks/Read •Microsoft.AzureStackHCI/VirtualNetworks/join/action •Microsoft.AzureStackHCI/LogicalNetworks/Read •Microsoft.AzureStackHCI/LogicalNetworks/join/action •Microsoft.AzureStackHCI/GalleryImages/Read •Microsoft.AzureStackHCI/GalleryImages/deploy/action •Microsoft.AzureStackHCI/StorageContainers/Read •Microsoft.AzureStackHCI/StorageContainers/deploy/action •Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read •Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action •Microsoft.AzureStackHCI/Clusters/Read •Microsoft.AzureStackHCI/Clusters/ArcSettings/Read •Microsoft.AzureStackHCI/NetworkSecurityGroups/Read •Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/deployments/delete •Microsoft.Resources/deployments/cancel/action •Microsoft.Resources/deployments/validate/action •Microsoft.Resources/deployments/whatIf/action •Microsoft.Resources/deployments/exportTemplate/action •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/operationstatuses/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/write •Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.HybridCompute/machines/read •Microsoft.HybridCompute/machines/write •Microsoft.HybridCompute/machines/delete •Microsoft.HybridCompute/machines/UpgradeExtensions/action •Microsoft.HybridCompute/machines/assessPatches/action •Microsoft.HybridCompute/machines/installPatches/action •Microsoft.HybridCompute/machines/extensions/read •Microsoft.HybridCompute/machines/extensions/write •Microsoft.HybridCompute/machines/extensions/delete •Microsoft.HybridCompute/operations/read •Microsoft.HybridCompute/locations/operationresults/read •Microsoft.HybridCompute/locations/operationstatus/read •Microsoft.HybridCompute/machines/patchAssessmentResults/read •Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read •Microsoft.HybridCompute/machines/patchInstallationResults/read •Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read •Microsoft.HybridCompute/locations/updateCenterOperationResults/read •Microsoft.HybridCompute/machines/hybridIdentityMetadata/read •Microsoft.HybridCompute/osType/agentVersions/read •Microsoft.HybridCompute/osType/agentVersions/latest/read •Microsoft.HybridCompute/machines/runcommands/read •Microsoft.HybridCompute/machines/runcommands/write •Microsoft.HybridCompute/machines/runcommands/delete •Microsoft.HybridCompute/machines/licenseProfiles/read •Microsoft.HybridCompute/machines/licenseProfiles/write •Microsoft.HybridCompute/machines/licenseProfiles/delete •Microsoft.HybridCompute/licenses/read •Microsoft.HybridCompute/licenses/write •Microsoft.HybridCompute/licenses/delete •Microsoft.ExtendedLocation/customLocations/Read •Microsoft.ExtendedLocation/customLocations/deploy/action •Microsoft.KubernetesConfiguration/extensions/read | ||||
4b3fe76c-f777-4d24-a2d7-b027b0f7b273 | Azure Stack HCI VM Reader | Grants permissions to view VMs | False |
00068 effective control plane operations (unique) •Action: 4 •Delete: 1 •read: 62 •Write: 1 |
Actions: 042 resolved operations: 68 effective operations: 68 •Action: 4 •Delete: 1 •read: 62 •Write: 1 •Microsoft.AzureStackHCI/VirtualMachines/Read •Microsoft.AzureStackHCI/virtualMachineInstances/Read •Microsoft.AzureStackHCI/VirtualMachines/Extensions/Read •Microsoft.AzureStackHCI/VirtualNetworks/Read •Microsoft.AzureStackHCI/LogicalNetworks/Read •Microsoft.AzureStackHCI/NetworkInterfaces/Read •Microsoft.AzureStackHCI/VirtualHardDisks/Read •Microsoft.AzureStackHCI/StorageContainers/Read •Microsoft.AzureStackHCI/GalleryImages/Read •Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read •Microsoft.AzureStackHCI/NetworkSecurityGroups/Read •Microsoft.AzureStackHCI/NetworkSecurityGroups/SecurityRules/Read •Microsoft.HybridCompute/licenses/read •Microsoft.HybridCompute/machines/extensions/read •Microsoft.HybridCompute/machines/licenseProfiles/read •Microsoft.HybridCompute/machines/patchAssessmentResults/read •Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read •Microsoft.HybridCompute/machines/patchInstallationResults/read •Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read •Microsoft.HybridCompute/machines/read •Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations/read •Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/read •Microsoft.HybridCompute/privateLinkScopes/read •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/exportTemplate/action •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/operationstatuses/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/operationresults/read | ||||
6f12a6df-dd06-4f3e-bcb1-ce8be600526a | Azure Stack Registration Owner | Lets you manage Azure Stack registrations. | False |
00007 effective control plane operations (unique) •action: 4 •read: 3 |
Actions: 004 resolved operations: 7 effective operations: 7 •action: 4 •read: 3 •Microsoft.AzureStack/edgeSubscriptions/read •Microsoft.AzureStack/registrations/products/*/action •Microsoft.AzureStack/registrations/products/read •Microsoft.AzureStack/registrations/read | ||||
f0310ce6-e953-4cf8-b892-fb1c87eaf7f6 | Azure Usage Billing Data Sender | Azure Usage Billing shared BuiltIn role to be used for all Customer Account Authentication | False |
00001 effective data plane operations (unique) •action: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.UsageBilling/accounts/inputs/send/action | ||||
6ae96244-5829-4925-a7d3-5975537d91dd | Azure VM Managed identities restore Contributor | Azure VM Managed identities restore Contributors are allowed to perform Azure VM Restores with managed identities both user and system | False |
00027 effective control plane operations (unique) •read: 27 |
Actions: 001 resolved operations: 27 effective operations: 27 •read: 27 •Microsoft.Authorization/*/read | ||||
e503ece1-11d0-4e8e-8e2c-7a6c3bf38815 | AzureML Compute Operator | Can access and perform CRUD operations on Machine Learning Services managed compute resources (including Notebook VMs). | False |
00018 effective control plane operations (unique) •action: 12 •delete: 2 •read: 2 •write: 2 |
Actions: 002 resolved operations: 18 effective operations: 18 •action: 12 •delete: 2 •read: 2 •write: 2 •Microsoft.MachineLearningServices/workspaces/computes/* •Microsoft.MachineLearningServices/workspaces/notebooks/vm/* | ||||
f6c7c914-8db3-469d-8ca1-694a8f32e121 | AzureML Data Scientist | Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself. | False |
00268 effective control plane operations (unique) •action: 52 •delete: 55 •read: 95 •write: 66 |
Actions: 004 resolved operations: 274 effective operations: 268 •action: 52 •delete: 55 •read: 95 •write: 66 •Microsoft.MachineLearningServices/workspaces/*/read •Microsoft.MachineLearningServices/workspaces/*/action •Microsoft.MachineLearningServices/workspaces/*/delete •Microsoft.MachineLearningServices/workspaces/*/write | NotActions: 010 resolved not operations: 8 effective not operations: 15924 •Microsoft.MachineLearningServices/workspaces/delete •Microsoft.MachineLearningServices/workspaces/write •Microsoft.MachineLearningServices/workspaces/computes/*/write •Microsoft.MachineLearningServices/workspaces/computes/*/delete •Microsoft.MachineLearningServices/workspaces/computes/listKeys/action •Microsoft.MachineLearningServices/workspaces/listKeys/action •Microsoft.MachineLearningServices/workspaces/hubs/write •Microsoft.MachineLearningServices/workspaces/hubs/delete •Microsoft.MachineLearningServices/workspaces/featurestores/write •Microsoft.MachineLearningServices/workspaces/featurestores/delete | |||
635dd51f-9968-44d3-b7fb-6d9a6bd613ae | AzureML Metrics Writer (preview) | Lets you write metrics to AzureML workspace | False |
00001 effective control plane operations (unique) •write: 1 |
Actions: 001 resolved operations: 1 effective operations: 1 •write: 1 •Microsoft.MachineLearningServices/workspaces/metrics/*/write | ||||
1823dd4f-9b8c-4ab6-ab4e-7397a3684615 | AzureML Registry User | Can perform all actions on Machine Learning Services Registry assets as well as get Registry resources. | False |
00005 effective control plane operations (unique) •delete: 1 •read: 2 •write: 2 |
Actions: 002 resolved operations: 5 effective operations: 5 •delete: 1 •read: 2 •write: 2 •Microsoft.MachineLearningServices/registries/read •Microsoft.MachineLearningServices/registries/assets/* | ||||
5e467623-bb1f-42f4-a55d-6e525e11384b | Backup Contributor | Lets you manage backups, but can't delete vaults and give access to others | False |
00179 effective control plane operations (unique) •action: 48 •delete: 11 •read: 99 •write: 21 |
Actions: 086 resolved operations: 179 effective operations: 179 •action: 48 •delete: 11 •read: 99 •write: 21 •Microsoft.Authorization/*/read •Microsoft.Network/virtualNetworks/read •Microsoft.RecoveryServices/locations/* •Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* •Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action •Microsoft.RecoveryServices/Vaults/backupJobs/* •Microsoft.RecoveryServices/Vaults/backupJobsExport/action •Microsoft.RecoveryServices/Vaults/backupOperationResults/* •Microsoft.RecoveryServices/Vaults/backupPolicies/* •Microsoft.RecoveryServices/Vaults/backupProtectableItems/* •Microsoft.RecoveryServices/Vaults/backupProtectedItems/* •Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* •Microsoft.RecoveryServices/Vaults/backupSecurityPIN/* •Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read •Microsoft.RecoveryServices/Vaults/certificates/* •Microsoft.RecoveryServices/Vaults/extendedInformation/* •Microsoft.RecoveryServices/Vaults/monitoringAlerts/read •Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* •Microsoft.RecoveryServices/Vaults/read •Microsoft.RecoveryServices/Vaults/registeredIdentities/* •Microsoft.RecoveryServices/Vaults/usages/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Storage/storageAccounts/read •Microsoft.RecoveryServices/Vaults/backupstorageconfig/* •Microsoft.RecoveryServices/Vaults/backupconfig/* •Microsoft.RecoveryServices/Vaults/backupValidateOperation/action •Microsoft.RecoveryServices/Vaults/write •Microsoft.RecoveryServices/Vaults/backupOperations/read •Microsoft.RecoveryServices/Vaults/backupEngines/read •Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/* •Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read •Microsoft.RecoveryServices/vaults/operationStatus/read •Microsoft.RecoveryServices/vaults/operationResults/read •Microsoft.RecoveryServices/locations/backupStatus/action •Microsoft.RecoveryServices/locations/backupPreValidateProtection/action •Microsoft.RecoveryServices/locations/backupValidateFeatures/action •Microsoft.RecoveryServices/Vaults/monitoringAlerts/write •Microsoft.RecoveryServices/operations/read •Microsoft.RecoveryServices/locations/operationStatus/read •Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read •Microsoft.Support/* •Microsoft.DataProtection/locations/getBackupStatus/action •Microsoft.DataProtection/backupVaults/backupInstances/write •Microsoft.DataProtection/backupVaults/backupInstances/delete •Microsoft.DataProtection/backupVaults/backupInstances/read •Microsoft.DataProtection/backupVaults/backupInstances/read •Microsoft.DataProtection/backupVaults/deletedBackupInstances/read •Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action •Microsoft.DataProtection/backupVaults/backupInstances/backup/action •Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action •Microsoft.DataProtection/backupVaults/backupInstances/restore/action •Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action •Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action •Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action •Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action •Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action •Microsoft.DataProtection/backupVaults/backupPolicies/write •Microsoft.DataProtection/backupVaults/backupPolicies/delete •Microsoft.DataProtection/backupVaults/backupPolicies/read •Microsoft.DataProtection/backupVaults/backupPolicies/read •Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read •Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read •Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action •Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read •Microsoft.DataProtection/backupVaults/write •Microsoft.DataProtection/backupVaults/read •Microsoft.DataProtection/backupVaults/operationResults/read •Microsoft.DataProtection/backupVaults/operationStatus/read •Microsoft.DataProtection/locations/checkNameAvailability/action •Microsoft.DataProtection/locations/checkFeatureSupport/action •Microsoft.DataProtection/backupVaults/read •Microsoft.DataProtection/backupVaults/read •Microsoft.DataProtection/locations/operationStatus/read •Microsoft.DataProtection/locations/operationResults/read •Microsoft.DataProtection/backupVaults/validateForBackup/action •Microsoft.DataProtection/operations/read •Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete •Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read •Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action •Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write •Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read •Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write •Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete •Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action | count: 011 •[Preview]: Configure Azure Recovery Services vaults to disable public network access •[Preview]: Configure backup for Azure Disks (Managed Disks) with a given tag to an existing backup vault in the same region •[Preview]: Configure backup for Azure Disks (Managed Disks) without a given tag to an existing backup vault in the same region •[Preview]: Configure backup for blobs on storage accounts with a given tag to an existing backup vault in the same region •[Preview]: Configure blob backup for all storage accounts that do not contain a given tag to a backup vault in the same region •[Preview]: Disable Cross Subscription Restore for Azure Recovery Services vaults •[Preview]: Disable Cross Subscription Restore for Backup Vaults •Configure backup on virtual machines with a given tag to a new recovery services vault with a default policy •Configure backup on virtual machines with a given tag to an existing recovery services vault in the same location •Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy •Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location | |||
c2a970b4-16a7-4a51-8c84-8a8ea6ee0bb8 | Backup MUA Admin | Backup MultiUser-Authorization. Can create/delete ResourceGuard | False |
00070 effective control plane operations (unique) •action: 7 •delete: 3 •read: 56 •write: 4 |
Actions: 026 resolved operations: 70 effective operations: 70 •action: 7 •delete: 3 •read: 56 •write: 4 •Microsoft.DataProtection/*/read •Microsoft.DataProtection/*/resourceGuards/write •Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write •Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/delete •Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read •Microsoft.DataProtection/locations/operationResults/read •Microsoft.DataProtection/locations/operationStatus/read •Microsoft.DataProtection/locations/getBackupStatus/action •Microsoft.DataProtection/locations/checkFeatureSupport/action •Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/operationStatus/read •Microsoft.Authorization/*/read •Microsoft.Features/features/read •Microsoft.Features/providers/features/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/* •Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read •Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write •Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete •Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action •Microsoft.DataProtection/subscriptions/providers/resourceGuards/read •Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read | ||||
f54b6d04-23c6-443e-b462-9c16ab7b4a52 | Backup MUA Operator | Backup MultiUser-Authorization. Allows user to perform critical operation protected by resourceguard | False |
00068 effective control plane operations (unique) •action: 24 •read: 44 |
Actions: 003 resolved operations: 68 effective operations: 68 •action: 24 •read: 44 •Microsoft.DataProtection/*/action •Microsoft.DataProtection/*/read •Microsoft.Authorization/*/read | ||||
00c29273-979b-4161-815c-10b084fb9324 | Backup Operator | Lets you manage backup services, except removal of backup, vault creation and giving access to others | False |
00148 effective control plane operations (unique) •action: 38 •delete: 3 •read: 93 •write: 14 |
Actions: 102 resolved operations: 148 effective operations: 148 •action: 38 •delete: 3 •read: 93 •write: 14 •Microsoft.Authorization/*/read •Microsoft.Network/virtualNetworks/read •Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action •Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read •Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action •Microsoft.RecoveryServices/Vaults/backupJobs/* •Microsoft.RecoveryServices/Vaults/backupJobsExport/action •Microsoft.RecoveryServices/Vaults/backupOperationResults/* •Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read •Microsoft.RecoveryServices/Vaults/backupPolicies/read •Microsoft.RecoveryServices/Vaults/backupProtectableItems/* •Microsoft.RecoveryServices/Vaults/backupProtectedItems/read •Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read •Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read •Microsoft.RecoveryServices/Vaults/certificates/write •Microsoft.RecoveryServices/Vaults/extendedInformation/read •Microsoft.RecoveryServices/Vaults/extendedInformation/write •Microsoft.RecoveryServices/Vaults/monitoringAlerts/read •Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* •Microsoft.RecoveryServices/Vaults/read •Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read •Microsoft.RecoveryServices/Vaults/registeredIdentities/read •Microsoft.RecoveryServices/Vaults/registeredIdentities/write •Microsoft.RecoveryServices/Vaults/usages/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Storage/storageAccounts/read •Microsoft.RecoveryServices/Vaults/backupstorageconfig/* •Microsoft.RecoveryServices/Vaults/backupValidateOperation/action •Microsoft.RecoveryServices/Vaults/backupTriggerValidateOperation/action •Microsoft.RecoveryServices/Vaults/backupValidateOperationResults/read •Microsoft.RecoveryServices/Vaults/backupValidateOperationsStatuses/read •Microsoft.RecoveryServices/Vaults/backupOperations/read •Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action •Microsoft.RecoveryServices/Vaults/backupEngines/read •Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write •Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read •Microsoft.RecoveryServices/locations/backupStatus/action •Microsoft.RecoveryServices/locations/backupPreValidateProtection/action •Microsoft.RecoveryServices/locations/backupValidateFeatures/action •Microsoft.RecoveryServices/locations/backupAadProperties/read •Microsoft.RecoveryServices/locations/backupCrrJobs/action •Microsoft.RecoveryServices/locations/backupCrrJob/action •Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action •Microsoft.RecoveryServices/locations/backupCrrOperationResults/read •Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read •Microsoft.RecoveryServices/Vaults/monitoringAlerts/write •Microsoft.RecoveryServices/operations/read •Microsoft.RecoveryServices/locations/operationStatus/read •Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read •Microsoft.Support/* •Microsoft.DataProtection/backupVaults/backupInstances/read •Microsoft.DataProtection/backupVaults/backupInstances/read •Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read •Microsoft.DataProtection/backupVaults/backupInstances/write •Microsoft.DataProtection/backupVaults/deletedBackupInstances/read •Microsoft.DataProtection/backupVaults/backupPolicies/read •Microsoft.DataProtection/backupVaults/backupPolicies/read •Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read •Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read •Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action •Microsoft.DataProtection/backupVaults/read •Microsoft.DataProtection/backupVaults/operationResults/read •Microsoft.DataProtection/backupVaults/operationStatus/read •Microsoft.DataProtection/backupVaults/read •Microsoft.DataProtection/backupVaults/read •Microsoft.DataProtection/locations/operationStatus/read •Microsoft.DataProtection/locations/operationResults/read •Microsoft.DataProtection/operations/read •Microsoft.DataProtection/backupVaults/validateForBackup/action •Microsoft.DataProtection/backupVaults/backupInstances/backup/action •Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action •Microsoft.DataProtection/backupVaults/backupInstances/restore/action •Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action •Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action •Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action •Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action •Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action •Microsoft.DataProtection/locations/checkFeatureSupport/action •Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/delete •Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/read •Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/unlockDelete/action •Microsoft.RecoveryServices/Vaults/backupResourceGuardProxies/write •Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read •Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write •Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete •Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action | ||||
a795c7a0-d4a2-40c1-ae25-d81f01202912 | Backup Reader | Can view backup services, but can't make changes | False |
00092 effective control plane operations (unique) •action: 15 •read: 74 •write: 3 |
Actions: 068 resolved operations: 92 effective operations: 92 •action: 15 •read: 74 •write: 3 •Microsoft.Authorization/*/read •Microsoft.RecoveryServices/locations/allocatedStamp/read •Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read •Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read •Microsoft.RecoveryServices/Vaults/backupJobs/read •Microsoft.RecoveryServices/Vaults/backupJobsExport/action •Microsoft.RecoveryServices/Vaults/backupOperationResults/read •Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read •Microsoft.RecoveryServices/Vaults/backupPolicies/read •Microsoft.RecoveryServices/Vaults/backupProtectedItems/read •Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read •Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read •Microsoft.RecoveryServices/Vaults/extendedInformation/read •Microsoft.RecoveryServices/Vaults/monitoringAlerts/read •Microsoft.RecoveryServices/Vaults/read •Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read •Microsoft.RecoveryServices/Vaults/registeredIdentities/read •Microsoft.RecoveryServices/Vaults/backupstorageconfig/read •Microsoft.RecoveryServices/Vaults/backupconfig/read •Microsoft.RecoveryServices/Vaults/backupOperations/read •Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read •Microsoft.RecoveryServices/Vaults/backupEngines/read •Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read •Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read •Microsoft.RecoveryServices/locations/backupStatus/action •Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* •Microsoft.RecoveryServices/Vaults/monitoringAlerts/write •Microsoft.RecoveryServices/operations/read •Microsoft.RecoveryServices/locations/operationStatus/read •Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read •Microsoft.RecoveryServices/Vaults/usages/read •Microsoft.RecoveryServices/locations/backupValidateFeatures/action •Microsoft.RecoveryServices/locations/backupCrrJobs/action •Microsoft.RecoveryServices/locations/backupCrrJob/action •Microsoft.RecoveryServices/locations/backupCrrOperationResults/read •Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read •Microsoft.DataProtection/locations/getBackupStatus/action •Microsoft.DataProtection/backupVaults/backupInstances/write •Microsoft.DataProtection/backupVaults/backupInstances/read •Microsoft.DataProtection/backupVaults/deletedBackupInstances/read •Microsoft.DataProtection/backupVaults/backupInstances/backup/action •Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action •Microsoft.DataProtection/backupVaults/backupInstances/restore/action •Microsoft.DataProtection/backupVaults/backupPolicies/read •Microsoft.DataProtection/backupVaults/backupPolicies/read •Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read •Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read •Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read •Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action •Microsoft.DataProtection/backupVaults/read •Microsoft.DataProtection/backupVaults/operationResults/read •Microsoft.DataProtection/backupVaults/operationStatus/read •Microsoft.DataProtection/backupVaults/read •Microsoft.DataProtection/backupVaults/read •Microsoft.DataProtection/locations/operationStatus/read •Microsoft.DataProtection/locations/operationResults/read •Microsoft.DataProtection/backupVaults/validateForBackup/action •Microsoft.DataProtection/operations/read •Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action •Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action •Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action •Microsoft.DataProtection/locations/checkFeatureSupport/action | ||||
39138f76-04e6-41f0-ba6b-c411b59081a9 | Bayer Ag Powered Services Crop Id Solution User Role | Provide access to Crop Id Solution by Bayer Ag Powered Services | False |
00019 effective data plane operations (unique) •action: 5 •delete: 3 •read: 6 •write: 5 |
DataActions: 007 resolved data operations: 19 effective data operations: 19 •action: 5 •delete: 3 •read: 6 •write: 5 •Microsoft.AgFoodPlatform/farmBeats/parties/fields/read •Microsoft.AgFoodPlatform/farmBeats/parties/fields/write •Microsoft.AgFoodPlatform/farmBeats/parties/read •Microsoft.AgFoodPlatform/farmBeats/ingestionJobs/satelliteDataIngestionJobs/* •Microsoft.AgFoodPlatform/farmBeats/scenes/* •Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insights/* •Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insightAttachments/* | ||||
a9b99099-ead7-47db-8fcf-072597a61dfa | Bayer Ag Powered Services CWUM Solution | Provide access to CWUM Solution by Bayer Ag Powered Services | False |
00023 effective data plane operations (unique) •action: 5 •delete: 3 •read: 8 •write: 7 |
DataActions: 011 resolved data operations: 23 effective data operations: 23 •action: 5 •delete: 3 •read: 8 •write: 7 •Microsoft.AgFoodPlatform/farmBeats/parties/read •Microsoft.AgFoodPlatform/farmBeats/parties/boundaries/read •Microsoft.AgFoodPlatform/farmBeats/parties/boundaries/write •Microsoft.AgFoodPlatform/farmBeats/parties/farms/read •Microsoft.AgFoodPlatform/farmBeats/parties/farms/write •Microsoft.AgFoodPlatform/farmBeats/parties/fields/read •Microsoft.AgFoodPlatform/farmBeats/parties/fields/write •Microsoft.AgFoodPlatform/farmBeats/ingestionJobs/satelliteDataIngestionJobs/* •Microsoft.AgFoodPlatform/farmBeats/scenes/* •Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insightAttachments/* •Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insights/* | ||||
1af232de-e806-426f-8ca1-c36142449755 | Bayer Ag Powered Services Field Imagery Solution Service Role | Provide access to Field Imagery Solution by Bayer Ag Powered Services | False |
00017 effective data plane operations (unique) •action: 5 •delete: 3 •read: 5 •write: 4 |
DataActions: 006 resolved data operations: 17 effective data operations: 17 •action: 5 •delete: 3 •read: 5 •write: 4 •Microsoft.AgFoodPlatform/farmBeats/parties/read •Microsoft.AgFoodPlatform/farmBeats/parties/fields/read •Microsoft.AgFoodPlatform/farmBeats/parties/fields/write •Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insights/* •Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insightAttachments/* •Microsoft.AgFoodPlatform/farmBeats/scenes/* | ||||
c4bc862a-3b64-4a35-a021-a380c159b042 | Bayer Ag Powered Services GDU Solution | Provide access to GDU Solution by Bayer Ag Powered Services | False |
00013 effective data plane operations (unique) •action: 3 •delete: 2 •read: 6 •write: 2 |
DataActions: 006 resolved data operations: 13 effective data operations: 13 •action: 3 •delete: 2 •read: 6 •write: 2 •Microsoft.AgFoodPlatform/farmBeats/parties/read •Microsoft.AgFoodPlatform/farmBeats/parties/boundaries/read •Microsoft.AgFoodPlatform/farmBeats/parties/farms/read •Microsoft.AgFoodPlatform/farmBeats/parties/fields/read •Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insights/* •Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insightAttachments/* | ||||
b5b192c1-773c-4543-bfb0-6c59254b74a9 | Bayer Ag Powered Services Historical Weather Data Solution User Role | Provide access to Historical Weather Data Solution by Bayer Ag Powered Services | False |
00014 effective data plane operations (unique) •action: 3 •delete: 2 •read: 5 •write: 4 |
DataActions: 007 resolved data operations: 14 effective data operations: 14 •action: 3 •delete: 2 •read: 5 •write: 4 •Microsoft.AgFoodPlatform/farmBeats/parties/read •Microsoft.AgFoodPlatform/farmBeats/parties/fields/read •Microsoft.AgFoodPlatform/farmBeats/parties/fields/write •Microsoft.AgFoodPlatform/farmBeats/parties/farms/read •Microsoft.AgFoodPlatform/farmBeats/parties/farms/write •Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insights/* •Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insightAttachments/* | ||||
ef29765d-0d37-4119-a4f8-f9f9902c9588 | Bayer Ag Powered Services Imagery Solution | Provide access to Imagery Solution by Bayer Ag Powered Services | False |
00023 effective data plane operations (unique) •action: 5 •delete: 3 •read: 8 •write: 7 |
DataActions: 011 resolved data operations: 23 effective data operations: 23 •action: 5 •delete: 3 •read: 8 •write: 7 •Microsoft.AgFoodPlatform/farmBeats/parties/read •Microsoft.AgFoodPlatform/farmBeats/parties/boundaries/read •Microsoft.AgFoodPlatform/farmBeats/parties/boundaries/write •Microsoft.AgFoodPlatform/farmBeats/parties/farms/read •Microsoft.AgFoodPlatform/farmBeats/parties/farms/write •Microsoft.AgFoodPlatform/farmBeats/parties/fields/read •Microsoft.AgFoodPlatform/farmBeats/parties/fields/write •Microsoft.AgFoodPlatform/farmBeats/ingestionJobs/satelliteDataIngestionJobs/* •Microsoft.AgFoodPlatform/farmBeats/scenes/* •Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insights/* •Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insightAttachments/* | ||||
539283cd-c185-4a9a-9503-d35217a1db7b | Bayer Ag Powered Services Smart Boundary Solution User Role | Provide access to Smart Boundary Solution by Bayer Ag Powered Services | False |
00019 effective data plane operations (unique) •action: 5 •delete: 3 •read: 6 •write: 5 |
DataActions: 007 resolved data operations: 19 effective data operations: 19 •action: 5 •delete: 3 •read: 6 •write: 5 •Microsoft.AgFoodPlatform/farmBeats/parties/read •Microsoft.AgFoodPlatform/farmBeats/parties/fields/read •Microsoft.AgFoodPlatform/farmBeats/parties/fields/write •Microsoft.AgFoodPlatform/farmBeats/ingestionJobs/satelliteDataIngestionJobs/* •Microsoft.AgFoodPlatform/farmBeats/scenes/* •Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insights/* •Microsoft.AgFoodPlatform/farmBeats/parties/models/resourceTypes/resources/insightAttachments/* | ||||
fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64 | Billing Reader | Allows read access to billing data | False |
00183 effective control plane operations (unique) •action: 3 •read: 179 •write: 1 |
Actions: 007 resolved operations: 183 effective operations: 183 •action: 3 •read: 179 •write: 1 •Microsoft.Authorization/*/read •Microsoft.Billing/*/read •Microsoft.Commerce/*/read •Microsoft.Consumption/*/read •Microsoft.Management/managementGroups/read •Microsoft.CostManagement/*/read •Microsoft.Support/* | ||||
5e3c6656-6cfa-4708-81fe-0de47ac73342 | BizTalk Contributor | Lets you manage BizTalk services, but not access to them. | False |
00056 effective control plane operations (unique) •: 1 •Action: 10 •Delete: 2 •read: 40 •Write: 3 |
Actions: 007 resolved operations: 56 effective operations: 56 •: 1 •Action: 10 •Delete: 2 •read: 40 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.BizTalkServices/BizTalk/* •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
31a002a1-acaf-453e-8a5b-297c9ca1ea24 | Blockchain Member Node Access (Preview) | Allows for access to Blockchain Member nodes | False |
00002 effective control plane and data plane operations (unique) •action: 1 •read: 1 |
Actions: 001 resolved operations: 1 effective operations: 1 •read: 1 •Microsoft.Blockchain/blockchainMembers/transactionNodes/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action | |||
41077137-e803-4205-871c-5a86e6a753b4 | Blueprint Contributor | Can manage blueprint definitions, but not assign them. | False |
00057 effective control plane operations (unique) •action: 7 •delete: 4 •read: 41 •write: 5 |
Actions: 005 resolved operations: 57 effective operations: 57 •action: 7 •delete: 4 •read: 41 •write: 5 •Microsoft.Authorization/*/read •Microsoft.Blueprint/blueprints/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/* •Microsoft.Support/* | ||||
437d2ced-4a38-4302-8479-ed2bcb43d090 | Blueprint Operator | Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity. | False |
00052 effective control plane operations (unique) •action: 8 •delete: 2 •read: 39 •write: 3 |
Actions: 005 resolved operations: 52 effective operations: 52 •action: 8 •delete: 2 •read: 39 •write: 3 •Microsoft.Authorization/*/read •Microsoft.Blueprint/blueprintAssignments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/* •Microsoft.Support/* | ||||
fa0d39e6-28e5-40cf-8521-1eb320653a4c | Carbon Optimization Reader | Allow read access to Azure Carbon Optimization data | False |
00001 effective control plane operations (unique) •action: 1 |
Actions: 001 resolved operations: 1 effective operations: 1 •action: 1 •Microsoft.Carbon/carbonEmissionReports/action | ||||
426e0c7f-0c7e-4658-b36f-ff54d6c29b45 | CDN Endpoint Contributor | Can manage CDN endpoints, but can't grant access to other users. | False |
00153 effective control plane operations (unique) •: 1 •action: 44 •delete: 22 •read: 62 •write: 24 |
Actions: 008 resolved operations: 153 effective operations: 153 •: 1 •action: 44 •delete: 22 •read: 62 •write: 24 •Microsoft.Authorization/*/read •Microsoft.Cdn/edgenodes/read •Microsoft.Cdn/operationresults/* •Microsoft.Cdn/profiles/endpoints/* •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
871e35f6-b5c1-49cc-a043-bde969a0f2cd | CDN Endpoint Reader | Can view CDN endpoints, but can't make changes. | False |
00136 effective control plane operations (unique) •: 1 •action: 37 •delete: 18 •read: 61 •write: 19 |
Actions: 009 resolved operations: 136 effective operations: 136 •: 1 •action: 37 •delete: 18 •read: 61 •write: 19 •Microsoft.Authorization/*/read •Microsoft.Cdn/edgenodes/read •Microsoft.Cdn/operationresults/* •Microsoft.Cdn/profiles/endpoints/*/read •Microsoft.Cdn/profiles/afdendpoints/validateCustomDomain/action •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
ec156ff8-a8d1-4d15-830c-5b80698ca432 | CDN Profile Contributor | Can manage CDN and Azure Front Door standard and premium profiles and their endpoints, but can't grant access to other users. | False |
00215 effective control plane operations (unique) •: 1 •action: 66 •delete: 32 •read: 81 •write: 35 |
Actions: 008 resolved operations: 215 effective operations: 215 •: 1 •action: 66 •delete: 32 •read: 81 •write: 35 •Microsoft.Authorization/*/read •Microsoft.Cdn/edgenodes/read •Microsoft.Cdn/operationresults/* •Microsoft.Cdn/profiles/* •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
8f96442b-4075-438f-813d-ad51ab4019af | CDN Profile Reader | Can view CDN profiles and their endpoints, but can't make changes. | False |
00157 effective control plane operations (unique) •: 1 •action: 39 •delete: 18 •read: 80 •write: 19 |
Actions: 011 resolved operations: 157 effective operations: 157 •: 1 •action: 39 •delete: 18 •read: 80 •write: 19 •Microsoft.Authorization/*/read •Microsoft.Cdn/edgenodes/read •Microsoft.Cdn/operationresults/* •Microsoft.Cdn/profiles/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Cdn/profiles/afdendpoints/validateCustomDomain/action •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •Microsoft.Cdn/profiles/CheckResourceUsage/action •Microsoft.Cdn/profiles/endpoints/CheckResourceUsage/action | ||||
4e9b8407-af2e-495b-ae54-bb60a55b1b5a | Chamber Admin | Lets you manage everything under your Modeling and Simulation Workbench chamber. | False |
00071 effective control plane and data plane operations (unique) •action: 21 •delete: 5 •read: 40 •write: 5 |
Actions: 005 resolved operations: 70 effective operations: 68 •action: 18 •delete: 5 •read: 40 •write: 5 •Microsoft.ModSimWorkbench/*/read •Microsoft.ModSimWorkbench/workbenches/chambers/* •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | NotActions: 002 resolved not operations: 2 effective not operations: 16124 •Microsoft.ModSimWorkbench/workbenches/chambers/fileRequests/manage/action •Microsoft.ModSimWorkbench/workbenches/chambers/connector/setCopyPaste/action | DataActions: 002 resolved data operations: 3 effective data operations: 3 •action: 3 •Microsoft.ModSimWorkbench/workbenches/chambers/upload/action •Microsoft.ModSimWorkbench/workbenches/chambers/files/* | ||
4447db05-44ed-4da3-ae60-6cbece780e32 | Chamber User | Lets you view everything under your Modeling and Simulation Workbench chamber, but not make any changes. | False |
00050 effective control plane and data plane operations (unique) •action: 10 •delete: 2 •read: 36 •write: 2 |
Actions: 007 resolved operations: 49 effective operations: 49 •action: 9 •delete: 2 •read: 36 •write: 2 •Microsoft.ModSimWorkbench/workbenches/chambers/*/read •Microsoft.ModSimWorkbench/workbenches/chambers/workloads/* •Microsoft.ModSimWorkbench/workbenches/chambers/getUploadUri/action •Microsoft.ModSimWorkbench/workbenches/chambers/fileRequests/getDownloadUri/action •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.ModSimWorkbench/workbenches/chambers/upload/action | |||
7c2e40b7-25eb-482a-82cb-78ba06cb46d5 | Chaos Studio Experiment Contributor | Can create, run, and see details for experiments, onboard targets, and manage capabilities. | False |
00066 effective control plane operations (unique) •: 1 •action: 12 •delete: 5 •read: 43 •write: 5 |
Actions: 005 resolved operations: 66 effective operations: 66 •: 1 •action: 12 •delete: 5 •read: 43 •write: 5 •Microsoft.Chaos/* •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
1a40e87e-6645-48e0-b27a-0b115d849a20 | Chaos Studio Operator | Can run and see details for experiments but cannot create experiments or manage targets and capabilities. | False |
00058 effective control plane operations (unique) •: 1 •action: 10 •Delete: 2 •read: 43 •Write: 2 |
Actions: 010 resolved operations: 58 effective operations: 58 •: 1 •action: 10 •Delete: 2 •read: 43 •Write: 2 •Microsoft.Chaos/*/read •Microsoft.Chaos/experiments/start/action •Microsoft.Chaos/experiments/cancel/action •Microsoft.Chaos/experiments/executions/getExecutionDetails/action •Microsoft.Chaos/locations/operationResults/read •Microsoft.Chaos/locations/operationStatuses/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
29e2da8a-229c-4157-8ae8-cc72fc506b74 | Chaos Studio Reader | Can view targets, capabilities, experiments, and experiment details. | False |
00056 effective control plane operations (unique) •: 1 •action: 8 •Delete: 2 •read: 43 •Write: 2 |
Actions: 006 resolved operations: 56 effective operations: 56 •: 1 •action: 8 •Delete: 2 •read: 43 •Write: 2 •Microsoft.Chaos/*/read •Microsoft.Chaos/experiments/executions/getExecutionDetails/action •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
b34d265f-36f7-4a0d-a4d4-e158ca92e90f | Classic Network Contributor | Lets you manage classic networks, but not access to them. | False |
00128 effective control plane operations (unique) •: 1 •action: 32 •delete: 12 •read: 68 •write: 15 |
Actions: 007 resolved operations: 128 effective operations: 128 •: 1 •action: 32 •delete: 12 •read: 68 •write: 15 •Microsoft.Authorization/*/read •Microsoft.ClassicNetwork/* •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
86e8f5dc-a6e9-4c67-9d15-de283e8eac25 | Classic Storage Account Contributor | Lets you manage classic storage accounts, but not access to them. | False |
00100 effective control plane operations (unique) •: 1 •action: 16 •delete: 7 •read: 63 •write: 13 |
Actions: 007 resolved operations: 100 effective operations: 100 •: 1 •action: 16 •delete: 7 •read: 63 •write: 13 •Microsoft.Authorization/*/read •Microsoft.ClassicStorage/storageAccounts/* •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
985d6b00-f706-48f5-a6fe-d0ca12fb668d | Classic Storage Account Key Operator Service Role | Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts | False |
00002 effective control plane operations (unique) •action: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •action: 2 •Microsoft.ClassicStorage/storageAccounts/listkeys/action •Microsoft.ClassicStorage/storageAccounts/regeneratekey/action | ||||
d73bb868-a0df-4d4d-bd69-98a00b01fccb | Classic Virtual Machine Contributor | Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | False |
00161 effective control plane operations (unique) •: 1 •action: 35 •delete: 11 •read: 90 •write: 24 |
Actions: 017 resolved operations: 161 effective operations: 161 •: 1 •action: 35 •delete: 11 •read: 90 •write: 24 •Microsoft.Authorization/*/read •Microsoft.ClassicCompute/domainNames/* •Microsoft.ClassicCompute/virtualMachines/* •Microsoft.ClassicNetwork/networkSecurityGroups/join/action •Microsoft.ClassicNetwork/reservedIps/link/action •Microsoft.ClassicNetwork/reservedIps/read •Microsoft.ClassicNetwork/virtualNetworks/join/action •Microsoft.ClassicNetwork/virtualNetworks/read •Microsoft.ClassicStorage/storageAccounts/disks/read •Microsoft.ClassicStorage/storageAccounts/images/read •Microsoft.ClassicStorage/storageAccounts/listKeys/action •Microsoft.ClassicStorage/storageAccounts/read •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
9106cda0-8a86-4e81-b686-29a22c54effe | ClearDB MySQL DB Contributor | Lets you manage ClearDB MySQL databases, but not access to them. | False |
00056 effective control plane operations (unique) •: 1 •Action: 10 •Delete: 2 •read: 40 •Write: 3 |
Actions: 007 resolved operations: 56 effective operations: 56 •: 1 •Action: 10 •Delete: 2 •read: 40 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •successbricks.cleardb/databases/* | ||||
4e9d0bd4-5aab-4f91-92df-9def33fe287c | CloudTest Contributor Role | Read, write, delete and perform actions on CloudTest Accounts, CloudTest Pools, 1ES Hosted Pools and 1ES Images. | False |
00060 effective control plane operations (unique) •: 1 •action: 9 •delete: 6 •read: 38 •write: 6 |
Actions: 015 resolved operations: 60 effective operations: 60 •: 1 •action: 9 •delete: 6 •read: 38 •write: 6 •Microsoft.CloudTest/*/read •Microsoft.CloudTest/hostedpools/write •Microsoft.CloudTest/hostedpools/delete •Microsoft.CloudTest/images/write •Microsoft.CloudTest/images/delete •Microsoft.CloudTest/images/cancel/action •Microsoft.CloudTest/images/refresh/action •Microsoft.CloudTest/pools/write •Microsoft.CloudTest/pools/delete •Microsoft.CloudTest/accounts/write •Microsoft.CloudTest/accounts/delete •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/read | ||||
7ac06ca7-21ca-47e3-a67b-cbd6e6223baf | Cognitive Search Serverless Data Contributor (Deprecated) | This role has been deprecated | False |
00002 effective data plane operations (unique) •read: 2 |
DataActions: 002 resolved data operations: 2 effective data operations: 2 •read: 2 •Microsoft.CognitiveSearch/indexes/schema/* •Microsoft.CognitiveSearch/indexes/documents/* | ||||
79b01272-bf9f-4f4c-9517-5506269cf524 | Cognitive Search Serverless Data Reader (Deprecated) | This role has been deprecated | False |
00002 effective data plane operations (unique) •read: 2 |
DataActions: 002 resolved data operations: 2 effective data operations: 2 •read: 2 •Microsoft.CognitiveSearch/indexes/schema/read •Microsoft.CognitiveSearch/indexes/documents/read | ||||
25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68 | Cognitive Services Contributor | Lets you create, read, update, delete and manage keys of Cognitive Services. | False |
00152 effective control plane operations (unique) •: 1 •action: 24 •delete: 18 •read: 88 •write: 21 |
Actions: 018 resolved operations: 152 effective operations: 152 •: 1 •action: 24 •delete: 18 •read: 88 •write: 21 •Microsoft.Authorization/*/read •Microsoft.CognitiveServices/* •Microsoft.Features/features/read •Microsoft.Features/providers/features/read •Microsoft.Features/providers/features/register/action •Microsoft.Insights/alertRules/* •Microsoft.Insights/diagnosticSettings/* •Microsoft.Insights/logDefinitions/read •Microsoft.Insights/metricdefinitions/read •Microsoft.Insights/metrics/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | count: 003 •Configure Azure AI Services resources to disable local key access (disable local authentication) •Configure Azure AI Services resources to disable local key access (disable local authentication) •Configure Cognitive Services accounts with private endpoints | |||
c1ff6cc2-c111-46fe-8896-e0ef812ad9f3 | Cognitive Services Custom Vision Contributor | Full access to the project, including the ability to view, create, edit, or delete projects. | False |
00111 effective control plane and data plane operations (unique) •action: 33 •delete: 11 •read: 60 •write: 7 |
Actions: 001 resolved operations: 37 effective operations: 37 •read: 37 •Microsoft.CognitiveServices/*/read | DataActions: 001 resolved data operations: 74 effective data operations: 74 •action: 33 •delete: 11 •read: 23 •write: 7 •Microsoft.CognitiveServices/accounts/CustomVision/* | |||
5c4089e1-6d96-4d2f-b296-c1bc7137275f | Cognitive Services Custom Vision Deployment | Publish, unpublish or export models. Deployment can view the project but can't update. | False |
00074 effective control plane and data plane operations (unique) •action: 13 •delete: 2 •read: 59 |
Actions: 001 resolved operations: 37 effective operations: 37 •read: 37 •Microsoft.CognitiveServices/*/read | DataActions: 007 resolved data operations: 38 effective data operations: 37 •action: 13 •delete: 2 •read: 22 •Microsoft.CognitiveServices/accounts/CustomVision/*/read •Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/* •Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/* •Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/* •Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/* •Microsoft.CognitiveServices/accounts/CustomVision/classify/* •Microsoft.CognitiveServices/accounts/CustomVision/detect/* | NotDataActions: 001 resolved not data operations: 1 effective not data operations: 3266 •Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | ||
88424f51-ebe7-446f-bc41-7fa16989e96c | Cognitive Services Custom Vision Labeler | View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags. | False |
00077 effective control plane and data plane operations (unique) •action: 13 •delete: 4 •read: 59 •write: 1 |
Actions: 001 resolved operations: 37 effective operations: 37 •read: 37 •Microsoft.CognitiveServices/*/read | DataActions: 006 resolved data operations: 41 effective data operations: 40 •action: 13 •delete: 4 •read: 22 •write: 1 •Microsoft.CognitiveServices/accounts/CustomVision/*/read •Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action •Microsoft.CognitiveServices/accounts/CustomVision/projects/images/* •Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/* •Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/* •Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action | NotDataActions: 001 resolved not data operations: 1 effective not data operations: 3263 •Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | ||
93586559-c37d-4a6b-ba08-b9f0940c2d73 | Cognitive Services Custom Vision Reader | Read-only actions in the project. Readers can't create or update the project. | False |
00060 effective control plane and data plane operations (unique) •action: 1 •read: 59 |
Actions: 001 resolved operations: 37 effective operations: 37 •read: 37 •Microsoft.CognitiveServices/*/read | DataActions: 002 resolved data operations: 24 effective data operations: 23 •action: 1 •read: 22 •Microsoft.CognitiveServices/accounts/CustomVision/*/read •Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action | NotDataActions: 001 resolved not data operations: 1 effective not data operations: 3280 •Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | ||
0a5ae4ab-0d65-4eeb-be61-29fc9b54394b | Cognitive Services Custom Vision Trainer | View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can't create or delete the project. | False |
00107 effective control plane and data plane operations (unique) •action: 31 •delete: 10 •read: 59 •write: 7 |
Actions: 001 resolved operations: 37 effective operations: 37 •read: 37 •Microsoft.CognitiveServices/*/read | DataActions: 001 resolved data operations: 74 effective data operations: 70 •action: 31 •delete: 10 •read: 22 •write: 7 •Microsoft.CognitiveServices/accounts/CustomVision/* | NotDataActions: 004 resolved not data operations: 4 effective not data operations: 3233 •Microsoft.CognitiveServices/accounts/CustomVision/projects/action •Microsoft.CognitiveServices/accounts/CustomVision/projects/delete •Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action •Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read | ||
19c28022-e58e-450d-a464-0b2a53034789 | Cognitive Services Data Contributor (Preview) | Allows to call data plane APIs, but not any control plane APIs for Microsoft Cognitive Services. This role is in preview and subject to change. | False |
01454 effective data plane operations (unique) •action: 421 •delete: 204 •read: 588 •write: 241 |
DataActions: 001 resolved data operations: 1454 effective data operations: 1454 •action: 421 •delete: 204 •read: 588 •write: 241 •Microsoft.CognitiveServices/* | ||||
b59867f0-fa02-499b-be73-45a86b5b3e1c | Cognitive Services Data Reader | Lets you read Cognitive Services data. | False |
00588 effective data plane operations (unique) •read: 588 |
DataActions: 001 resolved data operations: 588 effective data operations: 588 •read: 588 •Microsoft.CognitiveServices/*/read | ||||
b5b0c71d-aca9-4081-aee2-9b1bb335fc1a | Cognitive Services Face Contributor | Full access to perform all Face APIs | False |
00112 effective control plane and data plane operations (unique) •action: 19 •delete: 16 •read: 63 •write: 14 |
Actions: 003 resolved operations: 39 effective operations: 39 •read: 39 •Microsoft.CognitiveServices/*/read •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read | DataActions: 001 resolved data operations: 73 effective data operations: 73 •action: 19 •delete: 16 •read: 24 •write: 14 •Microsoft.CognitiveServices/accounts/Face/* | |||
9894cab4-e18a-44aa-828b-cb588cd6f2d7 | Cognitive Services Face Recognizer | Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices. | False |
00016 effective data plane operations (unique) •action: 10 •delete: 2 •read: 4 |
DataActions: 012 resolved data operations: 16 effective data operations: 16 •action: 10 •delete: 2 •read: 4 •Microsoft.CognitiveServices/accounts/Face/detect/action •Microsoft.CognitiveServices/accounts/Face/verify/action •Microsoft.CognitiveServices/accounts/Face/identify/action •Microsoft.CognitiveServices/accounts/Face/group/action •Microsoft.CognitiveServices/accounts/Face/findsimilars/action •Microsoft.CognitiveServices/accounts/Face/detectliveness/multimodal/action •Microsoft.CognitiveServices/accounts/Face/detectliveness/singlemodal/action •Microsoft.CognitiveServices/accounts/Face/detectlivenesswithverify/singlemodal/action •Microsoft.CognitiveServices/accounts/Face/*/sessions/action •Microsoft.CognitiveServices/accounts/Face/*/sessions/delete •Microsoft.CognitiveServices/accounts/Face/*/sessions/read •Microsoft.CognitiveServices/accounts/Face/*/sessions/audit/read | ||||
b2de6794-95db-4659-8781-7e080d3f2b9d | Cognitive Services Immersive Reader User | Provides access to create Immersive Reader sessions and call APIs | False |
00001 effective data plane operations (unique) •action: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.CognitiveServices/accounts/ImmersiveReader/getcontentmodelforreader/action | ||||
f07febfe-79bc-46b1-8b37-790e26e6e498 | Cognitive Services Language Owner | Has access to all Read, Test, Write, Deploy and Delete functions under Language portal | False |
00236 effective control plane and data plane operations (unique) •action: 61 •delete: 12 •read: 149 •write: 14 |
Actions: 004 resolved operations: 40 effective operations: 40 •action: 1 •read: 39 •Microsoft.CognitiveServices/*/read •Microsoft.CognitiveServices/accounts/listkeys/action •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read | DataActions: 004 resolved data operations: 213 effective data operations: 196 •action: 60 •delete: 12 •read: 110 •write: 14 •Microsoft.CognitiveServices/accounts/LanguageAuthoring/* •Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/* •Microsoft.CognitiveServices/accounts/Language/* •Microsoft.CognitiveServices/accounts/TextAnalytics/* | NotDataActions: 001 resolved not data operations: 17 effective not data operations: 3107 •Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/* | ||
7628b7b8-a8b2-4cdc-b46f-e9b35248918e | Cognitive Services Language Reader | Has access to Read and Test functions under Language portal | False |
00168 effective control plane and data plane operations (unique) •action: 19 •read: 149 |
Actions: 003 resolved operations: 39 effective operations: 39 •read: 39 •Microsoft.CognitiveServices/*/read •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read | DataActions: 016 resolved data operations: 146 effective data operations: 129 •action: 19 •read: 110 •Microsoft.CognitiveServices/accounts/LanguageAuthoring/*/read •Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/*/read •Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/export/action •Microsoft.CognitiveServices/accounts/Language/*/read •Microsoft.CognitiveServices/accounts/Language/*/projects/export/action •Microsoft.CognitiveServices/accounts/Language/query-text/action •Microsoft.CognitiveServices/accounts/Language/query-dataverse/action •Microsoft.CognitiveServices/accounts/Language/analyze-text/jobs/action •Microsoft.CognitiveServices/accounts/Language/analyze-text/action •Microsoft.CognitiveServices/accounts/Language/analyze-text/jobscancel/action •Microsoft.CognitiveServices/accounts/Language/analyze-conversations/action •Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobscancel/action •Microsoft.CognitiveServices/accounts/Language/analyze-conversations/jobs/action •Microsoft.CognitiveServices/accounts/Language/query-knowledgebases/action •Microsoft.CognitiveServices/accounts/Language/generate/action •Microsoft.CognitiveServices/accounts/TextAnalytics/* | NotDataActions: 001 resolved not data operations: 17 effective not data operations: 3174 •Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/* | ||
f2310ca1-dc64-4889-bb49-c8e0fa3d47a8 | Cognitive Services Language Writer | Has access to all Read, Test, and Write functions under Language Portal | False |
00223 effective control plane and data plane operations (unique) •action: 57 •delete: 7 •read: 149 •write: 10 |
Actions: 003 resolved operations: 39 effective operations: 39 •read: 39 •Microsoft.CognitiveServices/*/read •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read | DataActions: 004 resolved data operations: 213 effective data operations: 184 •action: 57 •delete: 7 •read: 110 •write: 10 •Microsoft.CognitiveServices/accounts/LanguageAuthoring/* •Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/* •Microsoft.CognitiveServices/accounts/Language/* •Microsoft.CognitiveServices/accounts/TextAnalytics/* | NotDataActions: 007 resolved not data operations: 29 effective not data operations: 3119 •Microsoft.CognitiveServices/accounts/LanguageAuthoring/projects/publish/action •Microsoft.CognitiveServices/accounts/ConversationalLanguageUnderstanding/projects/deployments/write •Microsoft.CognitiveServices/accounts/TextAnalytics/QnaMaker/* •Microsoft.CognitiveServices/accounts/Language/*/projects/delete •Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/write •Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/delete •Microsoft.CognitiveServices/accounts/Language/*/projects/deployments/swap/action | ||
f72c8140-2111-481c-87ff-72b910f6e3f8 | Cognitive Services LUIS Owner | Has access to all Read, Test, Write, Deploy and Delete functions under LUIS | False |
00261 effective control plane and data plane operations (unique) •action: 19 •delete: 40 •read: 150 •write: 52 |
Actions: 004 resolved operations: 40 effective operations: 40 •action: 1 •read: 39 •Microsoft.CognitiveServices/*/read •Microsoft.CognitiveServices/accounts/listkeys/action •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read | DataActions: 001 resolved data operations: 221 effective data operations: 221 •action: 18 •delete: 40 •read: 111 •write: 52 •Microsoft.CognitiveServices/accounts/LUIS/* | |||
18e81cdc-4e98-4e29-a639-e7d10c5a6226 | Cognitive Services LUIS Reader | Has access to Read and Test functions under LUIS. | False |
00151 effective control plane and data plane operations (unique) •read: 150 •write: 1 |
Actions: 003 resolved operations: 39 effective operations: 39 •read: 39 •Microsoft.CognitiveServices/*/read •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read | DataActions: 002 resolved data operations: 112 effective data operations: 112 •read: 111 •write: 1 •Microsoft.CognitiveServices/accounts/LUIS/*/read •Microsoft.CognitiveServices/accounts/LUIS/apps/testdatasets/write | |||
6322a993-d5c9-4bed-b113-e49bbea25b27 | Cognitive Services LUIS Writer | Has access to all Read, Test, and Write functions under LUIS | False |
00254 effective control plane and data plane operations (unique) •action: 15 •delete: 38 •read: 150 •write: 51 |
Actions: 003 resolved operations: 39 effective operations: 39 •read: 39 •Microsoft.CognitiveServices/*/read •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read | DataActions: 001 resolved data operations: 221 effective data operations: 215 •action: 15 •delete: 38 •read: 111 •write: 51 •Microsoft.CognitiveServices/accounts/LUIS/* | NotDataActions: 006 resolved not data operations: 6 effective not data operations: 3088 •Microsoft.CognitiveServices/accounts/LUIS/apps/delete •Microsoft.CognitiveServices/accounts/LUIS/apps/move/action •Microsoft.CognitiveServices/accounts/LUIS/apps/publish/action •Microsoft.CognitiveServices/accounts/LUIS/apps/settings/write •Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/action •Microsoft.CognitiveServices/accounts/LUIS/apps/azureaccounts/delete | ||
cb43c632-a144-4ec5-977c-e80c4affc34a | Cognitive Services Metrics Advisor Administrator | Full access to the project, including the system level configuration. | False |
00091 effective control plane and data plane operations (unique) •action: 14 •delete: 8 •read: 60 •write: 9 |
Actions: 001 resolved operations: 37 effective operations: 37 •read: 37 •Microsoft.CognitiveServices/*/read | DataActions: 001 resolved data operations: 54 effective data operations: 54 •action: 14 •delete: 8 •read: 23 •write: 9 •Microsoft.CognitiveServices/accounts/MetricsAdvisor/* | |||
3b20f47b-3825-43cb-8114-4bd2201156a8 | Cognitive Services Metrics Advisor User | Access to the project. | False |
00090 effective control plane and data plane operations (unique) •action: 14 •delete: 8 •read: 59 •write: 9 |
Actions: 001 resolved operations: 37 effective operations: 37 •read: 37 •Microsoft.CognitiveServices/*/read | DataActions: 001 resolved data operations: 54 effective data operations: 53 •action: 14 •delete: 8 •read: 22 •write: 9 •Microsoft.CognitiveServices/accounts/MetricsAdvisor/* | NotDataActions: 001 resolved not data operations: 1 effective not data operations: 3250 •Microsoft.CognitiveServices/accounts/MetricsAdvisor/stats/* | ||
a001fd3d-188f-4b5d-821b-7da978bf7442 | Cognitive Services OpenAI Contributor | Full access including the ability to fine-tune, deploy and generate text | False |
00118 effective control plane and data plane operations (unique) •action: 18 •delete: 15 •read: 64 •write: 21 |
Actions: 011 resolved operations: 45 effective operations: 45 •delete: 3 •read: 39 •write: 3 •Microsoft.CognitiveServices/*/read •Microsoft.CognitiveServices/accounts/deployments/write •Microsoft.CognitiveServices/accounts/deployments/delete •Microsoft.CognitiveServices/accounts/raiPolicies/read •Microsoft.CognitiveServices/accounts/raiPolicies/write •Microsoft.CognitiveServices/accounts/raiPolicies/delete •Microsoft.CognitiveServices/accounts/commitmentplans/read •Microsoft.CognitiveServices/accounts/commitmentplans/write •Microsoft.CognitiveServices/accounts/commitmentplans/delete •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read | DataActions: 001 resolved data operations: 73 effective data operations: 73 •action: 18 •delete: 12 •read: 25 •write: 18 •Microsoft.CognitiveServices/accounts/OpenAI/* | count: 002 •Configure Azure AI Services resources to disable local key access (disable local authentication) •Configure Azure AI Services resources to disable local key access (disable local authentication) | ||
5e0bd9bd-7b93-4f28-af87-19fc36ad61bd | Cognitive Services OpenAI User | Ability to view files, models, deployments. Readers can't make any changes They can inference and create images | False |
00088 effective control plane and data plane operations (unique) •action: 11 •delete: 6 •read: 63 •write: 8 |
Actions: 003 resolved operations: 39 effective operations: 39 •read: 39 •Microsoft.CognitiveServices/*/read •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read | DataActions: 013 resolved data operations: 50 effective data operations: 49 •action: 11 •delete: 6 •read: 24 •write: 8 •Microsoft.CognitiveServices/accounts/OpenAI/*/read •Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action •Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action •Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action •Microsoft.CognitiveServices/accounts/OpenAI/deployments/audio/action •Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action •Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action •Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action •Microsoft.CognitiveServices/accounts/OpenAI/deployments/realtime/action •Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action •Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action •Microsoft.CognitiveServices/accounts/OpenAI/images/generations/action •Microsoft.CognitiveServices/accounts/OpenAI/assistants/* | NotDataActions: 001 resolved not data operations: 1 effective not data operations: 3254 •Microsoft.CognitiveServices/accounts/OpenAI/stored-completions/read | ||
f4cc2bf9-21be-47a1-bdf1-5c5804381025 | Cognitive Services QnA Maker Editor | Let's you create, edit, import and export a KB. You cannot publish or delete a KB. | False |
00078 effective control plane and data plane operations (unique) •action: 9 •read: 57 •write: 12 |
Actions: 003 resolved operations: 39 effective operations: 39 •read: 39 •Microsoft.CognitiveServices/*/read •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read | DataActions: 039 resolved data operations: 39 effective data operations: 39 •action: 9 •read: 18 •write: 12 •Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read •Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read •Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write •Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write •Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action •Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action •Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read •Microsoft.CognitiveServices/accounts/QnAMaker/alterations/write •Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read •Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action •Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read •Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write •Microsoft.CognitiveServices/accounts/QnAMaker/operations/read •Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read •Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read •Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write •Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write •Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action •Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action •Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read •Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/write •Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read •Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action •Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read •Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write •Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/write •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read | |||
466ccd10-b268-4a11-b098-b4849f024126 | Cognitive Services QnA Maker Reader | Let's you read and test a KB only. | False |
00057 effective control plane and data plane operations (unique) •action: 3 •read: 54 |
Actions: 003 resolved operations: 39 effective operations: 39 •read: 39 •Microsoft.CognitiveServices/*/read •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read | DataActions: 018 resolved data operations: 18 effective data operations: 18 •action: 3 •read: 15 •Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read •Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read •Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action •Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read •Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read •Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read •Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read •Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read •Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action •Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read •Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read •Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read •Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read | |||
0e75ca1e-0464-4b4d-8b93-68208a576181 | Cognitive Services Speech Contributor | Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice. | False |
00221 effective control plane and data plane operations (unique) •action: 38 •delete: 33 •read: 109 •write: 41 |
Actions: 003 resolved operations: 39 effective operations: 39 •read: 39 •Microsoft.CognitiveServices/*/read •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read | DataActions: 007 resolved data operations: 182 effective data operations: 182 •action: 38 •delete: 33 •read: 70 •write: 41 •Microsoft.CognitiveServices/accounts/SpeechServices/* •Microsoft.CognitiveServices/accounts/CustomVoice/* •Microsoft.CognitiveServices/accounts/AudioContentCreation/* •Microsoft.CognitiveServices/accounts/VideoTranslation/* •Microsoft.CognitiveServices/accounts/CustomAvatar/* •Microsoft.CognitiveServices/accounts/BatchAvatar/* •Microsoft.CognitiveServices/accounts/BatchTextToSpeech/* | |||
f2dc8367-1007-4938-bd23-fe263f013447 | Cognitive Services Speech User | Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models. | False |
00163 effective control plane and data plane operations (unique) •action: 27 •delete: 14 •read: 107 •write: 15 |
Actions: 003 resolved operations: 39 effective operations: 39 •read: 39 •Microsoft.CognitiveServices/*/read •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read | DataActions: 016 resolved data operations: 126 effective data operations: 124 •action: 27 •delete: 14 •read: 68 •write: 15 •Microsoft.CognitiveServices/accounts/SpeechServices/*/read •Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/read •Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/write •Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/delete •Microsoft.CognitiveServices/accounts/SpeechServices/*/transcriptions/action •Microsoft.CognitiveServices/accounts/SpeechServices/*/frontend/action •Microsoft.CognitiveServices/accounts/SpeechServices/text-dependent/*/action •Microsoft.CognitiveServices/accounts/SpeechServices/text-independent/*/action •Microsoft.CognitiveServices/accounts/CustomVoice/*/read •Microsoft.CognitiveServices/accounts/CustomVoice/evaluations/* •Microsoft.CognitiveServices/accounts/CustomVoice/longaudiosynthesis/* •Microsoft.CognitiveServices/accounts/AudioContentCreation/* •Microsoft.CognitiveServices/accounts/VideoTranslation/* •Microsoft.CognitiveServices/accounts/CustomAvatar/*/read •Microsoft.CognitiveServices/accounts/BatchAvatar/* •Microsoft.CognitiveServices/accounts/BatchTextToSpeech/* | NotDataActions: 002 resolved not data operations: 2 effective not data operations: 3179 •Microsoft.CognitiveServices/accounts/CustomVoice/datasets/files/read •Microsoft.CognitiveServices/accounts/CustomVoice/datasets/utterances/read | ||
bba48692-92b0-4667-a9ad-c31c7b334ac2 | Cognitive Services Usages Reader | Minimal permission to view Cognitive Services usages. | False |
00001 effective control plane operations (unique) •read: 1 |
Actions: 001 resolved operations: 1 effective operations: 1 •read: 1 •Microsoft.CognitiveServices/locations/usages/read | ||||
a97b65f3-24c7-4388-baec-2e87135dc908 | Cognitive Services User | Lets you read and list keys of Cognitive Services. | False |
01512 effective control plane and data plane operations (unique) •action: 425 •delete: 204 •read: 641 •write: 242 |
Actions: 013 resolved operations: 58 effective operations: 58 •action: 4 •read: 53 •write: 1 •Microsoft.CognitiveServices/*/read •Microsoft.CognitiveServices/accounts/listkeys/action •Microsoft.Insights/alertRules/read •Microsoft.Insights/diagnosticSettings/read •Microsoft.Insights/logDefinitions/read •Microsoft.Insights/metricdefinitions/read •Microsoft.Insights/metrics/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | DataActions: 001 resolved data operations: 1454 effective data operations: 1454 •action: 421 •delete: 204 •read: 588 •write: 241 •Microsoft.CognitiveServices/* | |||
daa9e50b-21df-454c-94a6-a8050adab352 | Collaborative Data Contributor | Can manage data packages of a collaborative. | False |
00057 effective control plane operations (unique) •: 1 •action: 12 •Delete: 2 •read: 39 •Write: 3 |
Actions: 013 resolved operations: 57 effective operations: 57 •: 1 •action: 12 •Delete: 2 •read: 39 •Write: 3 •Microsoft.IndustryDataLifecycle/custodianCollaboratives/*/read •Microsoft.IndustryDataLifecycle/memberCollaboratives/*/read •Microsoft.IndustryDataLifecycle/locations/dataPackages/* •Microsoft.IndustryDataLifecycle/custodianCollaboratives/receivedDataPackages/* •Microsoft.IndustryDataLifecycle/custodianCollaboratives/rejectDataPackage/action •Microsoft.IndustryDataLifecycle/memberCollaboratives/sharedDataPackages/* •Microsoft.IndustryDataLifecycle/custodianCollaboratives/dataModels/* •Microsoft.IndustryDataLifecycle/custodianCollaboratives/auditLogs/action •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
7a6f0e70-c033-4fb1-828c-08514e5f4102 | Collaborative Runtime Operator | Can manage resources created by AICS at runtime | False |
00055 effective control plane operations (unique) •: 1 •Action: 10 •Delete: 2 •read: 39 •Write: 3 |
Actions: 008 resolved operations: 55 effective operations: 55 •: 1 •Action: 10 •Delete: 2 •read: 39 •Write: 3 •Microsoft.IndustryDataLifecycle/derivedModels/* •Microsoft.IndustryDataLifecycle/pipelineSets/* •Microsoft.IndustryDataLifecycle/modelMappings/* •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
09976791-48a7-449e-bb21-39d1a415f350 | Communication and Email Service Owner | Create, read, modify, and delete Communications and Email Service resources. | False |
00031 effective control plane operations (unique) •action: 7 •Delete: 7 •Read: 9 •Write: 8 |
Actions: 031 resolved operations: 31 effective operations: 31 •action: 7 •Delete: 7 •Read: 9 •Write: 8 •Microsoft.Communication/CheckNameAvailability/action •Microsoft.Communication/Locations/OperationStatuses/read •Microsoft.Communication/Locations/OperationStatuses/write •Microsoft.Communication/Operations/read •Microsoft.Communication/CommunicationServices/read •Microsoft.Communication/CommunicationServices/write •Microsoft.Communication/CommunicationServices/delete •Microsoft.Communication/CommunicationServices/ListKeys/action •Microsoft.Communication/CommunicationServices/RegenerateKey/action •Microsoft.Communication/CommunicationServices/LinkNotificationHub/action •Microsoft.Communication/CommunicationServices/EventGridFilters/read •Microsoft.Communication/CommunicationServices/EventGridFilters/write •Microsoft.Communication/CommunicationServices/EventGridFilters/delete •Microsoft.Communication/EmailServices/read •Microsoft.Communication/EmailServices/write •Microsoft.Communication/EmailServices/delete •Microsoft.Communication/EmailServices/Domains/read •Microsoft.Communication/EmailServices/Domains/write •Microsoft.Communication/EmailServices/Domains/delete •Microsoft.Communication/EmailServices/Domains/SenderUsernames/read •Microsoft.Communication/EmailServices/Domains/SenderUsernames/write •Microsoft.Communication/EmailServices/Domains/SenderUsernames/delete •Microsoft.Communication/EmailServices/Domains/SuppressionLists/read •Microsoft.Communication/EmailServices/Domains/SuppressionLists/write •Microsoft.Communication/EmailServices/Domains/SuppressionLists/delete •Microsoft.Communication/EmailServices/Domains/SuppressionLists/SuppressionListAddresses/read •Microsoft.Communication/EmailServices/Domains/SuppressionLists/SuppressionListAddresses/write •Microsoft.Communication/EmailServices/Domains/SuppressionLists/SuppressionListAddresses/delete •Microsoft.Communication/EmailServices/Domains/InitiateVerification/action •Microsoft.Communication/EmailServices/Domains/CancelVerification/action •Microsoft.Communication/EmailServices/Domains/* | ||||
49435da6-99fe-48a5-a235-fc668b9dc04a | Community Contributor Role | Community Contributor Role to access the resources of Microsoft.Mission stored with RPSAAS. | False |
00064 effective control plane operations (unique) •action: 2 •read: 50 •write: 12 |
Actions: 038 resolved operations: 64 effective operations: 64 •action: 2 •read: 50 •write: 12 •Microsoft.Mission/register/action •Microsoft.Mission/unregister/action •Microsoft.Mission/Locations/OperationStatuses/read •Microsoft.Mission/Locations/OperationStatuses/write •Microsoft.Mission/Operations/read •Microsoft.Mission/catalogs/read •Microsoft.Mission/catalogs/write •Microsoft.Mission/communities/read •Microsoft.Mission/communities/write •Microsoft.Mission/internalConnections/read •Microsoft.Mission/internalConnections/write •Microsoft.Mission/externalConnections/read •Microsoft.Mission/externalConnections/write •Microsoft.Mission/virtualEnclaves/read •Microsoft.Mission/virtualEnclaves/write •Microsoft.Mission/virtualEnclaves/endpoints/read •Microsoft.Mission/virtualEnclaves/endpoints/write •Microsoft.Mission/virtualEnclaves/workloads/read •Microsoft.Mission/virtualEnclaves/workloads/write •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Features/providers/features/read •Microsoft.Features/features/read •Microsoft.Mission/communities/communityEndpoints/read •Microsoft.Mission/communities/communityEndpoints/write •Microsoft.Mission/communities/transitHubs/read •Microsoft.Mission/communities/transitHubs/write •Microsoft.Mission/enclaveConnections/read •Microsoft.Mission/virtualEnclaves/enclaveEndpoints/read •Microsoft.Mission/approvals/read •Microsoft.Mission/approvals/write | ||||
5e28a61e-8040-49db-b175-bb5b88af6239 | Community Owner Role | Community Owner Role to access the resources of Microsoft.Mission stored with RPSAAS. | False |
00068 effective control plane operations (unique) •action: 2 •delete: 8 •read: 48 •write: 10 |
Actions: 042 resolved operations: 68 effective operations: 68 •action: 2 •delete: 8 •read: 48 •write: 10 •Microsoft.Mission/register/action •Microsoft.Mission/unregister/action •Microsoft.Mission/Locations/OperationStatuses/read •Microsoft.Mission/Locations/OperationStatuses/write •Microsoft.Mission/Operations/read •Microsoft.Mission/catalogs/read •Microsoft.Mission/catalogs/write •Microsoft.Mission/catalogs/delete •Microsoft.Mission/communities/read •Microsoft.Mission/communities/write •Microsoft.Mission/communities/delete •Microsoft.Mission/internalConnections/read •Microsoft.Mission/internalConnections/write •Microsoft.Mission/internalConnections/delete •Microsoft.Mission/virtualEnclaves/read •Microsoft.Mission/virtualEnclaves/write •Microsoft.Mission/virtualEnclaves/delete •Microsoft.Mission/virtualEnclaves/workloads/read •Microsoft.Mission/virtualEnclaves/workloads/write •Microsoft.Mission/virtualEnclaves/workloads/delete •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Features/providers/features/read •Microsoft.Features/features/read •Microsoft.Mission/communities/communityEndpoints/read •Microsoft.Mission/communities/communityEndpoints/write •Microsoft.Mission/communities/communityEndpoints/delete •Microsoft.Mission/communities/transitHubs/read •Microsoft.Mission/communities/transitHubs/write •Microsoft.Mission/communities/transitHubs/delete •Microsoft.Mission/enclaveConnections/read •Microsoft.Mission/virtualEnclaves/enclaveEndpoints/read •Microsoft.Mission/approvals/read •Microsoft.Mission/approvals/write •Microsoft.Mission/approvals/delete | ||||
e6aadb6b-e64f-41c0-9392-d2bba3bc3ebc | Community Reader Role | Community Reader Role to access the resources of Microsoft.Mission stored with RPSAAS. | False |
00065 effective control plane operations (unique) •: 1 •Action: 7 •Delete: 2 •read: 53 •Write: 2 |
Actions: 024 resolved operations: 65 effective operations: 65 •: 1 •Action: 7 •Delete: 2 •read: 53 •Write: 2 •Microsoft.Mission/Locations/OperationStatuses/read •Microsoft.Mission/Operations/read •Microsoft.Mission/catalogs/read •Microsoft.Mission/communities/read •Microsoft.Mission/internalConnections/read •Microsoft.Mission/externalConnections/read •Microsoft.Mission/virtualEnclaves/read •Microsoft.Mission/virtualEnclaves/endpoints/read •Microsoft.Mission/virtualEnclaves/workloads/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Features/providers/features/read •Microsoft.Features/features/read •Microsoft.Mission/communities/communityEndpoints/read •Microsoft.Mission/communities/transitHubs/read •Microsoft.Mission/enclaveConnections/read •Microsoft.Mission/virtualEnclaves/enclaveEndpoints/read •Microsoft.Mission/approvals/read | ||||
df2711a6-406d-41cf-b366-b0250bff9ad1 | Compute Diagnostics Role | Grants permissions to execute diagnostics provided by Compute Diagnostic Service for Compute Resources. | False |
00029 effective control plane operations (unique) •action: 2 •read: 27 |
Actions: 003 resolved operations: 29 effective operations: 29 •action: 2 •read: 27 •Microsoft.Authorization/*/read •Microsoft.Compute/disks/beginGetAccess/action •Microsoft.Compute/virtualmachinescalesets/disks/beginGetAccess/action | ||||
85a2d0d9-2eba-4c9c-b355-11c2cc0788ab | Compute Gallery Artifacts Publisher | This is the role for publishing gallery artifacts. | False |
00079 effective control plane operations (unique) •: 1 •action: 8 •delete: 10 •read: 48 •write: 12 |
Actions: 011 resolved operations: 80 effective operations: 79 •: 1 •action: 8 •delete: 10 •read: 48 •write: 12 •Microsoft.Compute/galleries/* •Microsoft.Compute/locations/capsOperations/read •Microsoft.Compute/locations/communityGalleries/* •Microsoft.Compute/locations/sharedGalleries/* •Microsoft.Compute/images/* •Microsoft.Compute/virtualMachines/write •Microsoft.Compute/disks/write •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | NotActions: 001 resolved not operations: 1 effective not operations: 16113 •Microsoft.Compute/galleries/share/action | |||
cf7c76d2-98a3-4358-a134-615aa78bf44d | Compute Gallery Image Reader | This is the role for reading gallery images. | False |
00002 effective control plane operations (unique) •read: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 2 •Microsoft.Compute/galleries/images/read •Microsoft.Compute/galleries/images/versions/read | ||||
1ef6a3be-d0ac-425d-8c01-acb62866290b | Compute Gallery Sharing Admin | This role allows user to share gallery to another subscription/tenant or share it to the public. | False |
00001 effective control plane operations (unique) •action: 1 |
Actions: 001 resolved operations: 1 effective operations: 1 •action: 1 •Microsoft.Compute/galleries/share/action | ||||
e82342c9-ac7f-422b-af64-e426d2e12b2d | Compute Recommendations Role | Grants permissions to call Compute Recommendations APIs provided by Compute Diagnostic Resource Provider service. | False |
00001 effective control plane operations (unique) •action: 1 |
Actions: 001 resolved operations: 1 effective operations: 1 •action: 1 •Microsoft.Compute/locations/placementScores/generate/action | ||||
65a14201-8f6c-4c28-bec4-12619c5a9aaa | Connected Cluster Managed Identity CheckAccess Reader | Built-in role that allows a Connected Cluster managed identity to call the checkAccess API | False |
00027 effective control plane operations (unique) •read: 27 |
Actions: 001 resolved operations: 27 effective operations: 27 •read: 27 •Microsoft.Authorization/*/read | ||||
6cdbb904-5ff3-429d-8169-7d7818b91bd8 | Connector Reader | Read connectors and their associated resources, such as impacts and insights. | False |
00003 effective control plane operations (unique) •Read: 3 |
Actions: 003 resolved operations: 3 effective operations: 3 •Read: 3 •Microsoft.Impact/Connectors/Read •Microsoft.Impact/WorkloadImpacts/Read •Microsoft.Impact/WorkloadImpacts/Insights/Read | ||||
6f4fe6fc-f04f-4d97-8528-8bc18c848dca | Container Apps ConnectedEnvironments Contributor | Full management of Container Apps ConnectedEnvironments, including creation, deletion, and updates. | False |
00059 effective control plane operations (unique) •: 1 •action: 10 •delete: 6 •read: 36 •write: 6 |
Actions: 009 resolved operations: 59 effective operations: 59 •: 1 •action: 10 •delete: 6 •read: 36 •write: 6 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.App/connectedEnvironments/* •Microsoft.App/connectedEnvironments/*/read •Microsoft.App/connectedEnvironments/*/write •Microsoft.App/connectedEnvironments/*/delete •Microsoft.App/connectedEnvironments/*/action •Microsoft.App/connectedEnvironments/daprComponents/listSecrets/action •Microsoft.Resources/deployments/* | ||||
d5adeb5b-107f-4aca-99ea-4e3f4fc008d5 | Container Apps ConnectedEnvironments Reader | Read access to Container Apps ConnectedEnvironments. | False |
00049 effective control plane operations (unique) •: 1 •Action: 7 •Delete: 2 •read: 37 •Write: 2 |
Actions: 006 resolved operations: 49 effective operations: 49 •: 1 •Action: 7 •Delete: 2 •read: 37 •Write: 2 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.App/connectedEnvironments/read •Microsoft.App/connectedEnvironments/*/read •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
358470bc-b998-42bd-ab17-a7e34c199c0f | Container Apps Contributor | Full management of Container Apps, including creation, deletion, and updates. | False |
00095 effective control plane operations (unique) •: 1 •action: 19 •delete: 8 •read: 61 •write: 6 |
Actions: 014 resolved operations: 95 effective operations: 95 •: 1 •action: 19 •delete: 8 •read: 61 •write: 6 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.App/containerApps/*/read •Microsoft.App/containerApps/*/write •Microsoft.App/containerApps/*/delete •Microsoft.App/containerApps/*/action •Microsoft.App/managedEnvironments/read •Microsoft.App/managedEnvironments/*/read •Microsoft.App/managedEnvironments/join/action •Microsoft.App/managedEnvironments/checknameavailability/action •Microsoft.App/connectedEnvironments/read •Microsoft.App/connectedEnvironments/*/read •Microsoft.App/connectedEnvironments/join/action •Microsoft.App/connectedEnvironments/checknameavailability/action | ||||
4e3d2b60-56ae-4dc6-a233-09c8e5a82e68 | Container Apps Jobs Contributor | Full management of Container Apps jobs, including creation, deletion, and updates. | False |
00084 effective control plane operations (unique) •: 1 •action: 20 •delete: 3 •read: 57 •write: 3 |
Actions: 016 resolved operations: 84 effective operations: 84 •: 1 •action: 20 •delete: 3 •read: 57 •write: 3 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •microsoft.app/jobs/read •Microsoft.App/jobs/*/read •Microsoft.App/jobs/*/action •Microsoft.App/jobs/write •Microsoft.App/jobs/delete •Microsoft.app/managedenvironments/read •Microsoft.App/managedenvironments/*/read •Microsoft.App/managedenvironments/join/action •Microsoft.App/managedenvironments/checknameavailability/action •Microsoft.app/connectedEnvironments/read •Microsoft.App/connectedEnvironments/*/read •Microsoft.App/connectedEnvironments/join/action •Microsoft.App/connectedEnvironments/checknameavailability/action •Microsoft.Resources/deployments/* | ||||
b9a307c4-5aa3-4b52-ba60-2b17c136cd7b | Container Apps Jobs Operator | Read, start, and stop Container Apps jobs. | False |
00075 effective control plane and data plane operations (unique) •: 1 •action: 18 •Delete: 1 •read: 54 •Write: 1 |
Actions: 013 resolved operations: 73 effective operations: 73 •: 1 •action: 16 •Delete: 1 •read: 54 •Write: 1 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •microsoft.app/jobs/read •Microsoft.App/jobs/*/read •Microsoft.App/jobs/*/action •Microsoft.app/managedenvironments/read •Microsoft.App/managedenvironments/*/read •Microsoft.App/managedenvironments/join/action •Microsoft.App/managedenvironments/checknameavailability/action •Microsoft.app/connectedEnvironments/read •Microsoft.App/connectedEnvironments/*/read •Microsoft.App/connectedEnvironments/join/action •Microsoft.App/connectedEnvironments/checknameavailability/action | DataActions: 002 resolved data operations: 2 effective data operations: 2 •action: 2 •Microsoft.App/jobs/logstream/action •Microsoft.App/jobs/exec/action | |||
edd66693-d32a-450b-997d-0158c03976b0 | Container Apps Jobs Reader | Read access to ContainerApps jobs | False |
00005 effective control plane operations (unique) •read: 5 |
Actions: 003 resolved operations: 5 effective operations: 5 •read: 5 •microsoft.app/jobs/read •Microsoft.App/jobs/*/read •Microsoft.App/managedenvironments/read | ||||
57cc5028-e6a7-4284-868d-0611c5923f8d | Container Apps ManagedEnvironments Contributor | Full management of Container Apps ManagedEnvironments, including creation, deletion, and updates. | False |
00089 effective control plane operations (unique) •: 1 •action: 12 •delete: 14 •read: 48 •write: 14 |
Actions: 007 resolved operations: 89 effective operations: 89 •: 1 •action: 12 •delete: 14 •read: 48 •write: 14 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.App/managedEnvironments/*/read •Microsoft.App/managedEnvironments/*/write •Microsoft.App/managedEnvironments/*/delete •Microsoft.App/managedEnvironments/*/action •Microsoft.Resources/deployments/* | ||||
1b32c00b-7eff-4c22-93e6-93d11d72d2d8 | Container Apps ManagedEnvironments Reader | Read access to ContainerApps managedenvironments. | False |
00051 effective control plane operations (unique) •: 1 •Action: 3 •Delete: 1 •read: 45 •Write: 1 |
Actions: 003 resolved operations: 51 effective operations: 51 •: 1 •Action: 3 •Delete: 1 •read: 45 •Write: 1 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.App/managedEnvironments/*/read | ||||
f3bd1b5c-91fa-40e7-afe7-0c11d331232c | Container Apps Operator | Read, logstream and exec into Container Apps. | False |
00086 effective control plane and data plane operations (unique) •: 1 •action: 22 •Delete: 1 •read: 61 •Write: 1 |
Actions: 012 resolved operations: 83 effective operations: 83 •: 1 •action: 19 •Delete: 1 •read: 61 •Write: 1 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.App/containerApps/*/read •Microsoft.App/containerApps/*/action •Microsoft.App/managedEnvironments/read •Microsoft.App/managedEnvironments/*/read •Microsoft.App/managedEnvironments/join/action •Microsoft.App/managedEnvironments/checknameavailability/action •Microsoft.App/connectedEnvironments/read •Microsoft.App/connectedEnvironments/*/read •Microsoft.App/connectedEnvironments/join/action •Microsoft.App/connectedEnvironments/checknameavailability/action | DataActions: 003 resolved data operations: 3 effective data operations: 3 •action: 3 •Microsoft.App/containerApps/logstream/action •Microsoft.App/containerApps/exec/action •Microsoft.App/containerApps/debug/action | |||
f7669afb-68b2-44b4-9c5f-6d2a47fddda0 | Container Apps SessionPools Contributor | Full management of Container Apps SessionPools, including creation, deletion, and updates. | False |
00071 effective control plane operations (unique) •: 1 •action: 12 •Delete: 2 •read: 54 •Write: 2 |
Actions: 015 resolved operations: 71 effective operations: 71 •: 1 •action: 12 •Delete: 2 •read: 54 •Write: 2 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.App/sessionPools/*/read •Microsoft.App/sessionPools/*/write •Microsoft.App/sessionPools/*/delete •Microsoft.App/sessionPools/*/action •microsoft.App/managedEnvironments/read •Microsoft.App/managedEnvironments/*/read •Microsoft.App/managedEnvironments/join/action •Microsoft.App/managedEnvironments/checknameavailability/action •microsoft.App/connectedEnvironments/read •Microsoft.App/connectedEnvironments/*/read •Microsoft.App/connectedEnvironments/join/action •Microsoft.App/connectedEnvironments/checknameavailability/action •Microsoft.Resources/deployments/* | ||||
af61e8fc-2633-4b95-bed3-421ad6826515 | Container Apps SessionPools Reader | Read access to ContainerApps sessionpools. | False |
00036 effective control plane operations (unique) •: 1 •Action: 3 •Delete: 1 •read: 30 •Write: 1 |
Actions: 003 resolved operations: 36 effective operations: 36 •: 1 •Action: 3 •Delete: 1 •read: 30 •Write: 1 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.App/sessionPools/*/read | ||||
69b07be0-09bf-439a-b9a6-e73de851bd59 | Container Registry Configuration Reader and Data Access Configuration Reader | Provides permissions to list container registries and registry configuration properties. Provides permissions to list data access configuration such as admin user credentials, scope maps, and tokens, which can be used to read, write or delete repositories and images. Does not provide direct permissions to read, list, or write registry contents including repositories and images. Does not provide permissions to modify data plane content such as imports, Artifact Cache or Sync, and Transfer Pipelines. Does not provide permissions for managing Tasks. | False |
00027 effective control plane operations (unique) •action: 6 •Delete: 1 •read: 18 •write: 2 |
Actions: 027 resolved operations: 27 effective operations: 27 •action: 6 •Delete: 1 •read: 18 •write: 2 •Microsoft.ContainerRegistry/registries/operationStatuses/read •Microsoft.ContainerRegistry/registries/read •Microsoft.ContainerRegistry/registries/privateEndpointConnections/read •Microsoft.ContainerRegistry/registries/privateEndpointConnections/operationStatuses/read •Microsoft.ContainerRegistry/registries/listCredentials/action •Microsoft.ContainerRegistry/registries/tokens/read •Microsoft.ContainerRegistry/registries/tokens/operationStatuses/read •Microsoft.ContainerRegistry/registries/scopeMaps/read •Microsoft.ContainerRegistry/registries/scopeMaps/operationStatuses/read •Microsoft.ContainerRegistry/registries/webhooks/read •Microsoft.ContainerRegistry/registries/webhooks/getCallbackConfig/action •Microsoft.ContainerRegistry/registries/webhooks/listEvents/action •Microsoft.ContainerRegistry/registries/webhooks/operationStatuses/read •Microsoft.ContainerRegistry/registries/replications/read •Microsoft.ContainerRegistry/registries/replications/operationStatuses/read •Microsoft.ContainerRegistry/registries/connectedRegistries/read •Microsoft.ContainerRegistry/registries/providers/Microsoft.Insights/diagnosticSettings/read •Microsoft.ContainerRegistry/registries/providers/Microsoft.Insights/diagnosticSettings/write •Microsoft.ContainerRegistry/registries/providers/Microsoft.Insights/logDefinitions/read •Microsoft.ContainerRegistry/registries/providers/Microsoft.Insights/metricDefinitions/read •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read | ||||
3bc748fc-213d-45c1-8d91-9da5725539b9 | Container Registry Contributor and Data Access Configuration Administrator | Provides permissions to create, list, and update container registries and registry configuration properties. Provides permissions to configure data access such as admin user credentials, scope maps, and tokens, which can be used to read, write or delete repositories and images. Does not provide direct permissions to read, list, or write registry contents including repositories and images. Does not provide permissions to modify data plane content such as imports, Artifact Cache or Sync, and Transfer Pipelines. Does not provide permissions for managing Tasks. | False |
00089 effective control plane operations (unique) •action: 16 •delete: 9 •read: 52 •write: 12 |
Actions: 055 resolved operations: 89 effective operations: 89 •action: 16 •delete: 9 •read: 52 •write: 12 •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.ContainerRegistry/registries/operationStatuses/read •Microsoft.ContainerRegistry/registries/read •Microsoft.ContainerRegistry/registries/write •Microsoft.ContainerRegistry/registries/delete •Microsoft.ContainerRegistry/registries/listCredentials/action •Microsoft.ContainerRegistry/registries/regenerateCredential/action •Microsoft.ContainerRegistry/registries/generateCredentials/action •Microsoft.ContainerRegistry/registries/replications/read •Microsoft.ContainerRegistry/registries/replications/write •Microsoft.ContainerRegistry/registries/replications/delete •Microsoft.ContainerRegistry/registries/replications/operationStatuses/read •Microsoft.ContainerRegistry/registries/privateEndpointConnectionsApproval/action •Microsoft.ContainerRegistry/registries/privateEndpointConnections/read •Microsoft.ContainerRegistry/registries/privateEndpointConnections/write •Microsoft.ContainerRegistry/registries/privateEndpointConnections/delete •Microsoft.ContainerRegistry/registries/privateEndpointConnections/operationStatuses/read •Microsoft.ContainerRegistry/registries/tokens/read •Microsoft.ContainerRegistry/registries/tokens/write •Microsoft.ContainerRegistry/registries/tokens/delete •Microsoft.ContainerRegistry/registries/tokens/operationStatuses/read •Microsoft.ContainerRegistry/registries/scopeMaps/read •Microsoft.ContainerRegistry/registries/scopeMaps/write •Microsoft.ContainerRegistry/registries/scopeMaps/delete •Microsoft.ContainerRegistry/registries/scopeMaps/operationStatuses/read •Microsoft.ContainerRegistry/registries/providers/Microsoft.Insights/diagnosticSettings/read •Microsoft.ContainerRegistry/registries/providers/Microsoft.Insights/diagnosticSettings/write •Microsoft.ContainerRegistry/registries/providers/Microsoft.Insights/logDefinitions/read •Microsoft.ContainerRegistry/registries/providers/Microsoft.Insights/metricDefinitions/read •Microsoft.Resources/deployments/* •Microsoft.Authorization/*/read •Microsoft.ContainerRegistry/registries/connectedRegistries/read •Microsoft.ContainerRegistry/registries/connectedRegistries/write •Microsoft.ContainerRegistry/registries/connectedRegistries/delete •Microsoft.ContainerRegistry/registries/connectedRegistries/deactivate/action •Microsoft.ContainerRegistry/registries/webhooks/read •Microsoft.ContainerRegistry/registries/webhooks/write •Microsoft.ContainerRegistry/registries/webhooks/delete •Microsoft.ContainerRegistry/registries/webhooks/getCallbackConfig/action •Microsoft.ContainerRegistry/registries/webhooks/ping/action •Microsoft.ContainerRegistry/registries/webhooks/listEvents/action •Microsoft.ContainerRegistry/registries/webhooks/operationStatuses/read •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.ContainerRegistry/locations/operationResults/read •Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/virtualNetworks/subnets/write •Microsoft.Network/virtualNetworks/read •Microsoft.Network/privateEndpoints/privateLinkServiceProxies/write | ||||
577a9874-89fd-4f24-9dbd-b5034d0ad23a | Container Registry Data Importer and Data Reader | Provides the ability to import images into a registry through the registry import operation. Provides the ability to list repositories, view images and tags, get manifests, and pull images. Does not provide permissions for importing images through configuring registry transfer pipelines such as import and export pipelines. Does not provide permissions for importing through configuring Artifact Cache or Sync rules. | False |
00003 effective control plane operations (unique) •action: 1 •read: 2 |
Actions: 003 resolved operations: 3 effective operations: 3 •action: 1 •read: 2 •Microsoft.ContainerRegistry/registries/importImage/action •Microsoft.ContainerRegistry/registries/read •Microsoft.ContainerRegistry/registries/pull/read | ||||
bfdb9389-c9a5-478a-bb2f-ba9ca092c3c7 | Container Registry Repository Catalog Lister | Allows for listing all repositories in an Azure Container Registry. This role is in preview and subject to change. | False |
00001 effective data plane operations (unique) •read: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •read: 1 •Microsoft.ContainerRegistry/registries/catalog/read | ||||
2efddaa5-3f1f-4df3-97df-af3f13818f4c | Container Registry Repository Contributor | Allows for read, write, and delete access to Azure Container Registry repositories, but excluding catalog listing. This role is in preview and subject to change. | False |
00006 effective data plane operations (unique) •delete: 2 •read: 2 •write: 2 |
DataActions: 006 resolved data operations: 6 effective data operations: 6 •delete: 2 •read: 2 •write: 2 •Microsoft.ContainerRegistry/registries/repositories/metadata/read •Microsoft.ContainerRegistry/registries/repositories/content/read •Microsoft.ContainerRegistry/registries/repositories/metadata/write •Microsoft.ContainerRegistry/registries/repositories/content/write •Microsoft.ContainerRegistry/registries/repositories/metadata/delete •Microsoft.ContainerRegistry/registries/repositories/content/delete | ||||
b93aa761-3e63-49ed-ac28-beffa264f7ac | Container Registry Repository Reader | Allows for read access to Azure Container Registry repositories, but excluding catalog listing. This role is in preview and subject to change. | False |
00002 effective data plane operations (unique) •read: 2 |
DataActions: 002 resolved data operations: 2 effective data operations: 2 •read: 2 •Microsoft.ContainerRegistry/registries/repositories/metadata/read •Microsoft.ContainerRegistry/registries/repositories/content/read | ||||
2a1e307c-b015-4ebd-883e-5b7698a07328 | Container Registry Repository Writer | Allows for read and write access to Azure Container Registry repositories, but excluding catalog listing. This role is in preview and subject to change. | False |
00004 effective data plane operations (unique) •read: 2 •write: 2 |
DataActions: 004 resolved data operations: 4 effective data operations: 4 •read: 2 •write: 2 •Microsoft.ContainerRegistry/registries/repositories/metadata/read •Microsoft.ContainerRegistry/registries/repositories/content/read •Microsoft.ContainerRegistry/registries/repositories/metadata/write •Microsoft.ContainerRegistry/registries/repositories/content/write | ||||
bf94e731-3a51-4a7c-8c54-a1ab9971dfc1 | Container Registry Transfer Pipeline Contributor | Provides the ability to transfer, import, and export artifacts through configuring registry transfer pipelines that involve intermediary storage accounts and key vaults. Does not provide permissions to push or pull images. Does not provide permissions to create, manage, or list storage accounts or key vaults. Does not provide permissions to perform role assignments. | False |
00010 effective control plane operations (unique) •delete: 3 •read: 4 •write: 3 |
Actions: 010 resolved operations: 10 effective operations: 10 •delete: 3 •read: 4 •write: 3 •Microsoft.ContainerRegistry/registries/exportPipelines/read •Microsoft.ContainerRegistry/registries/exportPipelines/write •Microsoft.ContainerRegistry/registries/exportPipelines/delete •Microsoft.ContainerRegistry/registries/importPipelines/read •Microsoft.ContainerRegistry/registries/importPipelines/write •Microsoft.ContainerRegistry/registries/importPipelines/delete •Microsoft.ContainerRegistry/registries/pipelineRuns/read •Microsoft.ContainerRegistry/registries/pipelineRuns/write •Microsoft.ContainerRegistry/registries/pipelineRuns/delete •Microsoft.ContainerRegistry/registries/pipelineRuns/operationStatuses/read | ||||
ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b | ContainerApp Reader | View all containerapp resources, but does not allow you to make any changes. | False |
00057 effective control plane operations (unique) •: 1 •Action: 7 •Delete: 2 •read: 45 •Write: 2 |
Actions: 006 resolved operations: 57 effective operations: 57 •: 1 •Action: 7 •Delete: 2 •read: 45 •Write: 2 •Microsoft.App/containerApps/*/read •Microsoft.App/containerApps/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
b24988ac-6180-42a0-ab88-20f7382dd24c | Contributor | Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. | False |
16152 effective control plane operations (unique) •: 1 •action: 3637 •delete: 2478 •read: 6968 •write: 3068 |
Actions: 001 resolved operations: 16192 effective operations: 16152 •: 1 •action: 3637 •delete: 2478 •read: 6968 •write: 3068 •* | NotActions: 011 resolved not operations: 40 effective not operations: 40 •Microsoft.Authorization/*/Delete •Microsoft.Authorization/*/Write •Microsoft.Authorization/elevateAccess/Action •Microsoft.Blueprint/blueprintAssignments/write •Microsoft.Blueprint/blueprintAssignments/delete •Microsoft.Compute/galleries/share/action •Microsoft.Purview/consents/write •Microsoft.Purview/consents/delete •Microsoft.Resources/deploymentStacks/manageDenySetting/action •Microsoft.Subscription/cancel/action •Microsoft.Subscription/enable/action | count: 204 •[Deprecated]: Configure Arc machines to create the default Microsoft Defender for Cloud pipeline using Azure Monitor Agent •[Deprecated]: Configure Arc machines to create the Microsoft Defender for Cloud user-defined pipeline using Azure Monitor Agent •[Deprecated]: Configure machines to create the Microsoft Defender for Cloud user-defined pipeline using Azure Monitor Agent •[Deprecated]: Configure virtual machines to be onboarded to Azure Automanage •[Deprecated]: Configure virtual machines to create the default Microsoft Defender for Cloud pipeline using Azure Monitor Agent •[Deprecated]: Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords •[Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the passwd file permissions set to 0644 •[Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the specified applications installed •[Deprecated]: Deploy prerequisites to audit Linux VMs that have accounts without passwords •[Deprecated]: Deploy prerequisites to audit Linux VMs that have the specified applications installed •[Deprecated]: Deploy prerequisites to audit Windows Server VMs on which Windows Serial Console is not enabled •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Control Panel' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - MSS (Legacy)' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - Network' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Administrative Templates - System' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Accounts' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Audit' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Devices' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Interactive Logon' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Client' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Server' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Access' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Security' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Recovery console' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Shutdown' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - System objects' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - System settings' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - User Account Control' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Settings - Account Policies' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Logon' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Account Management' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Detailed Tracking' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Logon-Logoff' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Object Access' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Policy Change' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - Privilege Use' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'System Audit Policies - System' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'User Rights Assignment' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Components' •[Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Firewall Properties' •[Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group contains any of the specified members •[Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain all the specified members •[Deprecated]: Deploy prerequisites to audit Windows VMs if the Administrators group doesn't contain only specified members •[Deprecated]: Deploy prerequisites to audit Windows VMs on which the DSC configuration is not compliant •[Deprecated]: Deploy prerequisites to audit Windows VMs on which the Log Analytics agent is not connected as expected •[Deprecated]: Deploy prerequisites to audit Windows VMs on which the remote connection status does not match the specified one •[Deprecated]: Deploy prerequisites to audit Windows VMs on which the specified services are not installed and 'Running' •[Deprecated]: Deploy prerequisites to audit Windows VMs on which Windows Defender Exploit Guard is not enabled •[Deprecated]: Deploy prerequisites to audit Windows VMs that allow re-use of the previous 24 passwords •[Deprecated]: Deploy prerequisites to audit Windows VMs that are not joined to the specified domain •[Deprecated]: Deploy prerequisites to audit Windows VMs that are not set to the specified time zone •[Deprecated]: Deploy prerequisites to audit Windows VMs that contain certificates expiring within the specified number of days •[Deprecated]: Deploy prerequisites to audit Windows VMs that do not contain the specified certificates in Trusted Root •[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have a maximum password age of 70 days •[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have a minimum password age of 1 day •[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the password complexity setting enabled •[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified applications installed •[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell execution policy •[Deprecated]: Deploy prerequisites to audit Windows VMs that do not have the specified Windows PowerShell modules installed •[Deprecated]: Deploy prerequisites to audit Windows VMs that do not restrict the minimum password length to 14 characters •[Deprecated]: Deploy prerequisites to audit Windows VMs that do not store passwords using reversible encryption •[Deprecated]: Deploy prerequisites to audit Windows VMs that have not restarted within the specified number of days •[Deprecated]: Deploy prerequisites to audit Windows VMs that have the specified applications installed •[Deprecated]: Deploy prerequisites to audit Windows VMs with a pending reboot •[Deprecated]: Deploy prerequisites to audit Windows web servers that are not using secure communication protocols •[Deprecated]: Deploy prerequisites to enable Guest Configuration Policy on Linux VMs. •[Deprecated]: Deploy prerequisites to enable Guest Configuration Policy on Windows VMs. •[Preview]: Add user-assigned managed identity to enable Guest Configuration assignments on virtual machines •[Preview]: Assign Built-In User-Assigned Managed Identity to Virtual Machine Scale Sets •[Preview]: Assign Built-In User-Assigned Managed Identity to Virtual Machines •[Preview]: Configure Azure Arc-enabled Linux machines with Log Analytics agents connected to default Log Analytics workspace •[Preview]: Configure Azure Arc-enabled Windows machines with Log Analytics agents connected to default Log Analytics workspace •[Preview]: Configure Azure Defender for SQL agent on virtual machine •[Preview]: Deploy Microsoft Defender for Endpoint agent on Linux hybrid machines •[Preview]: Deploy Microsoft Defender for Endpoint agent on Linux virtual machines •[Preview]: Deploy Microsoft Defender for Endpoint agent on Windows Azure Arc machines •[Preview]: Deploy Microsoft Defender for Endpoint agent on Windows virtual machines •[Preview]: Enable system-assigned identity to SQL VM •[Preview]: Set prerequisite for Scheduling recurring updates on Azure virtual machines. •Add a tag to resource groups •Add a tag to resources •Add or replace a tag on resource groups •Add or replace a tag on resources •Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities •Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity •Configure Advanced Threat Protection to be enabled on Azure database for MariaDB servers •Configure Advanced Threat Protection to be enabled on Azure database for MySQL flexible servers •Configure Advanced Threat Protection to be enabled on Azure database for MySQL servers •Configure Advanced Threat Protection to be enabled on Azure database for PostgreSQL flexible servers •Configure Advanced Threat Protection to be enabled on Azure database for PostgreSQL servers •Configure App Configuration stores to disable local authentication methods •Configure App Configuration to disable public network access •Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL and DCR with a Log Analytics workspace •Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace •Configure Azure Automation account to disable local authentication •Configure Azure Automation accounts to disable public network access •Configure Azure Cache for Redis Enterprise with private endpoints •Configure Azure Databricks Workspaces with private endpoints •Configure Azure Device Update for IoT Hub accounts to disable public network access •Configure Azure Device Update for IoT Hub accounts to use private DNS zones •Configure Azure Device Update for IoT Hub accounts with private endpoint •Configure Azure File Sync with private endpoints •Configure Azure HDInsight clusters with private endpoints •Configure Azure IoT Hub to disable local authentication •Configure Azure Machine Learning Computes to disable local authentication methods •Configure Azure Machine Learning Workspaces to disable public network access •Configure Azure Managed Grafana workspaces to disable public network access •Configure Azure Managed Grafana workspaces with private endpoints •Configure Azure Monitor Private Link Scope to block access to non private link resources •Configure Azure Monitor Private Link Scopes with private endpoints •Configure Azure Synapse Workspace Dedicated SQL minimum TLS version •Configure Azure Synapse workspaces to disable public network access •Configure Azure Synapse workspaces with private endpoints •Configure Azure Virtual Desktop hostpools with private endpoints •Configure Azure Virtual Desktop workspaces with private endpoints •Configure Batch accounts to disable local authentication •Configure Batch accounts to disable public network access •Configure Batch accounts with private endpoints •Configure Cognitive Services accounts to disable local authentication methods •Configure Cognitive Services accounts to disable public network access •Configure container registries to disable anonymous authentication. •Configure container registries to disable ARM audience token authentication. •Configure container registries to disable local admin account. •Configure Container registries to disable public network access •Configure container registries to disable repository scoped access token. •Configure Container registries with private endpoints •Configure CosmosDB accounts to disable public network access •Configure CosmosDB accounts with private endpoints •Configure disk access resources with private endpoints •Configure installation of Flux extension on Kubernetes cluster •Configure IoT Hub device provisioning instances to use private DNS zones •Configure IoT Hub device provisioning service instances to disable public network access •Configure IoT Hub device provisioning service instances with private endpoints •Configure Kubernetes clusters with Flux v2 configuration using Bucket source and secrets in KeyVault •Configure Kubernetes clusters with Flux v2 configuration using Git repository and HTTPS CA Certificate •Configure Kubernetes clusters with Flux v2 configuration using Git repository and HTTPS secrets •Configure Kubernetes clusters with Flux v2 configuration using Git repository and local secrets •Configure Kubernetes clusters with Flux v2 configuration using Git repository and SSH secrets •Configure Kubernetes clusters with Flux v2 configuration using public Git repository •Configure Kubernetes clusters with specified Flux v2 Bucket source using local secrets •Configure Kubernetes clusters with specified GitOps configuration using HTTPS secrets •Configure Kubernetes clusters with specified GitOps configuration using no secrets •Configure Kubernetes clusters with specified GitOps configuration using SSH secrets •Configure Log Analytics workspace and automation account to centralize logs and monitoring •Configure managed disks to disable public network access •Configure network security groups to enable traffic analytics •Configure network security groups to use specific workspace, storage account and flowlog retention policy for traffic analytics •Configure Packet Core Control Plane diagnostic access to use authentication type Microsoft EntraID •Configure periodic checking for missing system updates on azure virtual machines •Configure private endpoint connections on Azure Automation accounts •Configure private endpoints for App Configuration •Configure Private Link for Azure AD with private endpoints •Configure secure communication protocols(TLS 1.1 or TLS 1.2) on Windows machines •Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a Log Analytics workspace •Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace •Configure subscriptions to set up preview features •Configure Synapse Workspaces to use only Microsoft Entra identities for authentication •Configure Synapse Workspaces to use only Microsoft Entra identities for authentication during workspace creation •Configure the Microsoft Defender for SQL Log Analytics workspace •Configure virtual machines to be onboarded to Azure Automanage •Configure virtual machines to be onboarded to Azure Automanage with Custom Configuration Profile •Configure virtual network to enable Flow Log and Traffic Analytics •Configure virtual networks to enforce workspace, storage account and retention interval for Flow logs and Traffic Analytics •Create and assign a built-in user-assigned managed identity •Deploy - Configure Azure IoT Hubs to use private DNS zones •Deploy - Configure Azure IoT Hubs with private endpoints •Deploy - Configure diagnostic settings to an Event Hub to be enabled on Azure Key Vault Managed HSM •Deploy - Configure IoT Central to use private DNS zones •Deploy - Configure IoT Central with private endpoints •Deploy a flow log resource with target network security group •Deploy a Flow Log resource with target virtual network •Deploy associations for a custom provider •Deploy associations for a managed application •Deploy Diagnostic Settings for Azure SQL Database to Event Hub •Deploy Diagnostic Settings for Batch Account to Event Hub •Deploy Diagnostic Settings for Data Lake Analytics to Event Hub •Deploy Diagnostic Settings for Data Lake Storage Gen1 to Event Hub •Deploy Diagnostic Settings for Event Hub to Event Hub •Deploy Diagnostic Settings for Key Vault to Event Hub •Deploy Diagnostic Settings for Logic Apps to Event Hub •Deploy Diagnostic Settings for Search Services to Event Hub •Deploy Diagnostic Settings for Service Bus to Event Hub •Deploy Diagnostic Settings for Stream Analytics to Event Hub •Deploy export to Event Hub as a trusted service for Microsoft Defender for Cloud data •Deploy export to Event Hub for Microsoft Defender for Cloud data •Deploy export to Log Analytics workspace for Microsoft Defender for Cloud data •Deploy Planned Maintenance to schedule and control upgrades for your Azure Kubernetes Service (AKS) cluster •Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs •Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs •Deploy Workflow Automation for Microsoft Defender for Cloud alerts •Deploy Workflow Automation for Microsoft Defender for Cloud recommendations •Deploy Workflow Automation for Microsoft Defender for Cloud regulatory compliance •Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with custom workspace. •Enable Security Center's auto provisioning of the Log Analytics agent on your subscriptions with default workspace. •Inherit a tag from the resource group •Inherit a tag from the resource group if missing •Inherit a tag from the subscription •Inherit a tag from the subscription if missing •Modify - Configure Azure File Sync to disable public network access •Modify - Configure Azure IoT Hubs to disable public network access •Modify - Configure IoT Central to disable public network access •Modify API Management to disable username and password authentication •Protect your data with authentication requirements when exporting or uploading to a disk or snapshot. •Schedule recurring updates using Azure Update Manager | ||
6cd4ddd5-44f4-45bf-853e-a23e79738ce8 | Copilot for Azure User | Enables users access to Copilot for Azure. | False |
00003 effective control plane and data plane operations (unique) •action: 1 •read: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 2 •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.PortalServices/copilotSettings/conversations/action | |||
fbdf93bf-df7d-467e-a4d2-9458aa1360c8 | Cosmos DB Account Reader Role | Can read Azure Cosmos DB Accounts data | False |
00199 effective control plane operations (unique) •action: 4 •read: 194 •write: 1 |
Actions: 007 resolved operations: 199 effective operations: 199 •action: 4 •read: 194 •write: 1 •Microsoft.Authorization/*/read •Microsoft.DocumentDB/*/read •Microsoft.DocumentDB/databaseAccounts/readonlykeys/action •Microsoft.Insights/MetricDefinitions/read •Microsoft.Insights/Metrics/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
230815da-be43-4aae-9cb4-875f7bd000aa | Cosmos DB Operator | Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings. | False |
00310 effective control plane operations (unique) •: 1 •action: 54 •delete: 28 •read: 179 •write: 48 |
Actions: 008 resolved operations: 329 effective operations: 310 •: 1 •action: 54 •delete: 28 •read: 179 •write: 48 •Microsoft.DocumentDb/databaseAccounts/* •Microsoft.Insights/alertRules/* •Microsoft.Authorization/*/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | NotActions: 013 resolved not operations: 19 effective not operations: 15882 •Microsoft.DocumentDB/databaseAccounts/dataTransferJobs/* •Microsoft.DocumentDB/databaseAccounts/readonlyKeys/* •Microsoft.DocumentDB/databaseAccounts/regenerateKey/* •Microsoft.DocumentDB/databaseAccounts/listKeys/* •Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/* •Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write •Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/delete •Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write •Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/delete •Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/write •Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/delete •Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/write •Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/delete | |||
db7b14f2-5adf-42da-9f96-f2ee17bab5cb | CosmosBackupOperator | Can submit restore request for a Cosmos DB database or a container for an account | False |
00002 effective control plane operations (unique) •action: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •action: 2 •Microsoft.DocumentDB/databaseAccounts/backup/action •Microsoft.DocumentDB/databaseAccounts/restore/action | ||||
5432c526-bc82-444a-b7ba-57c5b0b5b34f | CosmosRestoreOperator | Can perform restore action for Cosmos DB database account with continuous backup mode | False |
00002 effective control plane operations (unique) •action: 1 •read: 1 |
Actions: 003 resolved operations: 2 effective operations: 2 •action: 1 •read: 1 •Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action •Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/read •Microsoft.DocumentDB/locations/restorableDatabaseAccounts/read | ||||
434105ed-43f6-45c7-a02f-909b2ba83430 | Cost Management Contributor | Can view costs and manage cost configuration (e.g. budgets, exports) | False |
00091 effective control plane operations (unique) •action: 20 •delete: 4 •read: 60 •write: 7 |
Actions: 010 resolved operations: 91 effective operations: 91 •action: 20 •delete: 4 •read: 60 •write: 7 •Microsoft.Consumption/* •Microsoft.CostManagement/* •Microsoft.Billing/billingPeriods/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •Microsoft.Advisor/configurations/read •Microsoft.Advisor/recommendations/read •Microsoft.Management/managementGroups/read •Microsoft.Billing/billingProperty/read | ||||
72fafb9e-0641-4937-9268-a91bfd8191a3 | Cost Management Reader | Can view cost data and configuration (e.g. budgets, exports) | False |
00064 effective control plane operations (unique) •action: 3 •read: 60 •write: 1 |
Actions: 010 resolved operations: 64 effective operations: 64 •action: 3 •read: 60 •write: 1 •Microsoft.Consumption/*/read •Microsoft.CostManagement/*/read •Microsoft.Billing/billingPeriods/read •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •Microsoft.Advisor/configurations/read •Microsoft.Advisor/recommendations/read •Microsoft.Management/managementGroups/read •Microsoft.Billing/billingProperty/read | ||||
399c3b2b-64c2-4ff1-af34-571db925b068 | CrossConnectionManager | Allows for read, write access to ExpressRoute CrossConnections | False |
00018 effective control plane operations (unique) •action: 2 •delete: 2 •read: 10 •write: 4 |
Actions: 003 resolved operations: 19 effective operations: 18 •action: 2 •delete: 2 •read: 10 •write: 4 •Microsoft.ClassicNetwork/expressRouteCrossConnections/* •Microsoft.Network/expressRouteCrossConnections/* •Microsoft.Features/providers/features/read | NotActions: 001 resolved not operations: 1 effective not operations: 16174 •Microsoft.Network/expressRouteCrossConnections/delete | |||
b6ee44de-fe58-4ddc-b5c2-ab174eb23f05 | CrossConnectionReader | Allows for read access to ExpressRoute CrossConnections | False |
00008 effective control plane operations (unique) •read: 8 |
Actions: 003 resolved operations: 8 effective operations: 8 •read: 8 •Microsoft.ClassicNetwork/expressRouteCrossConnections/*/read •Microsoft.Network/expressRouteCrossConnections/*/read •Microsoft.Features/providers/features/read | ||||
d1a38570-4b05-4d70-b8e4-1100bcf76d12 | Data Boundary Tenant Administrator | Allows tenant level administration for data boundaries. | False |
00038 effective control plane operations (unique) •action: 4 •delete: 1 •read: 31 •write: 2 |
Actions: 004 resolved operations: 38 effective operations: 38 •action: 4 •delete: 1 •read: 31 •write: 2 •Microsoft.Resources/dataBoundaries/write •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
add466c9-e687-43fc-8d98-dfcf8d720be5 | Data Box Contributor | Lets you manage everything under Data Box Service except giving access to others. | False |
00071 effective control plane operations (unique) •action: 21 •delete: 3 •read: 43 •write: 4 |
Actions: 006 resolved operations: 71 effective operations: 71 •action: 21 •delete: 3 •read: 43 •write: 4 •Microsoft.Authorization/*/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •Microsoft.Databox/* | ||||
028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027 | Data Box Reader | Lets you manage Data Box Service except creating order or editing order details and giving access to others. | False |
00049 effective control plane operations (unique) •action: 9 •read: 39 •write: 1 |
Actions: 010 resolved operations: 49 effective operations: 49 •action: 9 •read: 39 •write: 1 •Microsoft.Authorization/*/read •Microsoft.Databox/*/read •Microsoft.Databox/jobs/listsecrets/action •Microsoft.Databox/jobs/listcredentials/action •Microsoft.Databox/locations/availableSkus/action •Microsoft.Databox/locations/validateInputs/action •Microsoft.Databox/locations/regionConfiguration/action •Microsoft.Databox/locations/validateAddress/action •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Support/* | ||||
673868aa-7521-48a0-acc6-0f60742d39f5 | Data Factory Contributor | Create and manage data factories, as well as child resources within them. | False |
00218 effective control plane operations (unique) •: 1 •action: 66 •delete: 24 •read: 96 •write: 31 |
Actions: 009 resolved operations: 218 effective operations: 218 •: 1 •action: 66 •delete: 24 •read: 96 •write: 31 •Microsoft.Authorization/*/read •Microsoft.DataFactory/dataFactories/* •Microsoft.DataFactory/factories/* •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •Microsoft.EventGrid/eventSubscriptions/write | count: 002 •Configure Data Factories to disable public network access •Configure private endpoints for Data factories | |||
c6decf44-fd0a-444c-a844-d653c394e7ab | Data Labeling - Labeler | Can label data in Labeling. | False |
00006 effective control plane operations (unique) •read: 5 •write: 1 |
Actions: 006 resolved operations: 6 effective operations: 6 •read: 5 •write: 1 •Microsoft.MachineLearningServices/workspaces/read •Microsoft.MachineLearningServices/workspaces/experiments/runs/read •Microsoft.MachineLearningServices/workspaces/labeling/projects/read •Microsoft.MachineLearningServices/workspaces/labeling/projects/summary/read •Microsoft.MachineLearningServices/workspaces/labeling/labels/read •Microsoft.MachineLearningServices/workspaces/labeling/labels/write | ||||
47b7735b-770e-4598-a7da-8b91488b4c88 | Data Lake Analytics Developer | Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. | False |
00075 effective control plane operations (unique) •: 1 •action: 12 •delete: 4 •read: 52 •write: 6 |
Actions: 008 resolved operations: 89 effective operations: 75 •: 1 •action: 12 •delete: 4 •read: 52 •write: 6 •Microsoft.Authorization/*/read •Microsoft.BigAnalytics/accounts/* •Microsoft.DataLakeAnalytics/accounts/* •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | NotActions: 014 resolved not operations: 14 effective not operations: 16117 •Microsoft.BigAnalytics/accounts/Delete •Microsoft.BigAnalytics/accounts/TakeOwnership/action •Microsoft.BigAnalytics/accounts/Write •Microsoft.DataLakeAnalytics/accounts/Delete •Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action •Microsoft.DataLakeAnalytics/accounts/Write •Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write •Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete •Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write •Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete •Microsoft.DataLakeAnalytics/accounts/firewallRules/Write •Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete •Microsoft.DataLakeAnalytics/accounts/computePolicies/Write •Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete | |||
959f8984-c045-4866-89c7-12bf9737be2e | Data Operator for Managed Disks | Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication. | False |
00004 effective data plane operations (unique) •action: 4 |
DataActions: 004 resolved data operations: 4 effective data operations: 4 •action: 4 •Microsoft.Compute/disks/download/action •Microsoft.Compute/disks/upload/action •Microsoft.Compute/snapshots/download/action •Microsoft.Compute/snapshots/upload/action | ||||
150f5e0c-0603-4f03-8c7f-cf70034c4e90 | Data Purger | Can purge analytics data | False |
00804 effective control plane operations (unique) •Action: 2 •Read: 802 |
Actions: 004 resolved operations: 804 effective operations: 804 •Action: 2 •Read: 802 •Microsoft.Insights/components/*/read •Microsoft.Insights/components/purge/action •Microsoft.OperationalInsights/workspaces/*/read •Microsoft.OperationalInsights/workspaces/purge/action | ||||
0b6ca2e8-2cdc-4bd6-b896-aa3d8c21fc35 | Defender CSPM Storage Data Scanner | Grants access to read blobs and files. This role is used by the data scanner of Dfender CSPM. | False |
00004 effective control plane and data plane operations (unique) •read: 4 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 2 •Microsoft.Storage/storageAccounts/blobServices/containers/read •Microsoft.Storage/storageAccounts/fileServices/shares/read | DataActions: 002 resolved data operations: 2 effective data operations: 2 •read: 2 •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read •Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read | |||
8480c0f0-4509-4229-9339-7c10018cb8c4 | Defender CSPM Storage Scanner Operator | Lets you enable and configure Microsoft Defender CSPM's sensitive data discovery feature on your storage accounts. Includes an ABAC condition to limit role assignments. | True |
00056 effective control plane operations (unique) •action: 7 •delete: 3 •read: 41 •write: 5 |
Actions: 013 resolved operations: 56 effective operations: 56 •action: 7 •delete: 3 •read: 41 •write: 5 •Microsoft.Storage/storageAccounts/write •Microsoft.Storage/storageAccounts/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/read •Microsoft.Management/managementGroups/read •Microsoft.Resources/deployments/* •Microsoft.Support/* •Microsoft.Security/datascanners/read •Microsoft.Security/datascanners/write •Microsoft.Security/dataScanners/delete •Microsoft.Authorization/roleAssignments/write •Microsoft.Authorization/roleAssignments/delete | ||||
1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40 | Defender for Storage Data Scanner | Grants access to read blobs and update index tags. This role is used by the data scanner of Defender for Storage. | False |
00004 effective control plane and data plane operations (unique) •read: 3 •write: 1 |
Actions: 001 resolved operations: 1 effective operations: 1 •read: 1 •Microsoft.Storage/storageAccounts/blobServices/containers/read | DataActions: 003 resolved data operations: 3 effective data operations: 3 •read: 2 •write: 1 •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write •Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read | |||
0f641de8-0b88-4198-bdef-bd8b45ceba96 | Defender for Storage Scanner Operator | Lets you enable and configure Microsoft Defender for Storage's malware scanning and sensitive data discovery features on your storage accounts. Includes an ABAC condition to limit role assignments. | True |
00064 effective control plane operations (unique) •action: 7 •delete: 4 •read: 45 •write: 8 |
Actions: 022 resolved operations: 64 effective operations: 64 •action: 7 •delete: 4 •read: 45 •write: 8 •Microsoft.Authorization/roleAssignments/write conditioned •Microsoft.Authorization/roleAssignments/delete conditioned •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/read •Microsoft.Management/managementGroups/read •Microsoft.Resources/deployments/* •Microsoft.Support/* •Microsoft.Security/defenderforstoragesettings/read •Microsoft.Security/defenderforstoragesettings/write •Microsoft.Security/advancedThreatProtectionSettings/read •Microsoft.Security/advancedThreatProtectionSettings/write •Microsoft.Security/datascanners/read •Microsoft.Security/datascanners/write •Microsoft.Security/dataScanners/delete •Microsoft.Storage/storageAccounts/write •Microsoft.Storage/storageAccounts/read •Microsoft.EventGrid/topics/read •Microsoft.EventGrid/eventSubscriptions/read •Microsoft.EventGrid/eventSubscriptions/write •Microsoft.EventGrid/eventSubscriptions/delete | ||||
8bb6f106-b146-4ee6-a3f9-b9c5a96e0ae5 | Defender Kubernetes Agent Operator | Grants Microsoft Defender for Cloud permissions to provision the Kubernetes defender security agent | False |
00060 effective control plane operations (unique) •: 1 •Action: 11 •Delete: 3 •read: 39 •Write: 6 |
Actions: 019 resolved operations: 60 effective operations: 60 •: 1 •Action: 11 •Delete: 3 •read: 39 •Write: 6 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/resourceGroups/write •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.Resources/subscriptions/read •Microsoft.KubernetesConfiguration/extensions/write •Microsoft.KubernetesConfiguration/extensions/read •Microsoft.KubernetesConfiguration/extensions/delete •Microsoft.KubernetesConfiguration/extensions/operations/read •Microsoft.Kubernetes/connectedClusters/Write •Microsoft.Kubernetes/connectedClusters/read •Microsoft.OperationalInsights/workspaces/write •Microsoft.OperationalInsights/workspaces/read •Microsoft.OperationalInsights/workspaces/listKeys/action •Microsoft.OperationalInsights/workspaces/sharedkeys/action •Microsoft.Kubernetes/register/action •Microsoft.KubernetesConfiguration/register/action | count: 002 •[Preview]: Configure Azure Arc enabled Kubernetes clusters to install Microsoft Defender for Cloud extension •Configure Azure Kubernetes Service clusters to enable Defender profile | |||
8a90fa6b-6997-4a07-8a95-30633a7c97b9 | DeID Batch Data Owner | Create and manage DeID batch jobs. This role is in preview and subject to change. | False |
00003 effective data plane operations (unique) •delete: 1 •read: 1 •write: 1 |
DataActions: 003 resolved data operations: 3 effective data operations: 3 •delete: 1 •read: 1 •write: 1 •Microsoft.HealthDataAIServices/DeidServices/Batch/write •Microsoft.HealthDataAIServices/DeidServices/Batch/delete •Microsoft.HealthDataAIServices/DeidServices/Batch/read | ||||
b73a14ee-91f5-41b7-bd81-920e12466be9 | DeID Batch Data Reader | Read DeID batch jobs. This role is in preview and subject to change. | False |
00001 effective data plane operations (unique) •read: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •read: 1 •Microsoft.HealthDataAIServices/DeidServices/Batch/read | NotDataActions: 002 resolved not data operations: 2 effective not data operations: 3302 •Microsoft.HealthDataAIServices/DeidServices/Batch/write •Microsoft.HealthDataAIServices/DeidServices/Batch/delete | |||
78e4b983-1a0b-472e-8b7d-8d770f7c5890 | DeID Data Owner | Full access to DeID data. This role is in preview and subject to change | False |
00012 effective data plane operations (unique) •action: 2 •delete: 3 •read: 4 •write: 3 |
DataActions: 001 resolved data operations: 12 effective data operations: 12 •action: 2 •delete: 3 •read: 4 •write: 3 •Microsoft.HealthDataAIServices/DeidServices/* | ||||
bb6577c4-ea0a-40b2-8962-ea18cb8ecd4e | DeID Realtime Data User | Execute requests against DeID realtime endpoint. This role is in preview and subject to change. | False |
00001 effective data plane operations (unique) •action: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.HealthDataAIServices/DeidServices/Realtime/action | ||||
eb960402-bf75-4cc3-8d68-35b34f960f72 | Deployment Environments Reader | Provides read access to environment resources. | False |
00038 effective control plane and data plane operations (unique) •action: 3 •read: 35 |
Actions: 004 resolved operations: 37 effective operations: 35 •read: 35 •Microsoft.DevCenter/projects/read •Microsoft.DevCenter/projects/*/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read | NotActions: 002 resolved not operations: 2 effective not operations: 16157 •Microsoft.DevCenter/projects/pools/read •Microsoft.DevCenter/projects/pools/schedules/read | DataActions: 003 resolved data operations: 3 effective data operations: 3 •action: 3 •Microsoft.DevCenter/projects/users/environments/adminRead/action •Microsoft.DevCenter/projects/users/environments/adminActionRead/action •Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action | ||
18e40d4e-8d2e-438d-97e1-9528336e149c | Deployment Environments User | Provides access to manage environment resources. | False |
00040 effective control plane and data plane operations (unique) •action: 5 •read: 35 |
Actions: 004 resolved operations: 37 effective operations: 35 •read: 35 •Microsoft.DevCenter/projects/read •Microsoft.DevCenter/projects/*/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Authorization/*/read | NotActions: 002 resolved not operations: 2 effective not operations: 16157 •Microsoft.DevCenter/projects/pools/read •Microsoft.DevCenter/projects/pools/schedules/read | DataActions: 005 resolved data operations: 5 effective data operations: 5 •action: 5 •Microsoft.DevCenter/projects/users/environments/userRead/action •Microsoft.DevCenter/projects/users/environments/userWrite/action •Microsoft.DevCenter/projects/users/environments/userDelete/action •Microsoft.DevCenter/projects/users/environments/userActionManage/action •Microsoft.DevCenter/projects/users/environments/userOutputsRead/action | ||
97dfb3ce-e936-462c-9425-9cdb67e66d45 | Desktop Virtualization App Attach Contributor | Provide permission to manage app attach resources | False |
00050 effective control plane operations (unique) •: 1 •Action: 7 •delete: 3 •read: 36 •write: 3 |
Actions: 009 resolved operations: 50 effective operations: 50 •: 1 •Action: 7 •delete: 3 •read: 36 •write: 3 •Microsoft.DesktopVirtualization/hostpools/read •Microsoft.Resources/subscriptions/read •Microsoft.DesktopVirtualization/appattachpackages/read •Microsoft.DesktopVirtualization/appattachpackages/write •Microsoft.DesktopVirtualization/appattachpackages/delete •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
86240b0e-9422-4c43-887b-b61143f32ba8 | Desktop Virtualization Application Group Contributor | Contributor of the Desktop Virtualization Application Group. | False |
00073 effective control plane operations (unique) •: 1 •action: 11 •delete: 5 •read: 48 •write: 8 |
Actions: 008 resolved operations: 73 effective operations: 73 •: 1 •action: 11 •delete: 5 •read: 48 •write: 8 •Microsoft.DesktopVirtualization/applicationgroups/* •Microsoft.DesktopVirtualization/hostpools/read •Microsoft.DesktopVirtualization/hostpools/sessionhosts/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/* •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Support/* | ||||
aebf23d0-b568-4e86-b8f9-fe83a2c6ab55 | Desktop Virtualization Application Group Reader | Reader of the Desktop Virtualization Application Group. | False |
00049 effective control plane operations (unique) •action: 3 •read: 45 •write: 1 |
Actions: 009 resolved operations: 49 effective operations: 49 •action: 3 •read: 45 •write: 1 •Microsoft.DesktopVirtualization/applicationgroups/*/read •Microsoft.DesktopVirtualization/applicationgroups/read •Microsoft.DesktopVirtualization/hostpools/read •Microsoft.DesktopVirtualization/hostpools/sessionhosts/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/read •Microsoft.Support/* | ||||
082f0a83-3be5-4ba1-904c-961cca79b387 | Desktop Virtualization Contributor | Contributor of Desktop Virtualization. | False |
00162 effective control plane operations (unique) •: 1 •action: 30 •delete: 19 •read: 85 •write: 27 |
Actions: 006 resolved operations: 162 effective operations: 162 •: 1 •action: 30 •delete: 19 •read: 85 •write: 27 •Microsoft.DesktopVirtualization/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/* •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Support/* | ||||
e307426c-f9b6-4e81-87de-d99efb3c32bc | Desktop Virtualization Host Pool Contributor | Contributor of the Desktop Virtualization Host Pool. | False |
00106 effective control plane operations (unique) •: 1 •action: 23 •delete: 9 •read: 61 •write: 12 |
Actions: 006 resolved operations: 106 effective operations: 106 •: 1 •action: 23 •delete: 9 •read: 61 •write: 12 •Microsoft.DesktopVirtualization/hostpools/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/* •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Support/* | count: 002 •Configure Azure Virtual Desktop hostpools to disable public network access •Configure Azure Virtual Desktop hostpools to disable public network access only for session hosts | |||
ceadfde2-b300-400a-ab7b-6143895aa822 | Desktop Virtualization Host Pool Reader | Reader of the Desktop Virtualization Host Pool. | False |
00062 effective control plane operations (unique) •action: 3 •read: 58 •write: 1 |
Actions: 007 resolved operations: 62 effective operations: 62 •action: 3 •read: 58 •write: 1 •Microsoft.DesktopVirtualization/hostpools/*/read •Microsoft.DesktopVirtualization/hostpools/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/read •Microsoft.Support/* | ||||
489581de-a3bd-480d-9518-53dea7416b33 | Desktop Virtualization Power On Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start virtual machines. | False |
00055 effective control plane operations (unique) •: 1 •Action: 9 •Delete: 2 •read: 41 •Write: 2 |
Actions: 014 resolved operations: 55 effective operations: 55 •: 1 •Action: 9 •Delete: 2 •read: 41 •Write: 2 •Microsoft.Compute/virtualMachines/start/action •Microsoft.Compute/virtualMachines/read •Microsoft.Compute/virtualMachines/instanceView/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.HybridCompute/machines/read •Microsoft.HybridCompute/operations/read •Microsoft.HybridCompute/locations/operationresults/read •Microsoft.HybridCompute/locations/operationstatus/read •Microsoft.AzureStackHCI/virtualMachineInstances/read •Microsoft.AzureStackHCI/virtualMachineInstances/start/action •Microsoft.AzureStackHCI/operations/read | ||||
40c5ff49-9181-41f8-ae61-143b0e78555e | Desktop Virtualization Power On Off Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. | False |
00078 effective control plane operations (unique) •: 1 •Action: 25 •delete: 3 •read: 45 •write: 4 |
Actions: 037 resolved operations: 78 effective operations: 78 •: 1 •Action: 25 •delete: 3 •read: 45 •write: 4 •Microsoft.Authorization/*/read •Microsoft.AzureStackHCI/operations/read •Microsoft.AzureStackHCI/virtualMachineInstances/read •Microsoft.AzureStackHCI/virtualMachineInstances/restart/action •Microsoft.AzureStackHCI/virtualMachineInstances/start/action •Microsoft.AzureStackHCI/virtualMachineInstances/stop/action •Microsoft.Compute/virtualMachines/deallocate/action •Microsoft.Compute/virtualMachines/instanceView/read •Microsoft.Compute/virtualMachines/powerOff/action •Microsoft.Compute/virtualMachines/read •Microsoft.Compute/virtualMachines/restart/action •Microsoft.Compute/virtualMachines/start/action •Microsoft.ComputeSchedule/locations/virtualMachinesCancelOperations/action •Microsoft.ComputeSchedule/locations/virtualMachinesExecuteDeallocate/action •Microsoft.ComputeSchedule/locations/virtualMachinesExecuteHibernate/action •Microsoft.ComputeSchedule/locations/virtualMachinesExecuteStart/action •Microsoft.ComputeSchedule/locations/virtualMachinesGetOperationErrors/action •Microsoft.ComputeSchedule/locations/virtualMachinesGetOperationStatus/action •Microsoft.ComputeSchedule/locations/virtualMachinesSubmitDeallocate/action •Microsoft.ComputeSchedule/locations/virtualMachinesSubmitHibernate/action •Microsoft.ComputeSchedule/locations/virtualMachinesSubmitStart/action •Microsoft.ComputeSchedule/register/action •Microsoft.DesktopVirtualization/hostpools/read •Microsoft.DesktopVirtualization/hostpools/sessionhosts/read •Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/delete •Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/read •Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/sendMessage/action •Microsoft.DesktopVirtualization/hostpools/sessionhosts/write •Microsoft.DesktopVirtualization/hostpools/write •Microsoft.HybridCompute/locations/operationresults/read •Microsoft.HybridCompute/locations/operationstatus/read •Microsoft.HybridCompute/machines/read •Microsoft.HybridCompute/operations/read •Microsoft.Insights/alertRules/* •Microsoft.Insights/eventtypes/values/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
49a72310-ab8d-41df-bbb0-79b649203868 | Desktop Virtualization Reader | Reader of Desktop Virtualization. | False |
00086 effective control plane operations (unique) •action: 3 •read: 82 •write: 1 |
Actions: 006 resolved operations: 86 effective operations: 86 •action: 3 •read: 82 •write: 1 •Microsoft.DesktopVirtualization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/read •Microsoft.Support/* | ||||
2ad6aaab-ead9-4eaa-8ac5-da422f562408 | Desktop Virtualization Session Host Operator | Operator of the Desktop Virtualization Session Host. | False |
00065 effective control plane operations (unique) •: 1 •action: 13 •delete: 4 •read: 42 •write: 5 |
Actions: 007 resolved operations: 65 effective operations: 65 •: 1 •action: 13 •delete: 4 •read: 42 •write: 5 •Microsoft.DesktopVirtualization/hostpools/read •Microsoft.DesktopVirtualization/hostpools/sessionhosts/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/* •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Support/* | ||||
1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63 | Desktop Virtualization User | Allows user to use the applications in an application group. | False |
00002 effective data plane operations (unique) •action: 2 |
DataActions: 002 resolved data operations: 2 effective data operations: 2 •action: 2 •Microsoft.DesktopVirtualization/applicationGroups/useApplications/action •Microsoft.DesktopVirtualization/appAttachPackages/useApplications/action | ||||
ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6 | Desktop Virtualization User Session Operator | Operator of the Desktop Virtualization User Session. | False |
00062 effective control plane operations (unique) •: 1 •action: 12 •delete: 3 •read: 42 •write: 4 |
Actions: 008 resolved operations: 62 effective operations: 62 •: 1 •action: 12 •delete: 3 •read: 42 •write: 4 •Microsoft.DesktopVirtualization/hostpools/read •Microsoft.DesktopVirtualization/hostpools/sessionhosts/read •Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/* •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Support/* | ||||
a959dbd1-f747-45e3-8ba6-dd80f235f97c | Desktop Virtualization Virtual Machine Contributor | This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines. | False |
00099 effective control plane operations (unique) •: 1 •action: 20 •delete: 7 •read: 60 •write: 11 |
Actions: 059 resolved operations: 99 effective operations: 99 •: 1 •action: 20 •delete: 7 •read: 60 •write: 11 •Microsoft.DesktopVirtualization/hostpools/read •Microsoft.DesktopVirtualization/hostpools/write •Microsoft.DesktopVirtualization/hostpools/retrieveRegistrationToken/action •Microsoft.DesktopVirtualization/hostpools/sessionhosts/read •Microsoft.DesktopVirtualization/hostpools/sessionhosts/write •Microsoft.DesktopVirtualization/hostpools/sessionhosts/delete •Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/read •Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/disconnect/action •Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions/sendMessage/action •Microsoft.DesktopVirtualization/hostpools/sessionHostConfigurations/read •Microsoft.DesktopVirtualization/hostpools/doNotUseInternalAPI/action •Microsoft.DesktopVirtualization/hostpools/sessionhosts/retryprovisioning/action •Microsoft.Compute/availabilitySets/read •Microsoft.Compute/availabilitySets/write •Microsoft.Compute/availabilitySets/vmSizes/read •Microsoft.Compute/disks/read •Microsoft.Compute/disks/write •Microsoft.Compute/disks/delete •Microsoft.Compute/galleries/read •Microsoft.Compute/galleries/images/read •Microsoft.Compute/galleries/images/versions/read •Microsoft.Compute/images/read •Microsoft.Compute/locations/usages/read •Microsoft.Compute/locations/vmSizes/read •Microsoft.Compute/operations/read •Microsoft.Compute/skus/read •Microsoft.Compute/virtualMachines/read •Microsoft.Compute/virtualMachines/write •Microsoft.Compute/virtualMachines/delete •Microsoft.Compute/virtualMachines/start/action •Microsoft.Compute/virtualMachines/powerOff/action •Microsoft.Compute/virtualMachines/restart/action •Microsoft.Compute/virtualMachines/deallocate/action •Microsoft.Compute/virtualMachines/runCommand/action •Microsoft.Compute/virtualMachines/extensions/read •Microsoft.Compute/virtualMachines/extensions/write •Microsoft.Compute/virtualMachines/extensions/delete •Microsoft.Compute/virtualMachines/runCommands/read •Microsoft.Compute/virtualMachines/runCommands/write •Microsoft.Compute/virtualMachines/vmSizes/read •Microsoft.Network/networkSecurityGroups/read •Microsoft.Network/networkInterfaces/write •Microsoft.Network/networkInterfaces/read •Microsoft.Network/networkInterfaces/join/action •Microsoft.Network/networkInterfaces/delete •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/virtualNetworks/subnets/join/action •Microsoft.Network/virtualNetworks/usages/read •Microsoft.Network/virtualNetworks/read •Microsoft.Network/networkSecurityGroups/read •Microsoft.Marketplace/offerTypes/publishers/offers/plans/agreements/read •Microsoft.KeyVault/vaults/deploy/action •Microsoft.Storage/storageAccounts/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.DesktopVirtualization/scalingPlans/read •Microsoft.DesktopVirtualization/scalingPlans/write | ||||
21efdde3-836f-432b-bf3d-3e8e734d4b2b | Desktop Virtualization Workspace Contributor | Contributor of the Desktop Virtualization Workspace. | False |
00072 effective control plane operations (unique) •: 1 •action: 12 •delete: 5 •read: 47 •write: 7 |
Actions: 007 resolved operations: 72 effective operations: 72 •: 1 •action: 12 •delete: 5 •read: 47 •write: 7 •Microsoft.DesktopVirtualization/workspaces/* •Microsoft.DesktopVirtualization/applicationgroups/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/* •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Support/* | count: 001 •Configure Azure Virtual Desktop workspaces to disable public network access | |||
0fa44ee9-7a7d-466b-9bb2-2bf446b1204d | Desktop Virtualization Workspace Reader | Reader of the Desktop Virtualization Workspace. | False |
00042 effective control plane operations (unique) •action: 3 •read: 38 •write: 1 |
Actions: 007 resolved operations: 42 effective operations: 42 •action: 3 •read: 38 •write: 1 •Microsoft.DesktopVirtualization/workspaces/read •Microsoft.DesktopVirtualization/applicationgroups/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/deployments/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/read •Microsoft.Support/* | ||||
45d50f46-0b78-4001-a660-4198cbe8cd05 | DevCenter Dev Box User | Provides access to create and manage dev boxes. | False |
00048 effective control plane and data plane operations (unique) •action: 11 •read: 37 |
Actions: 004 resolved operations: 37 effective operations: 37 •read: 37 •Microsoft.DevCenter/projects/read •Microsoft.DevCenter/projects/*/read •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read | DataActions: 011 resolved data operations: 11 effective data operations: 11 •action: 11 •Microsoft.DevCenter/projects/users/devboxes/userStop/action •Microsoft.DevCenter/projects/users/devboxes/userStart/action •Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action •Microsoft.DevCenter/projects/users/devboxes/userRead/action •Microsoft.DevCenter/projects/users/devboxes/userWrite/action •Microsoft.DevCenter/projects/users/devboxes/userDelete/action •Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionRead/action •Microsoft.DevCenter/projects/users/devboxes/userUpcomingActionManage/action •Microsoft.DevCenter/projects/users/devboxes/userActionRead/action •Microsoft.DevCenter/projects/users/devboxes/userActionManage/action •Microsoft.DevCenter/projects/users/devboxes/userCustomize/action | |||
331c37c6-af14-46d9-b9f4-e1909e1b95a0 | DevCenter Project Admin | Provides access to manage project resources. | False |
00082 effective control plane and data plane operations (unique) •action: 32 •delete: 5 •read: 40 •write: 5 |
Actions: 004 resolved operations: 61 effective operations: 59 •action: 9 •delete: 5 •read: 40 •write: 5 •Microsoft.DevCenter/projects/* •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | NotActions: 002 resolved not operations: 2 effective not operations: 16133 •Microsoft.DevCenter/projects/write •Microsoft.DevCenter/projects/delete | DataActions: 023 resolved data operations: 23 effective data operations: 23 •action: 23 •Microsoft.DevCenter/projects/users/devboxes/adminStart/action •Microsoft.DevCenter/projects/users/devboxes/adminStop/action •Microsoft.DevCenter/projects/users/devboxes/adminRead/action •Microsoft.DevCenter/projects/users/devboxes/adminWrite/action •Microsoft.DevCenter/projects/users/devboxes/adminDelete/action •Microsoft.DevCenter/projects/users/devboxes/userStop/action •Microsoft.DevCenter/projects/users/devboxes/userStart/action •Microsoft.DevCenter/projects/users/devboxes/userGetRemoteConnection/action •Microsoft.DevCenter/projects/users/devboxes/userRead/action •Microsoft.DevCenter/projects/users/devboxes/userWrite/action •Microsoft.DevCenter/projects/users/devboxes/userDelete/action •Microsoft.DevCenter/projects/users/devboxes/userActionRead/action •Microsoft.DevCenter/projects/users/devboxes/userActionManage/action •Microsoft.DevCenter/projects/users/devboxes/userCustomize/action •Microsoft.DevCenter/projects/users/environments/adminRead/action •Microsoft.DevCenter/projects/users/environments/userWrite/action •Microsoft.DevCenter/projects/users/environments/adminWrite/action •Microsoft.DevCenter/projects/users/environments/userDelete/action •Microsoft.DevCenter/projects/users/environments/adminDelete/action •Microsoft.DevCenter/projects/users/environments/adminAction/action •Microsoft.DevCenter/projects/users/environments/adminActionRead/action •Microsoft.DevCenter/projects/users/environments/adminActionManage/action •Microsoft.DevCenter/projects/users/environments/adminOutputsRead/action | ||
dfce44e4-17b7-4bd1-a6d1-04996ec95633 | Device Provisioning Service Data Contributor | Allows for full access to Device Provisioning Service data-plane operations. | False |
00009 effective data plane operations (unique) •action: 1 •delete: 3 •read: 3 •write: 2 |
DataActions: 001 resolved data operations: 9 effective data operations: 9 •action: 1 •delete: 3 •read: 3 •write: 2 •Microsoft.Devices/provisioningServices/* | ||||
10745317-c249-44a1-a5ce-3a4353c0bbd8 | Device Provisioning Service Data Reader | Allows for full read access to Device Provisioning Service data-plane properties. | False |
00003 effective data plane operations (unique) •read: 3 |
DataActions: 001 resolved data operations: 3 effective data operations: 3 •read: 3 •Microsoft.Devices/provisioningServices/*/read | ||||
02ca0879-e8e4-47a5-a61e-5c618b76e64a | Device Update Administrator | Gives you full access to management and content operations | False |
00061 effective control plane and data plane operations (unique) •: 1 •Action: 10 •delete: 4 •read: 41 •write: 5 |
Actions: 005 resolved operations: 55 effective operations: 55 •: 1 •Action: 10 •Delete: 2 •read: 39 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •Microsoft.Insights/alertRules/* | DataActions: 006 resolved data operations: 6 effective data operations: 6 •delete: 2 •read: 2 •write: 2 •Microsoft.DeviceUpdate/accounts/instances/updates/read •Microsoft.DeviceUpdate/accounts/instances/updates/write •Microsoft.DeviceUpdate/accounts/instances/updates/delete •Microsoft.DeviceUpdate/accounts/instances/management/read •Microsoft.DeviceUpdate/accounts/instances/management/write •Microsoft.DeviceUpdate/accounts/instances/management/delete | |||
0378884a-3af5-44ab-8323-f5b22f9f3c98 | Device Update Content Administrator | Gives you full access to content operations | False |
00058 effective control plane and data plane operations (unique) •: 1 •Action: 10 •delete: 3 •read: 40 •write: 4 |
Actions: 005 resolved operations: 55 effective operations: 55 •: 1 •Action: 10 •Delete: 2 •read: 39 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •Microsoft.Insights/alertRules/* | DataActions: 003 resolved data operations: 3 effective data operations: 3 •delete: 1 •read: 1 •write: 1 •Microsoft.DeviceUpdate/accounts/instances/updates/read •Microsoft.DeviceUpdate/accounts/instances/updates/write •Microsoft.DeviceUpdate/accounts/instances/updates/delete | |||
d1ee9a80-8b14-47f0-bdc2-f4a351625a7b | Device Update Content Reader | Gives you read access to content operations, but does not allow making changes | False |
00056 effective control plane and data plane operations (unique) •: 1 •Action: 10 •Delete: 2 •read: 40 •Write: 3 |
Actions: 005 resolved operations: 55 effective operations: 55 •: 1 •Action: 10 •Delete: 2 •read: 39 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •Microsoft.Insights/alertRules/* | DataActions: 001 resolved data operations: 1 effective data operations: 1 •read: 1 •Microsoft.DeviceUpdate/accounts/instances/updates/read | |||
e4237640-0e3d-4a46-8fda-70bc94856432 | Device Update Deployments Administrator | Gives you full access to management operations | False |
00059 effective control plane and data plane operations (unique) •: 1 •Action: 10 •delete: 3 •read: 41 •write: 4 |
Actions: 005 resolved operations: 55 effective operations: 55 •: 1 •Action: 10 •Delete: 2 •read: 39 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •Microsoft.Insights/alertRules/* | DataActions: 004 resolved data operations: 4 effective data operations: 4 •delete: 1 •read: 2 •write: 1 •Microsoft.DeviceUpdate/accounts/instances/management/read •Microsoft.DeviceUpdate/accounts/instances/management/write •Microsoft.DeviceUpdate/accounts/instances/management/delete •Microsoft.DeviceUpdate/accounts/instances/updates/read | |||
49e2f5d2-7741-4835-8efa-19e1fe35e47f | Device Update Deployments Reader | Gives you read access to management operations, but does not allow making changes | False |
00057 effective control plane and data plane operations (unique) •: 1 •Action: 10 •Delete: 2 •read: 41 •Write: 3 |
Actions: 005 resolved operations: 55 effective operations: 55 •: 1 •Action: 10 •Delete: 2 •read: 39 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •Microsoft.Insights/alertRules/* | DataActions: 002 resolved data operations: 2 effective data operations: 2 •read: 2 •Microsoft.DeviceUpdate/accounts/instances/management/read •Microsoft.DeviceUpdate/accounts/instances/updates/read | |||
e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f | Device Update Reader | Gives you read access to management and content operations, but does not allow making changes | False |
00057 effective control plane and data plane operations (unique) •: 1 •Action: 10 •Delete: 2 •read: 41 •Write: 3 |
Actions: 005 resolved operations: 55 effective operations: 55 •: 1 •Action: 10 •Delete: 2 •read: 39 •Write: 3 •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •Microsoft.Insights/alertRules/* | DataActions: 002 resolved data operations: 2 effective data operations: 2 •read: 2 •Microsoft.DeviceUpdate/accounts/instances/updates/read •Microsoft.DeviceUpdate/accounts/instances/management/read | |||
76283e04-6283-4c54-8f91-bcf1374a3c64 | DevTest Labs User | Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. | False |
00101 effective control plane operations (unique) •action: 16 •delete: 1 •read: 82 •write: 2 |
Actions: 032 resolved operations: 102 effective operations: 101 •action: 16 •delete: 1 •read: 82 •write: 2 •Microsoft.Authorization/*/read •Microsoft.Compute/availabilitySets/read •Microsoft.Compute/virtualMachines/*/read •Microsoft.Compute/virtualMachines/deallocate/action •Microsoft.Compute/virtualMachines/read •Microsoft.Compute/virtualMachines/restart/action •Microsoft.Compute/virtualMachines/start/action •Microsoft.DevTestLab/*/read •Microsoft.DevTestLab/labs/claimAnyVm/action •Microsoft.DevTestLab/labs/createEnvironment/action •Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action •Microsoft.DevTestLab/labs/formulas/delete •Microsoft.DevTestLab/labs/formulas/read •Microsoft.DevTestLab/labs/formulas/write •Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action •Microsoft.DevTestLab/labs/virtualMachines/claim/action •Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action •Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action •Microsoft.Network/loadBalancers/backendAddressPools/join/action •Microsoft.Network/loadBalancers/inboundNatRules/join/action •Microsoft.Network/networkInterfaces/*/read •Microsoft.Network/networkInterfaces/join/action •Microsoft.Network/networkInterfaces/read •Microsoft.Network/networkInterfaces/write •Microsoft.Network/publicIPAddresses/*/read •Microsoft.Network/publicIPAddresses/join/action •Microsoft.Network/publicIPAddresses/read •Microsoft.Network/virtualNetworks/subnets/join/action •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Storage/storageAccounts/listKeys/action | NotActions: 001 resolved not operations: 1 effective not operations: 16091 •Microsoft.Compute/virtualMachines/vmSizes/read | |||
58a3b984-7adf-4c20-983a-32417c86fbc8 | DICOM Data Owner | Full access to DICOM data. | False |
00005 effective data plane operations (unique) •action: 2 •delete: 1 •read: 1 •write: 1 |
DataActions: 001 resolved data operations: 5 effective data operations: 5 •action: 2 •delete: 1 •read: 1 •write: 1 •Microsoft.HealthcareApis/workspaces/dicomservices/resources/* | ||||
e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a | DICOM Data Reader | Read and search DICOM data. | False |
00001 effective data plane operations (unique) •read: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •read: 1 •Microsoft.HealthcareApis/workspaces/dicomservices/resources/read | ||||
3e5e47e6-65f7-47ef-90b5-e5dd4d455f24 | Disk Backup Reader | Provides permission to backup vault to perform disk backup. | False |
00029 effective control plane operations (unique) •action: 1 •read: 28 |
Actions: 003 resolved operations: 29 effective operations: 29 •action: 1 •read: 28 •Microsoft.Authorization/*/read •Microsoft.Compute/disks/read •Microsoft.Compute/disks/beginGetAccess/action | ||||
136d308c-0937-4a49-9bd7-edfb42adbffc | Disk Encryption Set Operator for Managed Disks | Provides permissions to read, write or delete disk encryption sets which are used for encrypting managed disks with customer managed keys | False |
00003 effective control plane operations (unique) •delete: 1 •read: 1 •write: 1 |
Actions: 001 resolved operations: 3 effective operations: 3 •delete: 1 •read: 1 •write: 1 •Microsoft.Compute/diskEncryptionSets/* | ||||
60fc6e62-5479-42d4-8bf4-67625fcc2840 | Disk Pool Operator | Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool. | False |
00047 effective control plane operations (unique) •: 1 •Action: 7 •Delete: 2 •read: 34 •write: 3 |
Actions: 006 resolved operations: 47 effective operations: 47 •: 1 •Action: 7 •Delete: 2 •read: 34 •write: 3 •Microsoft.Compute/disks/write •Microsoft.Compute/disks/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
b50d9833-a0cb-478e-945f-707fcc997c13 | Disk Restore Operator | Provides permission to backup vault to perform disk restore. | False |
00030 effective control plane operations (unique) •read: 29 •write: 1 |
Actions: 004 resolved operations: 30 effective operations: 30 •read: 29 •write: 1 •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Compute/disks/write •Microsoft.Compute/disks/read | ||||
7efff54f-a5b4-42b5-a1c5-5411624893ce | Disk Snapshot Contributor | Provides permission to backup vault to manage disk snapshots. | False |
00038 effective control plane operations (unique) •action: 4 •delete: 2 •read: 30 •write: 2 |
Actions: 012 resolved operations: 38 effective operations: 38 •action: 4 •delete: 2 •read: 30 •write: 2 •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Compute/snapshots/delete •Microsoft.Compute/snapshots/write •Microsoft.Compute/snapshots/read •Microsoft.Compute/snapshots/beginGetAccess/action •Microsoft.Compute/snapshots/endGetAccess/action •Microsoft.Compute/disks/beginGetAccess/action •Microsoft.Storage/storageAccounts/listkeys/action •Microsoft.Storage/storageAccounts/write •Microsoft.Storage/storageAccounts/read •Microsoft.Storage/storageAccounts/delete | ||||
0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d | DNS Resolver Contributor | Lets you manage DNS resolver resources. | False |
00080 effective control plane operations (unique) •: 1 •Action: 19 •Delete: 8 •read: 43 •Write: 9 |
Actions: 041 resolved operations: 80 effective operations: 80 •: 1 •Action: 19 •Delete: 8 •read: 43 •Write: 9 •Microsoft.Network/dnsResolvers/read •Microsoft.Network/dnsResolvers/write •Microsoft.Network/dnsResolvers/delete •Microsoft.Network/dnsResolvers/join/action •Microsoft.Network/dnsResolvers/inboundEndpoints/read •Microsoft.Network/dnsResolvers/inboundEndpoints/write •Microsoft.Network/dnsResolvers/inboundEndpoints/delete •Microsoft.Network/dnsResolvers/inboundEndpoints/join/action •Microsoft.Network/dnsResolvers/outboundEndpoints/read •Microsoft.Network/dnsResolvers/outboundEndpoints/write •Microsoft.Network/dnsResolvers/outboundEndpoints/delete •Microsoft.Network/dnsResolvers/outboundEndpoints/join/action •Microsoft.Network/dnsForwardingRulesets/read •Microsoft.Network/dnsForwardingRulesets/write •Microsoft.Network/dnsForwardingRulesets/delete •Microsoft.Network/dnsForwardingRulesets/join/action •Microsoft.Network/dnsForwardingRulesets/forwardingRules/read •Microsoft.Network/dnsForwardingRulesets/forwardingRules/write •Microsoft.Network/dnsForwardingRulesets/forwardingRules/delete •Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks/read •Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks/write •Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks/delete •Microsoft.Network/locations/dnsResolverOperationResults/read •Microsoft.Network/locations/dnsResolverOperationStatuses/read •Microsoft.Network/virtualNetworks/read •Microsoft.Network/virtualNetworks/join/action •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/virtualNetworks/subnets/write •Microsoft.Network/virtualNetworks/subnets/join/action •Microsoft.Network/virtualNetworks/join/action •Microsoft.Network/virtualNetworks/joinLoadBalancer/action •Microsoft.Network/virtualNetworks/subnets/join/action •Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action •Microsoft.Network/natGateways/join/action •Microsoft.Network/networkSecurityGroups/join/action •Microsoft.Network/routeTables/join/action •Microsoft.Network/serviceEndpointPolicies/join/action •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/* •Microsoft.Insights/alertRules/* •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
befefa01-2a29-4197-83a8-272ff33ce314 | DNS Zone Contributor | Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. | False |
00102 effective control plane operations (unique) •: 1 •Action: 10 •Delete: 15 •read: 58 •Write: 18 |
Actions: 007 resolved operations: 102 effective operations: 102 •: 1 •Action: 10 •Delete: 15 •read: 58 •Write: 18 •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Network/dnsZones/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
5bd9cd88-fe45-4216-938b-f97437e15450 | DocumentDB Account Contributor | Lets you manage DocumentDB accounts, but not access to them. | False |
00329 effective control plane operations (unique) •: 1 •action: 62 •delete: 32 •read: 181 •write: 53 |
Actions: 008 resolved operations: 329 effective operations: 329 •: 1 •action: 62 •delete: 32 •read: 181 •write: 53 •Microsoft.Authorization/*/read •Microsoft.DocumentDb/databaseAccounts/* •Microsoft.Insights/alertRules/* •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* •Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | count: 003 •Configure Cosmos DB database accounts to disable local authentication •Configure CosmosDB accounts to disable public network access •Configure CosmosDB accounts with private endpoints | |||
eeaeda52-9324-47f6-8069-5d5bade478b2 | Domain Services Contributor | Can manage Azure AD Domain Services and related network configurations | False |
00120 effective control plane operations (unique) •action: 21 •delete: 14 •read: 71 •write: 14 |
Actions: 069 resolved operations: 120 effective operations: 120 •action: 21 •delete: 14 •read: 71 •write: 14 •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/deployments/delete •Microsoft.Resources/deployments/cancel/action •Microsoft.Resources/deployments/validate/action •Microsoft.Resources/deployments/whatIf/action •Microsoft.Resources/deployments/exportTemplate/action •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/operationstatuses/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Insights/AlertRules/Write •Microsoft.Insights/AlertRules/Delete •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Activated/Action •Microsoft.Insights/AlertRules/Resolved/Action •Microsoft.Insights/AlertRules/Throttled/Action •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.Insights/Logs/Read •Microsoft.Insights/Metrics/Read •Microsoft.Insights/DiagnosticSettings/* •Microsoft.Insights/DiagnosticSettingsCategories/Read •Microsoft.AAD/register/action •Microsoft.AAD/unregister/action •Microsoft.AAD/domainServices/* •Microsoft.Network/register/action •Microsoft.Network/unregister/action •Microsoft.Network/virtualNetworks/read •Microsoft.Network/virtualNetworks/write •Microsoft.Network/virtualNetworks/delete •Microsoft.Network/virtualNetworks/peer/action •Microsoft.Network/virtualNetworks/join/action •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/virtualNetworks/subnets/write •Microsoft.Network/virtualNetworks/subnets/delete •Microsoft.Network/virtualNetworks/subnets/join/action •Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read •Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write •Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete •Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read •Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read •Microsoft.Network/azureFirewalls/read •Microsoft.Network/ddosProtectionPlans/read •Microsoft.Network/ddosProtectionPlans/join/action •Microsoft.Network/loadBalancers/read •Microsoft.Network/loadBalancers/delete •Microsoft.Network/loadBalancers/*/read •Microsoft.Network/loadBalancers/backendAddressPools/join/action •Microsoft.Network/loadBalancers/inboundNatRules/join/action •Microsoft.Network/natGateways/join/action •Microsoft.Network/networkInterfaces/read •Microsoft.Network/networkInterfaces/write •Microsoft.Network/networkInterfaces/delete •Microsoft.Network/networkInterfaces/join/action •Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read •Microsoft.Network/networkSecurityGroups/read •Microsoft.Network/networkSecurityGroups/write •Microsoft.Network/networkSecurityGroups/delete •Microsoft.Network/networkSecurityGroups/join/action •Microsoft.Network/networkSecurityGroups/securityRules/read •Microsoft.Network/networkSecurityGroups/securityRules/write •Microsoft.Network/networkSecurityGroups/securityRules/delete •Microsoft.Network/routeTables/read •Microsoft.Network/routeTables/write •Microsoft.Network/routeTables/delete •Microsoft.Network/routeTables/join/action •Microsoft.Network/routeTables/routes/read •Microsoft.Network/routeTables/routes/write •Microsoft.Network/routeTables/routes/delete | ||||
361898ef-9ed1-48c2-849c-a832951106bb | Domain Services Reader | Can view Azure AD Domain Services and related network configurations | False |
00071 effective control plane operations (unique) •read: 71 |
Actions: 028 resolved operations: 71 effective operations: 71 •read: 71 •Microsoft.Authorization/*/read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/operations/read •Microsoft.Resources/deployments/operationstatuses/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Insights/AlertRules/Read •Microsoft.Insights/AlertRules/Incidents/Read •Microsoft.Insights/Logs/Read •Microsoft.Insights/Metrics/read •Microsoft.Insights/DiagnosticSettings/read •Microsoft.Insights/DiagnosticSettingsCategories/Read •Microsoft.AAD/domainServices/*/read •Microsoft.Network/virtualNetworks/read •Microsoft.Network/virtualNetworks/subnets/read •Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read •Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read •Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read •Microsoft.Network/azureFirewalls/read •Microsoft.Network/ddosProtectionPlans/read •Microsoft.Network/loadBalancers/read •Microsoft.Network/loadBalancers/*/read •Microsoft.Network/natGateways/read •Microsoft.Network/networkInterfaces/read •Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read •Microsoft.Network/networkSecurityGroups/read •Microsoft.Network/networkSecurityGroups/securityRules/read •Microsoft.Network/routeTables/read •Microsoft.Network/routeTables/routes/read | ||||
0ad04412-c4d5-4796-b79c-f76d14c8d402 | Durable Task Data Contributor | Durable Task role for all data access operations. | False |
00001 effective data plane operations (unique) •execute: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •execute: 1 •Microsoft.DurableTask/* | ||||
80d0d6b0-f522-40a4-8886-a5a11720c375 | Durable Task Worker | Used by worker applications to interact with the Durable Task service | False |
00001 effective data plane operations (unique) •execute: 1 |
DataActions: 001 resolved data operations: 1 effective data operations: 1 •execute: 1 •Microsoft.DurableTask/data/execute | ||||
fa6cecf6-5db3-4c43-8470-c540bcb4eafa | Elastic SAN Network Admin | Allows access to create Private Endpoints on SAN resources, and to read SAN resources | False |
00009 effective control plane operations (unique) •action: 1 •delete: 1 •read: 6 •write: 1 |
Actions: 005 resolved operations: 9 effective operations: 9 •action: 1 •delete: 1 •read: 6 •write: 1 •Microsoft.ElasticSan/elasticSans/*/read •Microsoft.ElasticSan/elasticSans/PrivateEndpointConnectionsApproval/action •Microsoft.ElasticSan/elasticSans/privateEndpointConnections/write •Microsoft.ElasticSan/elasticSans/privateEndpointConnections/delete •Microsoft.ElasticSan/locations/asyncoperations/read | ||||
80dcbedb-47ef-405d-95bd-188a1b4ac406 | Elastic SAN Owner | Allows for full access to all resources under Azure Elastic SAN including changing network security policies to unblock data path access | False |
00061 effective control plane operations (unique) •action: 8 •delete: 7 •read: 39 •write: 7 |
Actions: 006 resolved operations: 61 effective operations: 61 •action: 8 •delete: 7 •read: 39 •write: 7 •Microsoft.Authorization/*/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.ElasticSan/elasticSans/* •Microsoft.ElasticSan/locations/* | ||||
af6a70f8-3c9f-4105-acf1-d719e9fca4ca | Elastic SAN Reader | Allows for control path read access to Azure Elastic SAN | False |
00009 effective control plane operations (unique) •read: 9 |
Actions: 005 resolved operations: 9 effective operations: 9 •read: 9 •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.ElasticSan/elasticSans/*/read | ||||
1c4770c0-34f7-4110-a1ea-a5855cc7a939 | Elastic SAN Snapshot Exporter | Allows for creating and exporting Snapshot of Elastic San Volume | False |
00079 effective control plane operations (unique) •action: 6 •delete: 3 •read: 67 •write: 3 |
Actions: 014 resolved operations: 79 effective operations: 79 •action: 6 •delete: 3 •read: 67 •write: 3 •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.ElasticSan/elasticSans/*/read •Microsoft.ElasticSan/elasticSans/volumeGroups/snapshots/write •Microsoft.ElasticSan/elasticSans/volumeGroups/snapshots/delete •Microsoft.ElasticSan/elasticSans/volumeGroups/snapshots/beginGetAccess/action •Microsoft.ElasticSan/locations/* •Microsoft.Compute/locations/* •Microsoft.Compute/disks/read •Microsoft.Compute/disks/write •Microsoft.Compute/disks/delete •Microsoft.Compute/snapshots/read •Microsoft.Compute/snapshots/write •Microsoft.Compute/snapshots/delete | ||||
a8281131-f312-4f34-8d98-ae12be9f0d23 | Elastic SAN Volume Group Owner | Allows for full access to a volume group in Azure Elastic SAN including changing network security policies to unblock data path access | False |
00013 effective control plane operations (unique) •action: 1 •delete: 3 •read: 6 •write: 3 |
Actions: 004 resolved operations: 13 effective operations: 13 •action: 1 •delete: 3 •read: 6 •write: 3 •Microsoft.Authorization/roleAssignments/read •Microsoft.Authorization/roleDefinitions/read •Microsoft.ElasticSan/elasticSans/volumeGroups/* •Microsoft.ElasticSan/locations/asyncoperations/read | ||||
90e8b822-3e73-47b5-868a-787dc80c008f | Elastic SAN Volume Importer | Allows for Importing Elastic San Volume | False |
00075 effective control plane operations (unique) •action: 9 •delete: 1 •read: 64 •write: 1 |
Actions: 013 resolved operations: 75 effective operations: 75 •action: 9 •delete: 1 •read: 64 •write: 1 •Microsoft.Authorization/*/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.ElasticSan/elasticSans/volumeGroups/*/read •Microsoft.ElasticSan/elasticSans/volumeGroups/volumes/write •Microsoft.ElasticSan/elasticSans/volumeGroups/volumes/delete •Microsoft.ElasticSan/locations/* •Microsoft.Compute/locations/* •Microsoft.Compute/disks/read •Microsoft.Compute/disks/beginGetAccess/action •Microsoft.Compute/disks/endGetAccess/action •Microsoft.Compute/snapshots/read •Microsoft.Compute/snapshots/beginGetAccess/action •Microsoft.Compute/snapshots/endGetAccess/action | ||||
2142ea27-02ad-4094-bfea-2dbac6d24934 | Enclave Approver Role | Read all resources in Azure Virtual Enclaves and Approve approval requests within the Enclave | False |
00064 effective control plane operations (unique) •: 1 •Action: 8 •Delete: 2 •read: 50 •Write: 3 |
Actions: 023 resolved operations: 64 effective operations: 64 •: 1 •Action: 8 •Delete: 2 •read: 50 •Write: 3 •Microsoft.Mission/Operations/read •Microsoft.Mission/communities/read •Microsoft.Mission/internalConnections/read •Microsoft.Mission/virtualEnclaves/read •Microsoft.Mission/virtualEnclaves/endpoints/read •Microsoft.Mission/virtualEnclaves/workloads/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Features/providers/features/read •Microsoft.Features/features/read •Microsoft.Mission/communities/communityEndpoints/read •Microsoft.Mission/communities/transitHubs/read •Microsoft.Mission/enclaveConnections/read •Microsoft.Mission/virtualEnclaves/enclaveEndpoints/read •Microsoft.Mission/approvals/read •Microsoft.Mission/approvals/write •Microsoft.Mission/enclaveConnections/approvalCallback/action | ||||
19feefae-eacc-4106-81fd-ac34c0671f14 | Enclave Contributor Role | Enclave Contributor Role to access the resources of Microsoft.Mission stored with RPSAAS. | False |
00061 effective control plane operations (unique) •action: 2 •read: 49 •write: 10 |
Actions: 035 resolved operations: 61 effective operations: 61 •action: 2 •read: 49 •write: 10 •Microsoft.Mission/register/action •Microsoft.Mission/unregister/action •Microsoft.Mission/Locations/OperationStatuses/read •Microsoft.Mission/Locations/OperationStatuses/write •Microsoft.Mission/Operations/read •Microsoft.Mission/catalogs/read •Microsoft.Mission/catalogs/write •Microsoft.Mission/communities/read •Microsoft.Mission/internalConnections/read •Microsoft.Mission/internalConnections/write •Microsoft.Mission/virtualEnclaves/read •Microsoft.Mission/virtualEnclaves/write •Microsoft.Mission/virtualEnclaves/endpoints/read •Microsoft.Mission/virtualEnclaves/endpoints/write •Microsoft.Mission/virtualEnclaves/workloads/read •Microsoft.Mission/virtualEnclaves/workloads/write •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Features/providers/features/read •Microsoft.Features/features/read •Microsoft.Mission/communities/communityEndpoints/read •Microsoft.Mission/communities/transitHubs/read •Microsoft.Mission/enclaveConnections/read •Microsoft.Mission/enclaveConnections/write •Microsoft.Mission/virtualEnclaves/enclaveEndpoints/read •Microsoft.Mission/virtualEnclaves/enclaveEndpoints/write •Microsoft.Mission/approvals/read •Microsoft.Mission/approvals/write | ||||
3d5f3eff-eb94-473d-91e3-7aac74d6c0bb | Enclave Owner Role | Enclave Owner Role to access the resources of Microsoft.Mission stored with RPSAAS. | False |
00064 effective control plane operations (unique) •delete: 7 •read: 48 •write: 9 |
Actions: 038 resolved operations: 64 effective operations: 64 •delete: 7 •read: 48 •write: 9 •Microsoft.Mission/Locations/OperationStatuses/read •Microsoft.Mission/Locations/OperationStatuses/write •Microsoft.Mission/Operations/read •Microsoft.Mission/catalogs/read •Microsoft.Mission/catalogs/write •Microsoft.Mission/catalogs/delete •Microsoft.Mission/internalConnections/read •Microsoft.Mission/internalConnections/write •Microsoft.Mission/internalConnections/delete •Microsoft.Mission/virtualEnclaves/read •Microsoft.Mission/virtualEnclaves/write •Microsoft.Mission/virtualEnclaves/delete •Microsoft.Mission/virtualEnclaves/workloads/read •Microsoft.Mission/virtualEnclaves/workloads/write •Microsoft.Mission/virtualEnclaves/workloads/delete •Microsoft.Mission/communities/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/read •Microsoft.Resources/deployments/read •Microsoft.Resources/deployments/write •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Features/providers/features/read •Microsoft.Features/features/read •Microsoft.Mission/communities/communityEndpoints/read •Microsoft.Mission/communities/transitHubs/read •Microsoft.Mission/enclaveConnections/read •Microsoft.Mission/enclaveConnections/write •Microsoft.Mission/enclaveConnections/delete •Microsoft.Mission/virtualEnclaves/enclaveEndpoints/read •Microsoft.Mission/virtualEnclaves/enclaveEndpoints/write •Microsoft.Mission/virtualEnclaves/enclaveEndpoints/delete •Microsoft.Mission/approvals/read •Microsoft.Mission/approvals/write •Microsoft.Mission/approvals/delete | ||||
86fede04-b259-4277-8c3e-e26b9865abd8 | Enclave Reader Role | Enclave Reader Role to access the resources of Microsoft.Mission stored with RPSAAS. | False |
00065 effective control plane operations (unique) •: 1 •Action: 7 •Delete: 3 •read: 51 •Write: 3 |
Actions: 024 resolved operations: 65 effective operations: 65 •: 1 •Action: 7 •Delete: 3 •read: 51 •Write: 3 •Microsoft.Mission/Operations/read •Microsoft.Mission/catalogs/read •Microsoft.Mission/catalogs/write •Microsoft.Mission/catalogs/delete •Microsoft.Mission/communities/read •Microsoft.Mission/internalConnections/read •Microsoft.Mission/virtualEnclaves/read •Microsoft.Mission/virtualEnclaves/endpoints/read •Microsoft.Mission/virtualEnclaves/workloads/read •Microsoft.Authorization/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Resources/subscriptions/resourcegroups/deployments/read •Microsoft.Resources/subscriptions/operationresults/read •Microsoft.ResourceHealth/availabilityStatuses/read •Microsoft.Features/providers/features/read •Microsoft.Features/features/read •Microsoft.Mission/communities/communityEndpoints/read •Microsoft.Mission/communities/transitHubs/read •Microsoft.Mission/enclaveConnections/read •Microsoft.Mission/virtualEnclaves/enclaveEndpoints/read •Microsoft.Mission/approvals/read | ||||
1e241071-0855-49ea-94dc-649edcd759de | EventGrid Contributor | Lets you manage EventGrid operations. | False |
00251 effective control plane operations (unique) •: 1 •action: 57 •delete: 37 •read: 112 •write: 44 |
Actions: 006 resolved operations: 251 effective operations: 251 •: 1 •action: 57 •delete: 37 •read: 112 •write: 44 •Microsoft.Authorization/*/read •Microsoft.EventGrid/* •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | count: 009 •Configure Azure Event Grid domains to disable local authentication •Configure Azure Event Grid namespace MQTT broker with private endpoints •Configure Azure Event Grid namespaces with private endpoints •Configure Azure Event Grid partner namespaces to disable local authentication •Configure Azure Event Grid topics to disable local authentication •Deploy - Configure Azure Event Grid domains with private endpoints •Deploy - Configure Azure Event Grid topics with private endpoints •Modify - Configure Azure Event Grid domains to disable public network access •Modify - Configure Azure Event Grid topics to disable public network access | |||
1d8c3fe3-8864-474b-8749-01e3783e8157 | EventGrid Data Contributor | Allows send and receive access to event grid events. | False |
00038 effective control plane and data plane operations (unique) •action: 2 •read: 36 |
Actions: 010 resolved operations: 36 effective operations: 36 •read: 36 •Microsoft.Authorization/*/read •Microsoft.EventGrid/eventSubscriptions/read •Microsoft.EventGrid/topicTypes/eventSubscriptions/read •Microsoft.EventGrid/locations/eventSubscriptions/read •Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.EventGrid/topics/read •Microsoft.EventGrid/domains/read •Microsoft.EventGrid/partnerNamespaces/read •Microsoft.EventGrid/namespaces/read | DataActions: 002 resolved data operations: 2 effective data operations: 2 •action: 2 •Microsoft.EventGrid/events/send/action •Microsoft.EventGrid/events/receive/action | |||
78cbd9e7-9798-4e2e-9b5a-547d9ebb31fb | EventGrid Data Receiver | Allows receive access to event grid events. | False |
00034 effective control plane and data plane operations (unique) •action: 1 •read: 33 |
Actions: 007 resolved operations: 33 effective operations: 33 •read: 33 •Microsoft.Authorization/*/read •Microsoft.EventGrid/eventSubscriptions/read •Microsoft.EventGrid/topicTypes/eventSubscriptions/read •Microsoft.EventGrid/locations/eventSubscriptions/read •Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.EventGrid/namespaces/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.EventGrid/events/receive/action | |||
d5a91429-5739-47e2-a06b-3470a27159e7 | EventGrid Data Sender | Allows send access to event grid events. | False |
00033 effective control plane and data plane operations (unique) •action: 1 •read: 32 |
Actions: 006 resolved operations: 32 effective operations: 32 •read: 32 •Microsoft.Authorization/*/read •Microsoft.EventGrid/topics/read •Microsoft.EventGrid/domains/read •Microsoft.EventGrid/partnerNamespaces/read •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.EventGrid/namespaces/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.EventGrid/events/send/action | |||
428e0ff0-5e57-4d9c-a221-2c70d0e0a443 | EventGrid EventSubscription Contributor | Lets you manage EventGrid event subscription operations. | False |
00066 effective control plane operations (unique) •: 1 •action: 12 •delete: 3 •read: 45 •write: 5 |
Actions: 009 resolved operations: 66 effective operations: 66 •: 1 •action: 12 •delete: 3 •read: 45 •write: 5 •Microsoft.Authorization/*/read •Microsoft.EventGrid/eventSubscriptions/* •Microsoft.EventGrid/topicTypes/eventSubscriptions/read •Microsoft.EventGrid/locations/eventSubscriptions/read •Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Support/* | ||||
2414bbcf-6497-4faf-8c65-045460748405 | EventGrid EventSubscription Reader | Lets you read EventGrid event subscriptions. | False |
00032 effective control plane operations (unique) •read: 32 |
Actions: 006 resolved operations: 32 effective operations: 32 •read: 32 •Microsoft.Authorization/*/read •Microsoft.EventGrid/eventSubscriptions/read •Microsoft.EventGrid/topicTypes/eventSubscriptions/read •Microsoft.EventGrid/locations/eventSubscriptions/read •Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read •Microsoft.Resources/subscriptions/resourceGroups/read | ||||
a12b0b94-b317-4dcd-84a8-502ce99884c6 | EventGrid TopicSpaces Publisher | Lets you publish messages on topicspaces. | False |
00119 effective control plane and data plane operations (unique) •: 1 •action: 8 •Delete: 2 •read: 106 •Write: 2 |
Actions: 005 resolved operations: 118 effective operations: 118 •: 1 •Action: 7 •Delete: 2 •read: 106 •Write: 2 •Microsoft.Authorization/*/read •Microsoft.EventGrid/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.EventGrid/topicSpaces/publish/action | |||
4b0f2fd7-60b4-4eca-896f-4435034f8bf5 | EventGrid TopicSpaces Subscriber | Lets you subscribe messages on topicspaces. | False |
00119 effective control plane and data plane operations (unique) •: 1 •action: 8 •Delete: 2 •read: 106 •Write: 2 |
Actions: 005 resolved operations: 118 effective operations: 118 •: 1 •Action: 7 •Delete: 2 •read: 106 •Write: 2 •Microsoft.Authorization/*/read •Microsoft.EventGrid/*/read •Microsoft.Insights/alertRules/* •Microsoft.Resources/deployments/* •Microsoft.Resources/subscriptions/resourceGroups/read | DataActions: 001 resolved data operations: 1 effective data operations: 1 •action: 1 •Microsoft.EventGrid/topicSpaces/subscribe/action | |||
7f646f1b-fa08-80eb-a33b-edd6ce5c915c | Experimentation Administrator | Experimentation Administrator | False |
00014 effective control plane and data plane operations (unique) •action: 7 •delete: 2 •read: 3 •write: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 2 •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Experimentation/experimentWorkspaces/read | DataActions: 013 resolved data operations: 13 effective data operations: 13 •action: 7 •delete: 2 •read: 2 •write: 2 •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/admin/action •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/read •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/write •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/delete •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/experimentadmin/action •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/experiment/action •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/emergencystop/action •Microsoft.Experimentation/experimentWorkspaces/read •Microsoft.Experimentation/experimentWorkspaces/write •Microsoft.Experimentation/experimentWorkspaces/delete •Microsoft.Experimentation/experimentWorkspaces/admin/action •Microsoft.Experimentation/experimentWorkspaces/metricwrite/action •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/metricwrite/action | |||
7f646f1b-fa08-80eb-a22b-edd6ce5c915c | Experimentation Contributor | Experimentation Contributor | False |
00009 effective control plane and data plane operations (unique) •action: 2 •delete: 2 •read: 3 •write: 2 |
Actions: 002 resolved operations: 2 effective operations: 2 •read: 2 •Microsoft.Resources/subscriptions/resourceGroups/read •Microsoft.Experimentation/experimentWorkspaces/read | DataActions: 008 resolved data operations: 8 effective data operations: 8 •action: 2 •delete: 2 •read: 2 •write: 2 •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/read •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/write •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/delete •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/experiment/action •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/emergencystop/action •Microsoft.Experimentation/experimentWorkspaces/read •Microsoft.Experimentation/experimentWorkspaces/write •Microsoft.Experimentation/experimentWorkspaces/delete | |||
6188b7c9-7d01-4f99-a59f-c88b630326c0 | Experimentation Metric Contributor | Allows for creation, writes and reads to the metric set via the metrics service APIs. | False |
00004 effective control plane and data plane operations (unique) •action: 2 •read: 2 |
Actions: 001 resolved operations: 1 effective operations: 1 •read: 1 •Microsoft.Experimentation/experimentWorkspaces/read | DataActions: 004 resolved data operations: 4 effective data operations: 4 •action: 2 •read: 2 •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/read •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/metricwrite/action •Microsoft.Experimentation/experimentWorkspaces/metricwrite/action •Microsoft.Experimentation/experimentWorkspaces/read | |||
49632ef5-d9ac-41f4-b8e7-bbe587fa74a1 | Experimentation Reader | Experimentation Reader | False |
00002 effective control plane and data plane operations (unique) •read: 2 |
Actions: 001 resolved operations: 1 effective operations: 1 •read: 1 •Microsoft.Experimentation/experimentWorkspaces/read | DataActions: 002 resolved data operations: 2 effective data operations: 2 •read: 2 •Microsoft.Experimentation/experimentWorkspaces/read •Microsoft.Experimentation/experimentWorkspaces/experimentationGroups/read | |||
5a1fc7df-4bf1-4951-a576-89034ee01acd | FHIR Data Contributor | Role allows user or principal full access to FHIR Data | False |
00022 effective data plane operations (unique) •action: 16 •delete: 2 •read: 2 •write: 2 |
DataActions: 002 resolved data operations: 24 effective data operations: 22 •action: 16 •delete: 2 •read: 2 •write: 2 •Microsoft.HealthcareApis/services/fhir/resources/* •Microsoft.HealthcareApis/workspaces/fhirservices/resources/* | NotDataActions: 002 resolved not data operations: 2 effective not data operations: 3281 •Microsoft.HealthcareApis/services/fhir/resources/smart/action •Microsoft.HealthcareApis/workspaces/fhirservices/resources/smart/action | |||
a1705bd2-3a8f-45a5-8683-466fcfd5cc24 | FHIR Data Converter | Role allows user or principal to convert data from legacy format to FHIR | False |
00002 effective data plane operations (unique) •action: 2 |
DataActions: 002 resolved data operations: 2 effective data operations: 2 •action: 2 •Microsoft.HealthcareApis/services/fhir/resources/convertData/action •Microsoft.HealthcareApis/workspaces/fhirservices/resources/convertData/action | ||||
3db33094-8700-4567-8da5-1501d4e7e843 | FHIR Data Exporter | Role allows user or principal to read and export FHIR Data | False |
00004 effective data plane operations (unique) •action: 2 •read: 2 |
DataActions: 004 resolved data operations: 4 effective data operations: 4 •action: 2 •read: 2 •Microsoft.HealthcareApis/services/fhir/resources/read •Microsoft.HealthcareApis/services/fhir/resources/export/action •Microsoft.HealthcareApis/workspaces/fhirservices/resources/read •Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action | ||||
4465e953-8ced-4406-a58e-0f6e3f3b530b | FHIR Data Importer | Role allows user or principal to read and import FHIR Data | False |
00002 effective data plane operations (unique) •action: 1 •read: 1 |
DataActions: 002 resolved data operations: 2 effective data operations: 2 •action: 1 •read: 1 •Microsoft.HealthcareApis/workspaces/fhirservices/resources/read •Microsoft.HealthcareApis/workspaces/fhirservices/resources/import/action | ||||
4c8d0bbc-75d3-4935-991f-5f3c56d81508 | FHIR Data Reader | Role allows user or principal to read FHIR Data | False |
00002 effective data plane operations (unique) •read: 2 |
DataActions: 002 resolved data operations: 2 effective data operations: 2 •read: 2 •Microsoft.HealthcareApis/services/fhir/resources/read •Microsoft.HealthcareApis/workspaces/fhirservices/resources/read | ||||
3f88fce4-5892-4214-ae73-ba5294559913 | FHIR Data Writer | Role allows user or principal to read and write FHIR Data | False |
00018 effective data plane operations (unique) •action: 12 •delete: 2 •read: 2 •write: 2 |
DataActions: 018 resolved data operations: 18 effective data operations: 18 •action: 12 •delete: 2 •read: 2 •write: 2 •Microsoft.HealthcareApis/services/fhir/resources/read •Microsoft.HealthcareApis/services/fhir/resources/write •Microsoft.HealthcareApis/services/fhir/resources/delete •Microsoft.HealthcareApis/services/fhir/resources/export/action •Microsoft.HealthcareApis/services/fhir/resources/resourceValidate/action •Microsoft.HealthcareApis/services/fhir/resources/reindex/action •Microsoft.HealthcareApis/services/fhir/resources/convertData/action •Microsoft.HealthcareApis/services/fhir/resources/editProfileDefinitions/action •Microsoft.HealthcareApis/services/fhir/resources/import/action •Microsoft.HealthcareApis/workspaces/fhirservices/resources/read •Microsoft.HealthcareApis/workspaces/fhirservices/resources/wri |