last sync: 2024-May-24 18:02:49 UTC

Changes on Azure RBAC Role definitions

Id DisplayName Description Subject Change Date (UTC ymd) (i)
d623d097-b882-4e1e-a26f-ac60e31065a1 Oracle.Database Reader Built-in Role Grants read access to all Oracle.Database resources
add
new Role 2024-05-22 21:01:22
4cfdd23b-aece-4fd1-b614-ad3a06c53453 Oracle.Database Exadata Infrastructure Administrator Built-in Role Grants full access to manage all Exadata Infrastructure resources
add
new Role 2024-05-22 21:01:22
e2217c0e-04bb-4724-9580-91cf9871bc01 GroupQuota Request Operator Read and create GroupQuota requests, get GroupQuota request status, and get groupQuotaLimits.
change
Actions 2024-05-22 18:03:37
ddc140ed-e463-4246-9145-7c664192013f Azure Arc VMware Administrator role Arc VMware VM Contributor has permissions to perform all connected VMwarevSphere actions.
change
Actions 2024-05-21 18:05:11
0fb8eba5-a2bb-4abe-b1c1-49dfad359bb0 Azure ContainerApps Session Executor Create and execute sessions in a sessionPool
change
DisplayName, Actions 2024-05-20 18:06:19
adb29209-aa1d-457b-a786-c913953d2891 Azure Deployment Stack Owner Allows a user to manage deployment stacks, including those with deny assignments.
add
new Role 2024-05-16 18:05:17
bf7f8882-3383-422a-806a-6526c631a88a Azure Deployment Stack Contributor Allows a user to manage deployment stacks, but cannot create or delete deny assignments within the deployment stack.
add
new Role 2024-05-16 18:05:17
b24988ac-6180-42a0-ab88-20f7382dd24c Contributor Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
change
NotActions 2024-05-16 18:05:17
3ae3fb29-0000-4ccd-bf80-542e7b26e081 Load Test Reader View and list all load tests and load test resources but can not make any changes
change
DataActions 2024-05-16 18:05:17
749a398d-560b-491b-bb21-08924219302e Load Test Contributor View, create, update, delete and execute load tests. View and list load test resources but can not make any changes.
change
DataActions 2024-05-16 18:05:17
39138f76-04e6-41f0-ba6b-c411b59081a9 Bayer Ag Powered Services Crop Id Solution User Role Provide access to Crop Id Solution by Bayer Ag Powered Services
change
DataActions 2024-05-16 18:05:17
6cd4ddd5-44f4-45bf-853e-a23e79738ce8 Copilot for Azure User Enables users access to Copilot for Azure.
change
Actions 2024-05-13 17:45:16
05fdd44c-adc6-4aff-981c-61041f0c929a Nexus Network Fabric Service Reader Read-only access to Nexus Network Fabric Service
add
new Role 2024-05-13 17:45:16
a5eb8433-97a5-4a06-80b2-a877e1622c31 Nexus Network Fabric Service Writer Read-write access to Nexus Network Fabric Service
add
new Role 2024-05-13 17:45:16
6cd4ddd5-44f4-45bf-853e-a23e79738ce8 Copilot for Azure User Enables users access to Copilot for Azure.
add
new Role 2024-05-08 17:44:38
b67fe603-310e-4889-b9ee-8257d09d353d Scheduled Events Contributor Provides access to scheduled event actions
add
new Role 2024-05-06 19:18:21
91422e52-bb88-4415-bb4a-90f5b71f6dcb Azure Spring Apps Job Execution Instance List Role List instances for job executions in Azure Spring Apps
add
new Role 2024-05-03 17:44:59
b459aa1d-e3c8-436f-ae21-c0531140f43e Azure Spring Apps Job Log Reader Role Read real-time logs for jobs in Azure Spring Apps
add
new Role 2024-05-03 17:44:59
c18f9900-27b8-47c7-a8f0-5b3b3d4c2bc2 Microsoft Sentinel Business Applications Agent Operator List and update actions on a business applications system. This role is in preview and subject to change.
change
Actions 2024-05-03 17:44:59
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backups, but can't delete vaults and give access to others
change
Description, Actions 2024-05-03 17:44:59
00c29273-979b-4161-815c-10b084fb9324 Backup Operator Lets you manage backup services, except removal of backup, vault creation and giving access to others
change
Actions 2024-05-03 17:44:59
a795c7a0-d4a2-40c1-ae25-d81f01202912 Backup Reader Can view backup services, but can't make changes
change
Actions 2024-05-02 17:48:17
95dd08a6-00bd-4661-84bf-f6726f83a4d0 Azure Container Storage Contributor Lets you install Azure Container Storage and manage its storage resources
add
new Role 2024-05-02 17:48:17
95de85bd-744d-4664-9dde-11430bc34793 Azure Container Storage Owner Lets you install Azure Container Storage and grants access to its storage resources
add
new Role 2024-05-02 17:48:17
8480c0f0-4509-4229-9339-7c10018cb8c4 Defender CSPM Storage Scanner Operator Lets you enable and configure Microsoft Defender CSPM's sensitive data discovery feature on your storage accounts. Includes an ABAC condition to limit role assignments.
add
new Role 2024-04-30 17:48:19
39138f76-04e6-41f0-ba6b-c411b59081a9 Bayer Ag Powered Services Crop Id Solution User Role Provide access to Crop Id Solution by Bayer Ag Powered Services
add
new Role 2024-04-30 17:48:19
c7244dfb-f447-457d-b2ba-3999044d1706 Azure API Center Data Reader Allows for access to Azure API Center data plane read operations.
change
DataActions 2024-04-30 17:48:19
0f641de8-0b88-4198-bdef-bd8b45ceba96 Defender for Storage Scanner Operator Lets you enable and configure Microsoft Defender for Storage's malware scanning and sensitive data discovery features on your storage accounts. Includes an ABAC condition to limit role assignments.
add
new Role 2024-04-30 17:48:19
28c0d4cd-558d-4de9-91a0-faa18e7b3266 Savings plan Contributor Lets you read and manage savings plans but cannot delegate savings plan-related roles
add
new Role 2024-04-23 15:07:34
182a574c-b3c6-4acc-b019-48ae44cd4677 Savings plan Administrator Lets you read, manage savings plans and delegate savings plan-related roles
change
Description, Actions 2024-04-23 15:07:34
5d3f1697-4507-4d08-bb4a-477695db5f82 Azure Kubernetes Service Arc Contributor Role Grants access to read and write Azure Kubernetes Services hybrid clusters
change
Actions 2024-04-17 17:45:34
ef318e2a-8334-4a05-9e4a-295a196c6a6e Azure Red Hat OpenShift Federated Credential Role This role grants the permissions required in order to patch cluster managed identities with the federated credential to build a trust relationship between the managed identity, OIDC, and the service account.
add
new Role 2024-04-15 17:47:24
0e75ca1e-0464-4b4d-8b93-68208a576181 Cognitive Services Speech Contributor Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice.
change
DataActions 2024-04-15 17:47:24
5e0bd9bd-7b93-4f28-af87-19fc36ad61bd Cognitive Services OpenAI User Ability to view files, models, deployments. Readers can't make any changes They can inference and create images
change
Description, DataActions 2024-04-15 17:47:24
be7a6435-15ae-4171-8f30-4a343eff9e8f Azure RedHat OpenShift Network Operator Role Enables permissions to install and upgrade the networking components on an OpenShift cluster.
change
Actions 2024-04-15 17:47:24
4436bae4-7702-4c84-919b-c4069ff25ee2 Azure RedHat OpenShift Service Operator The ARO Operator is responsible for maintaining features, checks, and resources that are specific to an Azure Red Hat OpenShift cluster's continued functionality as a managed service. This includes, but is not limited to, machine management and health, network configuration, and monitoring.
change
Actions 2024-04-15 17:47:24
0d7aedc0-15fd-4a67-a412-efad370c947e Azure RedHat OpenShift Azure Files Storage Operator Role Enables permissions to set OpenShift cluster-wide storage defaults. It ensures a default storageclass exists for clusters. It also installs Container Storage Interface (CSI) drivers which enable your cluster to use Azure Files.
change
Actions 2024-04-15 17:47:24
f2dc8367-1007-4938-bd23-fe263f013447 Cognitive Services Speech User Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models.
change
DataActions 2024-04-15 17:47:24
0336e1d3-7a87-462b-b6db-342b63f7802c Azure RedHat OpenShift Cluster Ingress Operator Role Enables permissions for the operator to configure and manage the OpenShift router.
change
Actions 2024-04-15 17:47:24
8b32b316-c2f5-4ddf-b05b-83dacd2d08b5 Azure RedHat OpenShift Image Registry Operator Role Enables permissions for the operator to manage a singleton instance of the OpenShift image registry. It manages all configuration of the registry, including creating storage.
change
Actions, DataActions 2024-04-15 17:47:24
a1f96423-95ce-4224-ab27-4e3dc72facd4 Azure RedHat OpenShift Cloud Controller Manager Role Enables permissions for the operator to manage and update the cloud controller managers deployed on top of OpenShift.
change
Actions 2024-04-15 17:47:24
0358943c-7e01-48ba-8889-02cc51d78637 Azure RedHat OpenShift Machine API Operator Role Enables permissions for the operator to manage the lifecycle of specific purpose custom resource definitions (CRD), controllers, and RBAC objects that extend the Kubernetes API. This declares the desired state of machines in a cluster.
change
Actions 2024-04-15 17:47:24
5b7237c5-45e1-49d6-bc18-a1f62f400748 Azure RedHat OpenShift Storage Operator Role Enables permissions to set OpenShift cluster-wide storage defaults. It ensures a default storageclass exists for clusters. It also installs Container Storage Interface (CSI) drivers which enable your cluster to use various storage backends.
change
Actions 2024-04-15 17:47:24
8bb6f106-b146-4ee6-a3f9-b9c5a96e0ae5 Defender Kubernetes Agent Operator Grants Microsoft Defender for Cloud permissions to provision the Kubernetes defender security agent
change
Actions 2024-04-09 17:48:20
0fb8eba5-a2bb-4abe-b1c1-49dfad359bb0 Azure ContainerApps Session Creator Create and execute sessions in a sessionPool
add
new Role 2024-04-08 17:52:45
e9ce8739-6fa2-4123-a0a2-0ef41a67806f Oracle.Database VmCluster Administrator Built-in Role Grants full access to manage all VmCluster resources
change
Actions 2024-04-08 17:52:45
4caf51ec-f9f5-413f-8a94-b9f5fddba66b Oracle Subscriptions Manager Built-in Role Grants full access to manage all Oracle Subscriptions resources
change
Actions 2024-04-08 17:52:45
4562aac9-b209-4bd7-a144-6d7f3bb516f4 Oracle.Database Owner Built-in Role Grants full access to manage all Oracle.Database resources
change
Actions 2024-04-08 17:52:45
b70c96e9-66fe-4c09-b6e7-c98e69c98555 Logic Apps Standard Operator (Preview) You can enable and disable the logic app, resubmit workflow runs, as well as create connections. You can't edit workflows or settings.
change
Description, Actions 2024-04-05 19:55:31
523776ba-4eb2-4600-a3c8-f2dc93da4bdb Logic Apps Standard Developer (Preview) You can create and edit workflows, connections, and settings for a Standard logic app. You can't make changes outside the workflow scope.
change
Description, Actions 2024-04-05 19:55:31
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings.
change
Actions 2024-04-05 19:55:31
ad710c24-b039-4e85-a019-deb4a06e8570 Logic Apps Standard Contributor (Preview) You can manage all aspects of a Standard logic app and workflows. You can't change access or ownership.
change
Description, Actions 2024-04-05 19:55:31
4accf36b-2c05-432f-91c8-5c532dff4c73 Logic Apps Standard Reader (Preview) You have read-only access to all resources in a Standard logic app and workflows, including the workflow runs and their history.
change
Description, Actions 2024-04-05 19:55:31
c18f9900-27b8-47c7-a8f0-5b3b3d4c2bc2 Microsoft Sentinel Business Applications Agent Operator List and update actions on a business applications system. This role is in preview and subject to change.
add
new Role 2024-04-05 19:55:31
3e150937-b8fe-4cfb-8069-0eaf05ecd056 Microsoft Sentinel Responder Microsoft Sentinel Responder
change
Actions 2024-04-04 18:27:29
5d9c6a55-fc0e-4e21-ae6f-f7b095497342 Azure Hybrid Database Administrator - Read Only Service Role Read only access to Azure hybrid database services resources.
add
new Role 2024-04-04 18:27:29
b5b192c1-773c-4543-bfb0-6c59254b74a9 Bayer Ag Powered Services Historical Weather Data Solution User Role Provide access to Historical Weather Data Solution by Bayer Ag Powered Services
add
new Role 2024-04-03 19:06:57
e40ec5ca-96e0-45a2-b4ff-59039f2c2b59 Managed Identity Contributor Create, Read, Update, and Delete User Assigned Identity
change
Actions 2024-04-01 20:01:14
4e9b8407-af2e-495b-ae54-bb60a55b1b5a Chamber Admin Lets you manage everything under your Modeling and Simulation Workbench chamber.
change
NotActions 2024-04-01 20:01:14
4b3fe76c-f777-4d24-a2d7-b027b0f7b273 Azure Stack HCI VM Reader Grants permissions to view VMs
change
Actions 2024-04-01 20:01:14
4dae6930-7baf-46f5-909e-0383bc931c46 Azure Customer Lockbox Approver for Subscription Can approve Microsoft support requests to access specific resources contained within a subscription, or the subscription itself, when Customer Lockbox for Microsoft Azure is enabled on the tenant where the subscription resides. - in Public Preview.
change
Description, Actions 2024-03-29 18:59:49
25211fc6-dc78-40b6-b205-e4ac934fd9fd Azure Spring Apps Application Configuration Service Config File Pattern Reader Role Read content of config file pattern for Application Configuration Service in Azure Spring Apps
add
new Role 2024-03-28 18:44:28
f27b7598-bc64-41f7-8a44-855ff16326c2 Azure Messaging Catalog Data Owner Allows for full access to Azure Messaging Catalog resources.
add
new Role 2024-03-28 18:44:28
4cfdd23b-aece-4fd1-b614-ad3a06c53453 Oracle.Database Exadata Infrastructure Administrator Built-in Role Grants full access to manage all Exadata Infrastructure resources
remove
decommissioned Role 2024-03-27 18:49:34
d623d097-b882-4e1e-a26f-ac60e31065a1 Oracle.Database Reader Built-in Role Grants read access to see all Oracle VmCluster resources
remove
decommissioned Role 2024-03-27 18:49:34
86fede04-b259-4277-8c3e-e26b9865abd8 Enclave Reader Role Enclave Reader Role to access the resources of Microsoft.Mission stored with RPSAAS.
change
Actions 2024-03-26 18:41:13
19feefae-eacc-4106-81fd-ac34c0671f14 Enclave Contributor Role Enclave Contributor Role to access the resources of Microsoft.Mission stored with RPSAAS.
change
Actions 2024-03-26 18:41:13
3d5f3eff-eb94-473d-91e3-7aac74d6c0bb Enclave Owner Role Enclave Owner Role to access the resources of Microsoft.Mission stored with RPSAAS.
change
Actions 2024-03-26 18:41:13
e6aadb6b-e64f-41c0-9392-d2bba3bc3ebc Community Reader Role Community Reader Role to access the resources of Microsoft.Mission stored with RPSAAS.
change
Actions 2024-03-26 18:41:13
7656b436-37d4-490a-a4ab-d39f838f0042 HDInsight on AKS Cluster Pool Admin Can read, create, modify and delete HDInsight on AKS cluster pools and create clusters
change
Actions 2024-03-26 18:41:13
fd036e6b-1266-47a0-b0bb-a05d04831731 HDInsight on AKS Cluster Admin Grants a user/group the ability to create, delete and manage clusters within a given cluster pool. Cluster Admin can also run workloads, monitor, and manage all user activity on these clusters.
change
Actions 2024-03-26 18:41:13
d623d097-b882-4e1e-a26f-ac60e31065a1 Oracle.Database Reader Built-in Role Grants read access to see all Oracle VmCluster resources
add
new Role 2024-03-26 18:41:13
4562aac9-b209-4bd7-a144-6d7f3bb516f4 Oracle.Database Owner Built-in Role Grants full access to manage all Oracle.Database resources
add
new Role 2024-03-26 18:41:13
5e28a61e-8040-49db-b175-bb5b88af6239 Community Owner Role Community Owner Role to access the resources of Microsoft.Mission stored with RPSAAS.
change
Actions 2024-03-26 18:41:13
4caf51ec-f9f5-413f-8a94-b9f5fddba66b Oracle Subscriptions Manager Built-in Role Grants full access to manage all Oracle Subscriptions resources
add
new Role 2024-03-26 18:41:13
4cfdd23b-aece-4fd1-b614-ad3a06c53453 Oracle.Database Exadata Infrastructure Administrator Built-in Role Grants full access to manage all Exadata Infrastructure resources
add
new Role 2024-03-26 18:41:13
e9ce8739-6fa2-4123-a0a2-0ef41a67806f Oracle.Database VmCluster Administrator Built-in Role Grants full access to manage all VmCluster resources
add
new Role 2024-03-26 18:41:13
49435da6-99fe-48a5-a235-fc668b9dc04a Community Contributor Role Community Contributor Role to access the resources of Microsoft.Mission stored with RPSAAS.
change
Actions 2024-03-26 18:41:13
6cba8790-29c5-48e5-bab1-c7541b01cb04 Azure API Center Service Reader Allows read-only access to Azure API Center service.
add
new Role 2024-03-25 19:17:46
ede9aaa3-4627-494e-be13-4aa7c256148d Azure API Center Compliance Manager Allows managing API compliance in Azure API Center service.
add
new Role 2024-03-25 19:17:46
dd24193f-ef65-44e5-8a7e-6fa6e03f7713 Azure API Center Service Contributor Allows managing Azure API Center service.
add
new Role 2024-03-25 19:17:46
08d4c71a-cc63-4ce4-a9c8-5dd251b4d619 Azure Container Storage Operator Role required by a Managed Identity for Azure Container Storage operations
change
Actions 2024-03-25 19:17:46
5e93ba01-8f92-4c7a-b12a-801e3df23824 Kubernetes Agent Operator Grants Microsoft Defender for Cloud access to Azure Kubernetes Services
add
new Role 2024-03-21 18:46:18
c20923c5-b089-47a5-bf67-fd89569c4ad9 Azure Programmable Connectivity Gateway Dataplane User Allows access to all Gateway dataplane APIs.
add
new Role 2024-03-19 19:11:48
cd570a14-e51a-42ad-bac8-bafd67325302 Azure Connected Machine Resource Administrator Can read, write, delete and re-onboard Azure Connected Machines.
change
Actions 2024-03-19 19:11:48
b6ee44de-fe58-4ddc-b5c2-ab174eb23f05 CrossConnectionReader Allows for read access to ExpressRoute CrossConnections
add
new Role 2024-03-19 19:11:48
399c3b2b-64c2-4ff1-af34-571db925b068 CrossConnectionManager Allows for read, write access to ExpressRoute CrossConnections
add
new Role 2024-03-19 19:11:48
3d24a3a0-c154-4f6f-a5ed-adc8e01ddb74 Savings plan Purchaser Lets you purchase savings plans
add
new Role 2024-03-18 18:48:33
3afb7f49-54cb-416e-8c09-6dc049efa503 Azure AI Inference Deployment Operator Can perform all actions required to create a resource deployment within a resource group.
change
Actions 2024-03-18 18:48:33
182a574c-b3c6-4acc-b019-48ae44cd4677 Savings plan Administrator Lets one read and manage all the savings plans in a tenant
add
new Role 2024-03-18 18:48:33
5a382001-fe36-41ff-bba4-8bf06bd54da9 Azure Sphere Owner Allows user read and write access to Azure Sphere resources and RBAC configuration, includes an ABAC condition to constrain role assignments.
change
Actions 2024-03-13 20:05:30
d534ad90-4ac5-4815-a178-b2e47397baab Savings plan Reader Lets you read all savings plans in a tenant
add
new Role 2024-03-12 19:09:41
c2a970b4-16a7-4a51-8c84-8a8ea6ee0bb8 Backup MUA Admin Backup MultiUser-Authorization. Can create/delete ResourceGuard
add
new Role 2024-03-11 18:32:13
f54b6d04-23c6-443e-b462-9c16ab7b4a52 Backup MUA Operator Backup MultiUser-Authorization. Allows user to perform critical operation protected by resourceguard
add
new Role 2024-03-11 18:32:13
b29efa5f-7782-4dc3-9537-4d5bc70a5e9f Azure Kubernetes Service Arc Cluster Admin Role List cluster admin credential action.
add
new Role 2024-03-08 20:25:26
5d3f1697-4507-4d08-bb4a-477695db5f82 Azure Kubernetes Service Arc Contributor Role Grants access to read and write Azure Kubernetes Services hybrid clusters
add
new Role 2024-03-08 20:25:26
233ca253-b031-42ff-9fba-87ef12d6b55f Azure Kubernetes Service Arc Cluster User Role List cluster user credential action.
add
new Role 2024-03-08 20:25:26
08d4c71a-cc63-4ce4-a9c8-5dd251b4d619 Azure Container Storage Operator Role required by a Managed Identity for Azure Container Storage operations
add
new Role 2024-03-07 18:45:56
d24ecba3-c1f4-40fa-a7bb-4588a071e8fd VM Scanner Operator Role that provides access to disk snapshot for security analysis.
change
Actions 2024-03-05 19:57:52
b556d68e-0be0-4f35-a333-ad7ee1ce17ea Azure AI Enterprise Network Connection Approver Can approve private endpoint connections to Azure AI common dependency resources
add
new Role 2024-03-04 19:12:43
af854a69-80ce-4ff7-8447-f1118a2e0ca8 Health Bot Editor Users with editor access can sign in, view and edit all the bot resources, scenarios and configuration setting except for the bot instance keys & secrets and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). A read-only access to the bot skills and channels.
add
new Role 2024-02-29 19:39:33
eb5a76d5-50e7-4c33-a449-070e7c9c4cf2 Health Bot Reader Users with reader access can sign in, have read-only access to the bot resources, scenarios and configuration setting except for the bot instance keys & secrets (including Authentication, Data Connection and Channels keys) and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs).
add
new Role 2024-02-29 19:39:33
f1082fec-a70f-419f-9230-885d2550fb38 Health Bot Admin Users with admin access can sign in, view and edit all of the bot resources, scenarios and configuration setting including the bot instance keys & secrets.
add
new Role 2024-02-29 19:39:33
539283cd-c185-4a9a-9503-d35217a1db7b Bayer Ag Powered Services Smart Boundary Solution User Role Provide access to Smart Boundary Solution by Bayer Ag Powered Services
add
new Role 2024-02-28 19:10:58
b7b8f583-43d0-40ae-b147-6b46f53661c1 GeoCatalog Reader View GeoCatalogs, but does not allow you to make any changes.
add
new Role 2024-02-28 19:10:58
c9c97b9c-105d-4bb5-a2a7-7d15666c2484 GeoCatalog Administrator Grants full access to manage GeoCatalogs, but does not allow you to assign roles in Azure RBAC.
add
new Role 2024-02-28 19:10:58
7b1f81f9-4196-4058-8aae-762e593270df Azure Resource Bridge Deployment Role Azure Resource Bridge Deployment Role
change
Actions 2024-02-27 19:10:44
6b534d80-e337-47c4-864f-140f5c7f593d Advisor Recommendations Contributor Can update status of Advisor recommendations including postpone and dismiss operations.
add
new Role 2024-02-27 19:10:44
a959dbd1-f747-45e3-8ba6-dd80f235f97c Desktop Virtualization Virtual Machine Contributor This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines.
change
Actions 2024-02-19 18:47:31
7b1f81f9-4196-4058-8aae-762e593270df Azure Resource Bridge Deployment Role Azure Resource Bridge Deployment Role
change
Actions 2024-02-16 19:45:19
8bb6f106-b146-4ee6-a3f9-b9c5a96e0ae5 Defender Kubernetes Agent Operator Grants Microsoft Defender for Cloud permissions to provision the Kubernetes defender security agent
change
Actions 2024-02-15 20:37:45
489581de-a3bd-480d-9518-53dea7416b33 Desktop Virtualization Power On Contributor Provide permission to the Azure Virtual Desktop Resource Provider to start virtual machines.
change
Description, Actions 2024-02-13 19:27:42
e2217c0e-04bb-4724-9580-91cf9871bc01 GroupQuota Request Operator Read and create GroupQuota requests, get GroupQuota request status, and get groupQuotaLimits.
add
new Role 2024-02-12 19:44:46
d0f495dc-44ef-4140-aeb0-b89110e6a7c1 GroupQuota Reader Read GroupQuota requests, get GroupQuota request status, and get groupQuotaLimits.
add
new Role 2024-02-12 19:44:46
40c5ff49-9181-41f8-ae61-143b0e78555e Desktop Virtualization Power On Off Contributor Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines.
change
Description, Actions 2024-02-09 20:16:20
5a382001-fe36-41ff-bba4-8bf06bd54da9 Azure Sphere Owner Allows user read and write access to Azure Sphere resources and RBAC configuration, includes an ABAC condition to constrain role assignments.
add
new Role 2024-02-05 19:34:05
0358943c-7e01-48ba-8889-02cc51d78637 Azure RedHat OpenShift Machine API Operator Role Enables permissions for the operator to manage the lifecycle of specific purpose custom resource definitions (CRD), controllers, and RBAC objects that extend the Kubernetes API. This declares the desired state of machines in a cluster.
add
new Role 2024-01-31 19:57:40
8b32b316-c2f5-4ddf-b05b-83dacd2d08b5 Azure RedHat OpenShift Image Registry Operator Role Enables permissions for the operator to manage a singleton instance of the OpenShift image registry. It manages all configuration of the registry, including creating storage.
add
new Role 2024-01-31 19:57:40
0d7aedc0-15fd-4a67-a412-efad370c947e Azure RedHat OpenShift Azure Files Storage Operator Role Enables permissions to set OpenShift cluster-wide storage defaults. It ensures a default storageclass exists for clusters. It also installs Container Storage Interface (CSI) drivers which enable your cluster to use Azure Files.
add
new Role 2024-01-31 19:57:40
a1f96423-95ce-4224-ab27-4e3dc72facd4 Azure RedHat OpenShift Cloud Controller Manager Role Enables permissions for the operator to manage and update the cloud controller managers deployed on top of OpenShift.
add
new Role 2024-01-31 19:57:40
be7a6435-15ae-4171-8f30-4a343eff9e8f Azure RedHat OpenShift Network Operator Role Enables permissions to install and upgrade the networking components on an OpenShift cluster.
add
new Role 2024-01-31 19:57:40
4436bae4-7702-4c84-919b-c4069ff25ee2 Azure RedHat OpenShift Service Operator The ARO Operator is responsible for maintaining features, checks, and resources that are specific to an Azure Red Hat OpenShift cluster's continued functionality as a managed service. This includes, but is not limited to, machine management and health, network configuration, and monitoring.
add
new Role 2024-01-31 19:57:40
0336e1d3-7a87-462b-b6db-342b63f7802c Azure RedHat OpenShift Cluster Ingress Operator Role Enables permissions for the operator to configure and manage the OpenShift router.
add
new Role 2024-01-31 19:57:40
5b7237c5-45e1-49d6-bc18-a1f62f400748 Azure RedHat OpenShift Storage Operator Role Enables permissions to set OpenShift cluster-wide storage defaults. It ensures a default storageclass exists for clusters. It also installs Container Storage Interface (CSI) drivers which enable your cluster to use various storage backends.
add
new Role 2024-01-31 19:57:40
8bb6f106-b146-4ee6-a3f9-b9c5a96e0ae5 Defender Kubernetes Agent Operator Grants Microsoft Defender for Cloud permissions to provision the Kubernetes defender security agent
add
new Role 2024-01-30 18:39:38
3e150937-b8fe-4cfb-8069-0eaf05ecd056 Microsoft Sentinel Responder Microsoft Sentinel Responder
change
Actions 2024-01-30 18:39:38
662802e2-50f6-46b0-aed2-e834bacc6d12 Azure Front Door Profile Reader Can view AFD standard and premium profiles and their endpoints, but can't make changes.
change
Actions 2024-01-29 19:36:00
8f96442b-4075-438f-813d-ad51ab4019af CDN Profile Reader Can view CDN profiles and their endpoints, but can't make changes.
change
Actions 2024-01-29 19:36:00
6d994134-994b-4a59-9974-f479f0b227fb Azure Sphere Publisher Allows user to read and download Azure Sphere resources and upload images.
change
Actions 2024-01-29 19:36:00
7b1f81f9-4196-4058-8aae-762e593270df Azure Resource Bridge Deployment Role Azure Resource Bridge Deployment Role
change
Actions 2024-01-25 19:32:38
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator.
change
Actions 2024-01-25 19:32:38
dfb2f09d-25f8-4558-8986-497084006d7a Azure impact-insight reader built-in role for azure impact-insight read access
add
new Role 2024-01-22 17:48:15
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings.
change
Actions 2024-01-17 19:06:08
05352d14-a920-4328-a0de-4cbe7430e26b Azure Center for SAP solutions reader This role provides read access to all capabilities of Azure Center for SAP solutions.
change
Actions 2024-01-15 18:27:13
c7244dfb-f447-457d-b2ba-3999044d1706 Azure API Center Data Reader Allows for access to Azure API Center data plane read operations.
add
new Role 2024-01-15 18:27:13
6593e776-2a30-40f9-8a32-4fe28b77655d Azure Spring Apps Application Configuration Service Log Reader Role Read real-time logs for Application Configuration Service in Azure Spring Apps
add
new Role 2024-01-12 18:35:30
52fd16bd-6ed5-46af-9c40-29cbd7952a29 Azure Spring Apps Managed Components Log Reader Role Read real-time logs for all managed components in Azure Spring Apps
add
new Role 2024-01-12 18:35:30
d57506d4-4c8d-48b1-8587-93c323f6a5a3 Azure Digital Twins Data Reader Read-only role for Digital Twins data-plane properties
change
DataActions 2024-01-12 18:35:30
4301dc2a-25a9-44b0-ae63-3636cf7f2bd2 Azure Spring Apps Spring Cloud Gateway Log Reader Role Read real-time logs for Spring Cloud Gateway in Azure Spring Apps
add
new Role 2024-01-12 18:35:30
207bcc4b-86a6-4487-9141-d6c1f4c238aa Azure Edge On-Site Deployment Engineer Grants you access to take actions as an on-site person to assist in the provisioning of an edge device
add
new Role 2024-01-12 18:35:30
a316ed6d-1efe-48ac-ac08-f7995a9c26fb Storage Account Encryption Scope Contributor Role Allows management of Encryption Scopes on a Storage Account
add
new Role 2024-01-11 19:44:58
db79e9a7-68ee-4b58-9aeb-b90e7c24fcba Key Vault Certificate User Read certificate contents. Only works for key vaults that use the 'Azure role-based access control' permission model.
add
new Role 2024-01-11 18:35:40
230815da-be43-4aae-9cb4-875f7bd000aa Cosmos DB Operator Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.
change
NotActions 2024-01-11 18:35:40
609c0c20-e0a0-4a71-b99f-e7e755ac493d Azure Programmable Connectivity Gateway User Allows access to all Gateway dataplane APIs.
add
new Role 2024-01-08 19:16:18
f5819b54-e033-4d82-ac66-4fec3cbf3f4c Azure Connected Machine Resource Manager Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group
change
Actions 2024-01-08 19:16:18
0cd9749a-3aaf-4ae5-8803-bd217705bf3b KubernetesRuntime Storage Class Contributor Role Read, write, and delete KubernetesRuntime storage classes in an Arc connected Kubernetes cluster
add
new Role 2023-12-18 19:01:56
08bbd89e-9f13-488c-ac41-acfcb10c90ab Key Vault Crypto Service Release User Release keys. Only works for key vaults that use the 'Azure role-based access control' permission model.
add
new Role 2023-12-18 19:01:56
44f0a1a8-6fea-4b35-980a-8ff50c487c97 Operator Nexus Key Vault Writer Service Role (Preview) (Preview) Provides Azure Operator Nexus services the ability to write to a Key Vault. This role is in preview and subject to change.
add
new Role 2023-12-12 19:47:54
19feefae-eacc-4106-81fd-ac34c0671f14 Enclave Contributor Role Enclave Contributor Role to access the resources of Microsoft.Mission stored with RPSAAS.
add
new Role 2023-12-11 19:27:11
e6aadb6b-e64f-41c0-9392-d2bba3bc3ebc Community Reader Role Community Reader Role to access the resources of Microsoft.Mission stored with RPSAAS.
add
new Role 2023-12-11 19:27:11
8f96442b-4075-438f-813d-ad51ab4019af CDN Profile Reader Can view CDN profiles and their endpoints, but can't make changes.
change
Actions 2023-12-08 20:47:31
3d5f3eff-eb94-473d-91e3-7aac74d6c0bb Enclave Owner Role Enclave Owner Role to access the resources of Microsoft.Mission stored with RPSAAS.
add
new Role 2023-12-06 18:52:54
ef29765d-0d37-4119-a4f8-f9f9902c9588 Bayer Ag Powered Services Imagery Solution Provide access to Imagery Solution by Bayer Ag Powered Services
change
DataActions 2023-12-05 19:46:52
c4bc862a-3b64-4a35-a021-a380c159b042 Bayer Ag Powered Services GDU Solution Provide access to GDU Solution by Bayer Ag Powered Services
change
DataActions 2023-12-05 19:46:52
a9b99099-ead7-47db-8fcf-072597a61dfa Bayer Ag Powered Services CWUM Solution Provide access to CWUM Solution by Bayer Ag Powered Services
change
DisplayName, DataActions 2023-12-05 19:46:52
8508508a-4469-4e45-963b-2518ee0bb728 AgFood Platform Service Contributor Provides contribute access to AgFood Platform Service
change
NotDataActions 2023-12-04 18:39:01
b5092dac-c796-4349-8681-1a322a31c3f9 Azure Kubernetes Service Hybrid Cluster Admin Role List cluster admin credential action.
add
new Role 2023-12-01 19:16:58
5e0bd9bd-7b93-4f28-af87-19fc36ad61bd Cognitive Services OpenAI User Ability to view files, models, deployments. Readers are able to call inference operations such as chat completions and image generation.
change
DataActions 2023-12-01 19:16:58
fc3f91a1-40bf-4439-8c46-45edbd83563a Azure Kubernetes Service Hybrid Cluster User Role List cluster user credential action.
add
new Role 2023-12-01 19:16:58
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings.
change
Actions 2023-12-01 19:16:58
e7037d40-443a-4434-a3fb-8cd202011e1d Azure Kubernetes Service Hybrid Contributor Role Grants access to read and write Azure Kubernetes Services hybrid clusters
add
new Role 2023-12-01 19:16:58
86fede04-b259-4277-8c3e-e26b9865abd8 Enclave Reader Role Enclave Reader Role to access the resources of Microsoft.Mission stored with RPSAAS.
add
new Role 2023-11-29 17:00:20
bda0d508-adf1-4af0-9c28-88919fc3ae06 Azure Stack HCI Administrator Grants full access to the cluster and its resources, including the ability to register Azure Stack HCI and assign others as Azure Arc HCI VM Contributor and/or Azure Arc HCI VM Reader
change
Actions 2023-11-28 19:20:58
7b1f81f9-4196-4058-8aae-762e593270df Azure Resource Bridge Deployment Role Azure Resource Bridge Deployment Role
change
Actions 2023-11-28 19:20:58
662802e2-50f6-46b0-aed2-e834bacc6d12 Azure Front Door Profile Reader Can view AFD standard and premium profiles and their endpoints, but can't make changes.
add
new Role 2023-11-16 20:21:34
cd570a14-e51a-42ad-bac8-bafd67325302 Azure Connected Machine Resource Administrator Can read, write, delete and re-onboard Azure Connected Machines.
change
Actions 2023-11-14 18:15:11
9894cab4-e18a-44aa-828b-cb588cd6f2d7 Cognitive Services Face Recognizer Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices.
change
DataActions 2023-11-13 16:45:45
18e40d4e-8d2e-438d-97e1-9528336e149c Deployment Environments User Provides access to manage environment resources.
change
Actions, NotActions, DataActions 2023-11-13 16:45:45
be1a1ac2-09d3-4261-9e57-a73a6e227f53 Procurement Contributor Lets you manage the procurement of products and services.
change
Actions 2023-11-13 16:45:45
bda0d508-adf1-4af0-9c28-88919fc3ae06 Azure Stack HCI Administrator Grants full access to the cluster and its resources, including the ability to register Azure Stack HCI and assign others as Azure Arc HCI VM Contributor and/or Azure Arc HCI VM Reader
change
DisplayName, Description, Actions 2023-11-10 19:40:28
64702f94-c441-49e6-a78b-ef80e0188fee Azure AI Developer Can perform all actions within an Azure AI resource besides managing the resource itself.
change
Actions 2023-11-09 19:39:25
4dae6930-7baf-46f5-909e-0383bc931c46 Azure Customer Lockbox Approver for Subscription Can approve Microsoft support requests to access specific resources contained within a subscription, or the subscription itself, when Customer Lockbox for Microsoft Azure is enabled on the tenant where the subscription resides. - in Private Preview, not intended for general use.
change
Description, Actions 2023-11-08 19:40:34
a8d4b70f-0fb9-4f72-b267-b87b2f990aec AgFood Platform Dataset Admin Provides access to Dataset APIs
add
new Role 2023-11-07 19:42:08
7b3e853f-ad5d-4fb5-a7b8-56a3581c7037 IPAM Pool Contributor Read IPAM Pools and child resources. Create and remove associations. This role is in preview and subject to change.
change
Actions 2023-11-06 19:41:11
7b1f81f9-4196-4058-8aae-762e593270df Azure Resource Bridge Deployment Role Azure Resource Bridge Deployment Role
change
Actions 2023-11-01 19:03:09
ce551c02-7c42-47e0-9deb-e3b6fc3a9a83 Azure Arc VMware Private Cloud User Azure Arc VMware Private Cloud User has permissions to use the VMware cloud resources to deploy VMs.
change
Actions 2023-11-01 19:03:09
8aac15f0-d885-4138-8afa-bfb5872f7d13 Advisor Reviews Contributor View reviews for a workload and triage recommendations linked to them.
add
new Role 2023-10-31 19:02:52
c64499e0-74c3-47ad-921c-13865957895c Advisor Reviews Reader View reviews for a workload and recommendations linked to them.
add
new Role 2023-10-31 19:02:52
65a14201-8f6c-4c28-bec4-12619c5a9aaa Connected Cluster Managed Identity CheckAccess Reader Built-in role that allows a Connected Cluster managed identity to call the checkAccess API
add
new Role 2023-10-31 19:02:52
1d8c3fe3-8864-474b-8749-01e3783e8157 EventGrid Data Contributor Allows send and receive access to event grid events.
add
new Role 2023-10-30 19:02:12
78cbd9e7-9798-4e2e-9b5a-547d9ebb31fb EventGrid Data Receiver Allows receive access to event grid events.
add
new Role 2023-10-30 19:02:12
d5a91429-5739-47e2-a06b-3470a27159e7 EventGrid Data Sender Allows send access to event grid events.
change
Actions 2023-10-30 19:02:12
865ae368-6a45-4bd1-8fbf-0d5151f56fc1 Azure Stack HCI Device Management Role Microsoft.AzureStackHCI Device Management Role
change
Actions 2023-10-30 19:02:12
64702f94-c441-49e6-a78b-ef80e0188fee Azure AI Developer Can perform all actions within an Azure AI resource besides managing the resource itself.
change
Actions, NotActions 2023-10-30 19:02:12
3afb7f49-54cb-416e-8c09-6dc049efa503 Azure AI Inference Deployment Operator Can perform all actions required to create a resource deployment within a resource group.
add
new Role 2023-10-30 19:02:12
eb960402-bf75-4cc3-8d68-35b34f960f72 Deployment Environments Reader Provides read access to environment resources.
add
new Role 2023-10-27 18:02:03
66f75aeb-eabe-4b70-9f1e-c350c4c9ad04 Virtual Machine Data Access Administrator (preview) Add or remove virtual machine data plane role assignments. Includes an ABAC condition to constrain role assignments.
add
new Role 2023-10-25 19:09:31
4dae6930-7baf-46f5-909e-0383bc931c46 Azure Customer Lockbox Approver for Subscription Can approve Microsoft support requests to access specific resources contained within a subscription, or the subscription itself, when Customer Lockbox for Microsoft Azure is enabled on the tenant where the subscription resides.
change
Actions 2023-10-24 17:35:13
a12b0b94-b317-4dcd-84a8-502ce99884c6 EventGrid TopicSpaces Publisher Lets you publish messages on topicspaces.
change
Actions 2023-10-23 17:41:36
4b0f2fd7-60b4-4eca-896f-4435034f8bf5 EventGrid TopicSpaces Subscriber Lets you subscribe messages on topicspaces.
change
Actions 2023-10-23 17:41:36
874d1c73-6003-4e60-a13a-cb31ea190a85 Azure Stack HCI VM Contributor Grants permissions to perform all VM actions
add
new Role 2023-10-23 17:41:36
64702f94-c441-49e6-a78b-ef80e0188fee Azure AI Developer Can perform all actions within an Azure AI resource besides managing the resource itself.
add
new Role 2023-10-23 17:41:36
45d50f46-0b78-4001-a660-4198cbe8cd05 DevCenter Dev Box User Provides access to create and manage dev boxes.
change
DataActions 2023-10-20 18:13:02
4b3fe76c-f777-4d24-a2d7-b027b0f7b273 Azure Stack HCI VM Reader Grants permissions to view VMs
add
new Role 2023-10-20 18:13:02
7b1f81f9-4196-4058-8aae-762e593270df Azure Resource Bridge Deployment Role Azure Resource Bridge Deployment Role
add
new Role 2023-10-17 16:35:42
331c37c6-af14-46d9-b9f4-e1909e1b95a0 DevCenter Project Admin Provides access to manage project resources.
change
DataActions 2023-10-17 16:35:42
18e40d4e-8d2e-438d-97e1-9528336e149c Deployment Environments User Provides access to manage environment resources.
change
DataActions 2023-10-17 16:35:42
865ae368-6a45-4bd1-8fbf-0d5151f56fc1 Azure Stack HCI Device Management Role Microsoft.AzureStackHCI Device Management Role
add
new Role 2023-10-17 16:35:42
4dae6930-7baf-46f5-909e-0383bc931c46 Azure Customer Lockbox Approver for Subscription Can approve Microsoft support requests to access specific resources contained within a subscription, or the subscription itself, when Customer Lockbox for Microsoft Azure is enabled on the tenant where the subscription resides.
add
new Role 2023-10-16 18:01:31
ea01e6af-a1c1-4350-9563-ad00f8c72ec5 Azure Machine Learning Workspace Connection Secrets Reader Can list workspace connection secrets
add
new Role 2023-10-16 18:01:31
be1a1ac2-09d3-4261-9e57-a73a6e227f53 Procurement Contributor Lets you manage the procurement of products and services.
change
Actions 2023-10-11 18:00:02
8b54135c-b56d-4d72-a534-26097cfdc8d8 Key Vault Data Access Administrator (preview) Manage access to Azure Key Vault by adding or removing role assignments for the Key Vault Administrator, Key Vault Certificates Officer, Key Vault Crypto Officer, Key Vault Crypto Service Encryption User, Key Vault Crypto User, Key Vault Reader, Key Vault Secrets Officer, or Key Vault Secrets User roles. Includes an ABAC condition to constrain role assignments.
change
Description, Actions 2023-10-09 18:04:57
8fe6e843-6d9e-417b-9073-106b048f50bb Landing Zone Management Reader Microsoft.Sovereign Landing Zone Management Reader allowing to review Landing Zone Configurations and corresponding Registrations without the ability to modify. Also enables read-access to policies and management groups for enabling the full user experience of the Sovereign Services RP in the Azure Portal (as otherwise some elements might not be accessible to end users).
add
new Role 2023-10-09 18:04:57
e582369a-e17b-42a5-b10c-874c387c530b Azure Arc ScVmm VM Contributor Arc ScVmm VM Contributor has permissions to perform all VM actions.
change
Actions 2023-10-09 18:04:57
c0781e91-8102-4553-8951-97c6d4243cda Azure Arc ScVmm Private Cloud User Azure Arc ScVmm Private Cloud User has permissions to use the ScVmm resources to deploy VMs.
change
Actions 2023-10-09 18:04:57
38863829-c2a4-4f8d-b1d2-2e325973ebc7 Landing Zone Management Owner Microsoft.Sovereign Landing Zone Management Owner allowing to review and modify Landing Zone Configurations as well as reading and adding Landing Zone Registrations. Also enables read-access to policies and management groups for enabling the full user experience of the Sovereign Services RP in the Azure Portal (as otherwise some elements might not be accessible to end users).
add
new Role 2023-10-09 18:04:57
a92dfd61-77f9-4aec-a531-19858b406c87 Azure Arc ScVmm Administrator role Arc ScVmm VM Administrator has permissions to perform all ScVmm actions.
change
Actions 2023-10-09 18:04:57
a12b0b94-b317-4dcd-84a8-502ce99884c6 EventGrid TopicSpaces Publisher Lets you publish messages on topicspaces.
change
Actions 2023-10-04 17:59:02
4b0f2fd7-60b4-4eca-896f-4435034f8bf5 EventGrid TopicSpaces Subscriber Lets you subscribe messages on topicspaces.
change
Actions 2023-10-04 17:59:02
b73a14ee-91f5-41b7-bd81-920e12466be9 DeID Batch Data Reader Read DeID batch jobs. This role is in preview and subject to change.
add
new Role 2023-10-02 18:00:08
8a90fa6b-6997-4a07-8a95-30633a7c97b9 DeID Batch Data Owner Create and manage DeID batch jobs. This role is in preview and subject to change.
add
new Role 2023-10-02 18:00:08
bb6577c4-ea0a-40b2-8962-ea18cb8ecd4e DeID Realtime Data User Execute requests against DeID realtime endpoint. This role is in preview and subject to change.
add
new Role 2023-10-02 18:00:08
fa0d39e6-28e5-40cf-8521-1eb320653a4c Carbon Optimization Reader Allow read access to Azure Carbon Optimization data
add
new Role 2023-10-02 18:00:08
ffc6bbe0-e443-4c3b-bf54-26581bb2f78e App Compliance Automation Reader Read, download the reports objects and related other resource objects.
change
Actions 2023-09-27 18:00:22
4b0f2fd7-60b4-4eca-896f-4435034f8bf5 EventGrid TopicSpaces Subscriber Lets you subscribe messages on topicspaces.
add
new Role 2023-09-26 18:00:52
a12b0b94-b317-4dcd-84a8-502ce99884c6 EventGrid TopicSpaces Publisher Lets you publish messages on topicspaces.
add
new Role 2023-09-26 18:00:52
d1a38570-4b05-4d70-b8e4-1100bcf76d12 Data Boundary Tenant Administrator Allows tenant level administration for data boundaries.
add
new Role 2023-09-26 18:00:52
be1a1ac2-09d3-4261-9e57-a73a6e227f53 Procurement Contributor Lets you manage the procurement of products and services.
add
new Role 2023-09-20 18:01:08
8b54135c-b56d-4d72-a534-26097cfdc8d8 Key Vault Data Access Administrator (preview) Add or remove key vault data plane role assignments and read resources of all types, except secrets. Includes an ABAC condition to constrain role assignments.
add
new Role 2023-09-20 18:01:08
49435da6-99fe-48a5-a235-fc668b9dc04a Community Contributor Role Community Contributor Role to access the resources of Microsoft.Mission stored with RPSAAS.
add
new Role 2023-09-18 18:02:09
0b962ed2-6d56-471c-bd5f-3477d83a7ba4 Azure Resource Notifications System Topics Subscriber Lets you create system topics and event subscriptions on all system topics exposed currently and in the future by Azure Resource Notifications
change
Actions 2023-09-12 18:02:26
1c4770c0-34f7-4110-a1ea-a5855cc7a939 Elastic SAN Snapshot Exporter Allows for creating and exporting Snapshot of Elastic San Volume
add
new Role 2023-09-07 18:00:07
90e8b822-3e73-47b5-868a-787dc80c008f Elastic SAN Volume Importer Allows for Importing Elastic San Volume
add
new Role 2023-09-07 18:00:07
fd036e6b-1266-47a0-b0bb-a05d04831731 HDInsight on AKS Cluster Admin Grants a user/group the ability to create, delete and manage clusters within a given cluster pool. Cluster Admin can also run workloads, monitor, and manage all user activity on these clusters.
change
Actions 2023-09-05 17:58:04
0b962ed2-6d56-471c-bd5f-3477d83a7ba4 Azure Resource Notifications System Topics Subscriber Lets you create system topics and event subscriptions on all system topics exposed currently and in the future by Azure Resource Notifications
add
new Role 2023-09-04 17:59:09
ddc140ed-e463-4246-9145-7c664192013f Azure Arc VMware Administrator role Arc VMware VM Contributor has permissions to perform all connected VMwarevSphere actions.
change
Actions 2023-09-01 18:00:14
7656b436-37d4-490a-a4ab-d39f838f0042 HDInsight on AKS Cluster Pool Admin Can read, create, modify and delete HDInsight on AKS cluster pools and create clusters
add
new Role 2023-09-01 18:00:14
b748a06d-6150-4f8a-aaa9-ce3940cd96cb Azure Arc VMware VM Contributor Arc VMware VM Contributor has permissions to perform all VM actions.
change
Actions 2023-09-01 18:00:14
a001fd3d-188f-4b5d-821b-7da978bf7442 Cognitive Services OpenAI Contributor Full access including the ability to fine-tune, deploy and generate text
change
Actions 2023-08-28 18:01:04
d5a2ae44-610b-4500-93be-660a0c5f5ca6 Kubernetes Agentless Operator Grants Microsoft Defender for Cloud access to Azure Kubernetes Services
change
Actions 2023-08-25 17:59:51
e9c9ed2b-2a99-4071-b2ff-5b113ebf73a1 SpatialMapsAccounts Account Owner Lets you manage data in your account, including deleting them
add
new Role 2023-08-25 17:59:51
fd036e6b-1266-47a0-b0bb-a05d04831731 HDInsight on AKS Cluster Admin Grants a user/group the ability to create, delete and manage clusters within a given cluster pool. Cluster Admin can also run workloads, monitor, and manage all user activity on these clusters.
add
new Role 2023-08-25 17:59:51
7e4f1700-ea5a-4f59-8f37-079cfe29dce3 SignalR Service Owner Full access to Azure SignalR Service REST APIs
change
DataActions 2023-08-24 18:00:23
fd53cd77-2268-407a-8f46-7e7863d0f521 SignalR REST API Owner Full access to Azure SignalR Service REST APIs
change
DataActions 2023-08-24 18:00:23
7b3e853f-ad5d-4fb5-a7b8-56a3581c7037 IPAM Pool Contributor Read IPAM Pools and child resources. Create and remove associations. This role is in preview and subject to change.
add
new Role 2023-08-23 18:03:21
df2711a6-406d-41cf-b366-b0250bff9ad1 Compute Diagnostics Role Grants permissions to execute diagnostics provided by Compute Diagnostic Service for Compute Resources.
change
Actions 2023-08-23 18:03:21
b748a06d-6150-4f8a-aaa9-ce3940cd96cb Azure Arc VMware VM Contributor Arc VMware VM Contributor has permissions to perform all VM actions.
change
Actions 2023-08-21 17:58:08
5a1fc7df-4bf1-4951-a576-89034ee01acd FHIR Data Contributor Role allows user or principal full access to FHIR Data
change
NotDataActions 2023-08-21 17:58:08
67d33e57-3129-45e6-bb0b-7cc522f762fa Azure Arc VMware Private Clouds Onboarding Azure Arc VMware Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vCenter instances to Azure.
change
Actions 2023-08-21 17:58:08
b70c96e9-66fe-4c09-b6e7-c98e69c98555 Logic Apps Standard Operator (Preview) Access a logic app standard and all workflows and resubmit/enable/disable workflow/configure api connections and network. But no changes in the workflow.
add
new Role 2023-08-14 17:58:07
d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da API Management Service Workspace API Product Manager Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope.
change
Actions 2023-08-14 17:58:07
5e0bd9bd-7b93-4f28-af87-19fc36ad61bd Cognitive Services OpenAI User Ability to view files, models, deployments. Readers are able to call inference operations such as chat completions and image generation.
change
Description, DataActions 2023-08-14 17:58:07
4accf36b-2c05-432f-91c8-5c532dff4c73 Logic Apps Standard Reader (Preview) View Only Access to all resources including workflow history and workflow run.
add
new Role 2023-08-14 17:58:07
f2dc8367-1007-4938-bd23-fe263f013447 Cognitive Services Speech User Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models.
change
DataActions 2023-08-14 17:58:07
0e75ca1e-0464-4b4d-8b93-68208a576181 Cognitive Services Speech Contributor Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice.
change
DataActions 2023-08-14 17:58:07
ad710c24-b039-4e85-a019-deb4a06e8570 Logic Apps Standard Contributor (Preview) Let you manage all aspects of logic app standard app, but no change of ownership
add
new Role 2023-08-14 17:58:07
523776ba-4eb2-4600-a3c8-f2dc93da4bdb Logic Apps Standard Developer (Preview) Allows developers to create and update workflows, API connections in a logic app standard app.
add
new Role 2023-08-14 17:58:07
c088a766-074b-43ba-90d4-1fb21feae531 PostgreSQL Flexible Server Long Term Retention Backup Role Role to allow backup vault to access PostgreSQL Flexible Server Resource APIs for Long Term Retention Backup.
add
new Role 2023-08-04 18:00:07
a959dbd1-f747-45e3-8ba6-dd80f235f97c Desktop Virtualization Virtual Machine Contributor This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines.
change
Actions 2023-08-01 17:56:13
a02f7c31-354d-4106-865a-deedf37fa038 Search Parameter Manager Role allows user or principal access to $status and $reindex to update search parameters
add
new Role 2023-07-31 17:57:12
3f88fce4-5892-4214-ae73-ba5294559913 FHIR Data Writer Role allows user or principal to read and write FHIR Data
change
DataActions, NotDataActions 2023-07-26 17:56:11
fa6cecf6-5db3-4c43-8470-c540bcb4eafa Elastic SAN Network Admin Allows access to create Private Endpoints on SAN resources, and to read SAN resources
change
Actions 2023-07-25 17:56:05
ffc6bbe0-e443-4c3b-bf54-26581bb2f78e App Compliance Automation Reader Read, download the reports objects and related other resource objects.
change
Actions 2023-07-19 17:56:20
a795c7a0-d4a2-40c1-ae25-d81f01202912 Backup Reader Can view backup services, but can't make changes
change
Actions 2023-07-18 17:56:23
00c29273-979b-4161-815c-10b084fb9324 Backup Operator Lets you manage backup services, except removal of backup, vault creation and giving access to others
change
Actions 2023-07-18 17:56:23
bba48692-92b0-4667-a9ad-c31c7b334ac2 Cognitive Services Usages Reader Minimal permission to view Cognitive Services usages.
add
new Role 2023-07-18 17:56:23
df2711a6-406d-41cf-b366-b0250bff9ad1 Compute Diagnostics Role Grants permissions to execute diagnostics provided by Compute Diagnostic Service for Compute Resources.
add
new Role 2023-07-17 17:56:11
fa6cecf6-5db3-4c43-8470-c540bcb4eafa Elastic SAN Network Admin Allows access to create Private Endpoints on SAN resources, and to read SAN resources
add
new Role 2023-07-12 18:02:00
1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40 Defender for Storage Data Scanner Grants access to read blobs and update index tags. This role is used by the data scanner of Defender for Storage.
change
DisplayName, Description, Actions, DataActions 2023-07-11 17:57:31
b24988ac-6180-42a0-ab88-20f7382dd24c Contributor Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
change
Description, NotActions 2023-07-10 18:02:27
fb1c8493-542b-48eb-b624-b4c8fea62acd Security Admin Security Admin Role
change
Actions 2023-06-28 17:49:18
331c37c6-af14-46d9-b9f4-e1909e1b95a0 DevCenter Project Admin Provides access to manage project resources.
change
DataActions 2023-06-26 17:52:14
1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40 Storage Data Scanner Grants all permissions needed for a storage data scanner.
add
new Role 2023-06-22 17:48:48
7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 Azure Center for SAP solutions administrator This role provides read and write access to all capabilities of Azure Center for SAP solutions.
change
Actions 2023-06-22 17:48:48
a959dbd1-f747-45e3-8ba6-dd80f235f97c Desktop Virtualization Virtual Machine Contributor This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines.
change
Actions 2023-06-19 17:44:59
1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63 Desktop Virtualization User Allows user to use the applications in an application group.
change
DataActions 2023-06-19 17:44:59
331c37c6-af14-46d9-b9f4-e1909e1b95a0 DevCenter Project Admin Provides access to manage project resources.
change
DataActions 2023-06-19 17:44:59
9c1607d1-791d-4c68-885d-c7b7aaff7c8a Firmware Analysis Admin Upload and analyze firmware images in Defender for IoT
add
new Role 2023-06-13 17:47:24
a4417e6f-fecd-4de8-b567-7b0420556985 Key Vault Certificates Officer Perform any action on the certificates of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.
change
DisplayName, DataActions 2023-06-12 17:45:13
331c37c6-af14-46d9-b9f4-e1909e1b95a0 DevCenter Project Admin Provides access to manage project resources.
change
Actions, NotActions, DataActions 2023-06-09 17:46:24
05352d14-a920-4328-a0de-4cbe7430e26b Azure Center for SAP solutions reader This role provides read access to all capabilities of Azure Center for SAP solutions.
change
Actions 2023-06-06 18:29:25
7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 Azure Center for SAP solutions administrator This role provides read and write access to all capabilities of Azure Center for SAP solutions.
change
Actions 2023-06-06 18:29:25
1f135831-5bbe-4924-9016-264044c00788 Windows365NetworkInterfaceContributor Create NICs and join it to virtual machine in another tenant. This role is used in Windows365 scenarios.
change
Actions 2023-06-06 18:29:25
5e0bd9bd-7b93-4f28-af87-19fc36ad61bd Cognitive Services OpenAI User Ability to view files, models, deployments. Readers can't make any changes They can inference
change
DataActions 2023-05-31 17:45:21
f6c7c914-8db3-469d-8ca1-694a8f32e121 AzureML Data Scientist Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself.
change
Actions, NotActions 2023-05-31 17:45:21
ffc6bbe0-e443-4c3b-bf54-26581bb2f78e App Compliance Automation Reader Read, download the reports objects and related other resource objects.
change
Description, Actions 2023-05-30 17:42:57
5e28a61e-8040-49db-b175-bb5b88af6239 Community Owner Role Community Owner Role to access the resources of Microsoft.Mission stored with RPSAAS.
add
new Role 2023-05-29 17:43:01
0f37683f-2463-46b6-9ce7-9b788b988ba2 App Compliance Automation Administrator Create, read, download, modify and delete reports objects and related other resource objects.
change
Actions 2023-05-26 17:43:10
c0781e91-8102-4553-8951-97c6d4243cda Azure Arc ScVmm Private Cloud User Azure Arc ScVmm Private Cloud User has permissions to use the ScVmm resources to deploy VMs.
change
Actions 2023-05-22 17:42:39
e582369a-e17b-42a5-b10c-874c387c530b Azure Arc ScVmm VM Contributor Arc ScVmm VM Contributor has permissions to perform all VM actions.
change
Actions 2023-05-22 17:42:39
00c29273-979b-4161-815c-10b084fb9324 Backup Operator Lets you manage backup services, except removal of backup, vault creation and giving access to others
change
Actions 2023-05-22 17:42:39
6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9 Azure Arc ScVmm Private Clouds Onboarding Azure Arc ScVmm Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vmm server instances to Azure.
change
Actions 2023-05-22 17:42:39
a92dfd61-77f9-4aec-a531-19858b406c87 Azure Arc ScVmm Administrator role Arc ScVmm VM Administrator has permissions to perform all ScVmm actions.
change
Actions 2023-05-22 17:42:39
a795c7a0-d4a2-40c1-ae25-d81f01202912 Backup Reader Can view backup services, but can't make changes
change
Actions 2023-05-19 17:43:13
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backup service,but can't create vaults and give access to others
change
Actions 2023-05-19 17:43:13
0f37683f-2463-46b6-9ce7-9b788b988ba2 App Compliance Automation Administrator Create, read, download, modify and delete reports objects and related other resource objects.
change
Description, Actions 2023-05-17 17:42:19
36243c78-bf99-498c-9df9-86d9f8d28608 Resource Policy Contributor Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.
change
Actions 2023-05-17 17:42:19
7ac06ca7-21ca-47e3-a67b-cbd6e6223baf Cognitive Search Serverless Data Contributor Create, read, modify and delete Cognitive Search serverless index schema and documents. This role is in preview and subject to change.
add
new Role 2023-05-16 17:42:34
79b01272-bf9f-4f4c-9517-5506269cf524 Cognitive Search Serverless Data Reader Read Cognitive Search serverless index schema and documents. This role is in preview and subject to change.
add
new Role 2023-05-16 17:42:34
e9b8712a-cbcf-4ea7-b0f7-e71b803401e6 SaaS Hub Contributor SaaS Hub contributor can manage SaaS Hub resource
add
new Role 2023-05-15 17:41:20
6d994134-994b-4a59-9974-f479f0b227fb Azure Sphere Publisher Allows user to read and download Azure Sphere resources and upload images.
change
Actions 2023-05-15 17:41:20
d18ad5f3-1baf-4119-b49b-d944edb1f9d0 MySQL Backup And Export Operator Grants full access to manage backup and export resources
change
Actions 2023-05-15 17:41:20
c8ae6279-5a0b-4cb2-b3f0-d4d62845742c Azure Sphere Reader Allows user to read Azure Sphere resources.
change
Actions 2023-05-15 17:41:20
f5819b54-e033-4d82-ac66-4fec3cbf3f4c Azure Connected Machine Resource Manager Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group
change
Actions 2023-05-12 17:41:49
3498e952-d568-435e-9b2c-8d77e338d7f7 Azure Kubernetes Service RBAC Admin Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.
change
DataActions, NotDataActions 2023-05-10 17:43:09
0f37683f-2463-46b6-9ce7-9b788b988ba2 App Compliance Automation Administrator App Compliance Automation Administrator Role
change
Actions 2023-05-09 17:44:18
6d994134-994b-4a59-9974-f479f0b227fb Azure Sphere Publisher Allows user to read and download Azure Sphere resources and upload images.
add
new Role 2023-05-08 17:44:42
3498e952-d568-435e-9b2c-8d77e338d7f7 Azure Kubernetes Service RBAC Admin Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.
change
DataActions, NotDataActions 2023-05-08 17:44:42
c8ae6279-5a0b-4cb2-b3f0-d4d62845742c Azure Sphere Reader Allows user to read Azure Sphere resources.
add
new Role 2023-05-08 17:44:42
8b9dfcab-4b77-4632-a6df-94bd07820648 Azure Sphere Contributor Allows user read and write access to Azure Sphere resources.
change
Actions 2023-05-08 17:44:42
8b9dfcab-4b77-4632-a6df-94bd07820648 Azure Sphere Contributor Allows user read and write access to Azure Sphere resources.
add
new Role 2023-05-02 17:41:10
a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb Azure Kubernetes Service RBAC Writer Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.
change
DataActions 2023-04-25 17:42:26
7f6c6a51-bcf8-42ba-9220-52d62157d7db Azure Kubernetes Service RBAC Reader Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.
change
DataActions 2023-04-25 17:42:26
0f37683f-2463-46b6-9ce7-9b788b988ba2 App Compliance Automation Administrator App Compliance Automation Administrator Role
change
Actions 2023-04-24 17:40:59
7eabc9a4-85f7-4f71-b8ab-75daaccc1033 Windows365NetworkUser Read the virtual network informations, and join the virtual network to virtual machine in another tenant. This role is used in Windows365 scenarios.
change
Actions 2023-04-18 17:44:30
d5a2ae44-610b-4500-93be-660a0c5f5ca6 Kubernetes Agentless Operator Grants Microsoft Defender for Cloud access to Azure Kubernetes Services
change
Actions 2023-04-17 17:43:03
0f37683f-2463-46b6-9ce7-9b788b988ba2 App Compliance Automation Administrator App Compliance Automation Administrator Role
add
new Role 2023-04-14 17:43:17
ffc6bbe0-e443-4c3b-bf54-26581bb2f78e App Compliance Automation Reader App Compliance Automation Reader Role
add
new Role 2023-04-14 17:43:17
5e0bd9bd-7b93-4f28-af87-19fc36ad61bd Cognitive Services OpenAI User Ability to view files, models, deployments. Readers can't make any changes They can inference
change
DataActions 2023-04-12 17:42:01
69566ab7-960f-475b-8e7c-b3118f30c6bd Storage File Data Privileged Contributor Customer has read, write, delete and modify NTFS permission access on Azure Storage file shares.
change
DataActions 2023-04-10 17:41:51
b8eda974-7b85-4f76-af95-65846b26df6d Storage File Data Privileged Reader Customer has read access on Azure Storage file shares.
change
DataActions 2023-04-10 17:41:51
d5a2ae44-610b-4500-93be-660a0c5f5ca6 Kubernetes Agentless Operator Grants Microsoft Defender for Cloud access to Azure Kubernetes Services
change
Actions 2023-04-07 17:41:18
d6470a16-71bd-43ab-86b3-6f3a73f4e787 Azure Maps Power BI Service Role This role can be used to assign read and batch actions on Azure Maps.
add
new Role 2023-04-04 17:42:37
69566ab7-960f-475b-8e7c-b3118f30c6bd Storage File Data Privileged Contributor Customer has read, write, delete and modify NTFS permission access on Azure Storage file shares.
add
new Role 2023-04-03 17:54:29
b8eda974-7b85-4f76-af95-65846b26df6d Storage File Data Privileged Reader Customer has read access on Azure Storage file shares.
add
new Role 2023-04-03 17:54:29
bda0d508-adf1-4af0-9c28-88919fc3ae06 Azure Stack HCI registration role Custom Azure role to allow subscription-level access to register Azure Stack HCI
change
Actions 2023-03-29 17:43:30
45d50f46-0b78-4001-a660-4198cbe8cd05 DevCenter Dev Box User Provides access to create and manage dev boxes.
change
Actions, DataActions 2023-03-27 17:43:06
3d55a8f6-4133-418d-8051-facdb1735758 Windows365SubscriptionReader Read subscriptions, images, azure firewalls. This role is used in Windows365 scenarios.
add
new Role 2023-03-27 17:43:06
1f135831-5bbe-4924-9016-264044c00788 Windows365NetworkInterfaceContributor Create NICs and join it to virtual machine in another tenant. This role is used in Windows365 scenarios.
add
new Role 2023-03-27 17:43:06
7eabc9a4-85f7-4f71-b8ab-75daaccc1033 Windows365NetworkUser Read the virtual network informations, and join the virtual network to virtual machine in another tenant. This role is used in Windows365 scenarios.
add
new Role 2023-03-27 17:43:06
9894cab4-e18a-44aa-828b-cb588cd6f2d7 Cognitive Services Face Recognizer Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices.
change
DataActions 2023-03-24 19:17:30
73c2c328-d004-4c5e-938c-35c6f5679a1f API Management Workspace API Product Manager Has read access to entities in the workspace and read and write access to entities for publishing APIs. This role should be assigned on the workspace scope.
add
new Role 2023-03-22 18:43:07
ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2 API Management Workspace Reader Has read-only access to entities in the workspace. This role should be assigned on the workspace scope.
add
new Role 2023-03-22 18:43:07
0c34c906-8d99-4cb7-8bb7-33f5b0a1a799 API Management Workspace Contributor Can manage the workspace and view, but not modify its members. This role should be assigned on the workspace scope.
add
new Role 2023-03-22 18:43:07
d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da API Management Service Workspace API Product Manager Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope.
add
new Role 2023-03-22 18:43:07
9565a273-41b9-4368-97d2-aeb0c976a9b3 API Management Service Workspace API Developer Has read access to tags and products and write access to allow: assigning APIs to products, assigning tags to products and APIs. This role should be assigned on the service scope.
add
new Role 2023-03-22 18:43:07
56328988-075d-4c6a-8766-d93edd6725b6 API Management Workspace API Developer Has read access to entities in the workspace and read and write access to entities for editing APIs. This role should be assigned on the workspace scope.
add
new Role 2023-03-22 18:43:07
ef29765d-0d37-4119-a4f8-f9f9902c9588 Bayer Ag Powered Services Imagery Solution Provide access to Imagery Solution by Bayer Ag Powered Services
change
DisplayName, DataActions 2023-03-20 18:43:03
c4bc862a-3b64-4a35-a021-a380c159b042 Bayer Ag Powered Services GDU Solution Provide access to GDU Solution by Bayer Ag Powered Services
change
DisplayName, DataActions 2023-03-20 18:43:03
7392c568-9289-4bde-aaaa-b7131215889d Azure Extension for SQL Server Deployment Microsoft.AzureArcData service role to enable deployment of Azure Extension for SQL Server
change
Actions 2023-03-17 18:44:06
bda0d508-adf1-4af0-9c28-88919fc3ae06 Azure Stack HCI registration role Custom Azure role to allow subscription-level access to register Azure Stack HCI
change
Actions 2023-03-16 18:42:42
a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2 LocalNGFirewallAdministrator role Allows user to create, modify, describe, or delete NGFirewalls.
change
Actions 2023-03-14 18:45:47
f6c7c914-8db3-469d-8ca1-694a8f32e121 AzureML Data Scientist Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself.
change
Actions 2023-03-14 18:45:47
7392c568-9289-4bde-aaaa-b7131215889d Azure Extension for SQL Server Deployment Microsoft.AzureArcData service role to enable deployment of Azure Extension for SQL Server
add
new Role 2023-03-10 20:21:10
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them.
change
Actions 2023-03-03 18:43:27
7628b7b8-a8b2-4cdc-b46f-e9b35248918e Cognitive Services Language Reader Has access to Read and Test functions under Language portal
change
DataActions 2023-03-01 18:49:20
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backup service,but can't create vaults and give access to others
change
Actions 2023-02-27 18:48:02
d5a2ae44-610b-4500-93be-660a0c5f5ca6 Kubernetes Agentless Operator Grants Microsoft Defender for Cloud access to Azure Kubernetes Services
add
new Role 2023-02-24 18:48:53
a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2 LocalNGFirewallAdministrator role Allows user to create, modify, describe, or delete NGFirewalls.
change
Actions 2023-02-22 18:54:52
1d335eef-eee1-47fe-a9e0-53214eba8872 SqlMI Migration Role Role for SqlMI migration
add
new Role 2023-02-22 18:54:52
189207d4-bb67-4208-a635-b06afe8b2c57 SqlDb Migration Role Role for SqlDb migration
add
new Role 2023-02-22 18:54:52
bfc3b73d-c6ff-45eb-9a5f-40298295bf20 LocalRulestacksAdministrator role Allows users to create, modify, describe, or delete Rulestacks.
change
Actions 2023-02-22 18:54:52
ae8036db-e102-405b-a1b9-bae082ea436d SqlVM Migration Role Role for SqlVM migration
add
new Role 2023-02-22 18:54:52
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backup service,but can't create vaults and give access to others
change
Actions 2023-02-17 18:39:13
a9b99099-ead7-47db-8fcf-072597a61dfa Bayer Ag Powered Services CWUM Solution Service Role Provide access to CWUM Solution by Bayer Ag Powered Services
add
new Role 2023-02-16 18:41:08
d18ad5f3-1baf-4119-b49b-d944edb1f9d0 MySQL Backup And Export Operator Grants full access to manage backup and export resources
add
new Role 2023-02-15 18:39:56
a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2 LocalNGFirewallAdministrator role Allows user to create, modify, describe, or delete NGFirewalls.
add
new Role 2023-02-13 18:41:36
bfc3b73d-c6ff-45eb-9a5f-40298295bf20 LocalRulestacksAdministrator role Allows users to create, modify, describe, or delete Rulestacks.
add
new Role 2023-02-13 18:41:36
4e9b8407-af2e-495b-ae54-bb60a55b1b5a Chamber Admin Lets you manage everything under your Modeling and Simulation Workbench chamber.
change
Actions, NotActions, DataActions 2023-02-13 18:41:36
4447db05-44ed-4da3-ae60-6cbece780e32 Chamber User Lets you view everything under your Modeling and Simulation Workbench chamber, but not make any changes.
change
Actions, DataActions 2023-02-13 18:41:36
1afdec4b-e479-420e-99e7-f82237c7c5e6 Azure Kubernetes Service Cluster Monitoring User List cluster monitoring user credential action.
change
Actions 2023-02-07 18:38:52
7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 Azure Center for SAP solutions administrator This role provides read and write access to all capabilities of Azure Center for SAP solutions.
change
Actions, DataActions 2023-02-06 18:40:05
5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b App Configuration Data Owner Allows full access to App Configuration data.
change
DataActions 2023-02-06 18:40:05
bda0d508-adf1-4af0-9c28-88919fc3ae06 Azure Stack HCI registration role Custom Azure role to allow subscription-level access to register Azure Stack HCI
add
new Role 2023-02-06 18:40:05
0db238c4-885e-4c4f-a933-aa2cef684fca Azure Front Door Secret Reader Can view Azure Front Door secrets, but can't make changes.
add
new Role 2023-02-03 18:39:00
6d949e1d-41e2-46e3-8920-c6e4f31a8310 Azure Center for SAP solutions Management role This role has permissions which allow users to register existing systems, view and manage systems.
add
new Role 2023-02-03 18:39:00
0f99d363-226e-4dca-9920-b807cf8e1a5f Azure Front Door Domain Reader Can view Azure Front Door domains, but can't make changes.
add
new Role 2023-02-03 18:39:00
3f2eb865-5811-4578-b90a-6fc6fa0df8e5 Azure Front Door Secret Contributor Can manage Azure Front Door secrets, but can't grant access to other users.
add
new Role 2023-02-03 18:39:00
0105a6b0-4bb9-43d2-982a-12806f9faddb Azure Center for SAP solutions Service role for management This role has permissions that the user assigned managed identity must have to enable registration for the existing systems.
add
new Role 2023-02-03 18:39:00
aabbc5dd-1af0-458b-a942-81af88f9c138 Azure Center for SAP solutions service role Azure Center for SAP solutions service role - This role is intended to be used for providing the permissions to user assigned managed identity. Azure Center for SAP solutions will use this identity to deploy and manage SAP systems.
change
Actions 2023-02-03 18:39:00
0ab34830-df19-4f8c-b84e-aa85b8afa6e8 Azure Front Door Domain Contributor Can manage Azure Front Door domains, but can't grant access to other users.
add
new Role 2023-02-03 18:39:00
05352d14-a920-4328-a0de-4cbe7430e26b Azure Center for SAP solutions reader This role provides read access to all capabilities of Azure Center for SAP solutions.
change
Actions 2023-02-03 18:39:00
f0310ce6-e953-4cf8-b892-fb1c87eaf7f6 Azure Usage Billing Data Sender Azure Usage Billing shared BuiltIn role to be used for all Customer Account Authentication
add
new Role 2023-01-30 18:40:55
8508508a-4469-4e45-963b-2518ee0bb728 AgFood Platform Service Contributor Provides contribute access to AgFood Platform Service
change
NotDataActions 2023-01-24 18:06:32
c4bc862a-3b64-4a35-a021-a380c159b042 Bayer Ag Powered Services GDU Solution Service Role Provide access to GDU Solution by Bayer Ag Powered Services
add
new Role 2023-01-19 18:07:47
ef29765d-0d37-4119-a4f8-f9f9902c9588 Bayer Ag Powered Services Imagery Solution Service Role Provide access to Imagery Solution by Bayer Ag Powered Services
add
new Role 2023-01-19 18:07:47
05352d14-a920-4328-a0de-4cbe7430e26b Azure Center for SAP solutions reader This role provides read access to all capabilities of Azure Center for SAP solutions.
change
Actions 2023-01-18 18:07:15
7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 Azure Center for SAP solutions administrator This role provides read and write access to all capabilities of Azure Center for SAP solutions.
change
Actions 2023-01-18 18:07:15
aabbc5dd-1af0-458b-a942-81af88f9c138 Azure Center for SAP solutions service role Azure Center for SAP solutions service role - This role is intended to be used for providing the permissions to user assigned managed identity. Azure Center for SAP solutions will use this identity to deploy and manage SAP systems.
change
Actions 2023-01-18 18:07:15
4e9b8407-af2e-495b-ae54-bb60a55b1b5a Chamber Admin Lets you manage everything under your Modeling and Simulation Workbench chamber.
change
Description, Actions, NotActions, DataActions 2023-01-16 18:05:52
4447db05-44ed-4da3-ae60-6cbece780e32 Chamber User Lets you view everything under your Modeling and Simulation Workbench chamber, but not make any changes.
change
Description, Actions, DataActions 2023-01-16 18:05:52
230815da-be43-4aae-9cb4-875f7bd000aa Cosmos DB Operator Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.
change
NotActions 2023-01-16 18:05:52
45d50f46-0b78-4001-a660-4198cbe8cd05 DevCenter Dev Box User Provides access to create and manage dev boxes.
change
DataActions 2023-01-12 18:29:24
ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b ContainerApp Reader View all containerapp resources, but does not allow you to make any changes.
add
new Role 2023-01-02 18:09:36
7ec7ccdc-f61e-41fe-9aaf-980df0a44eba AgFood Platform Service Reader Provides read access to AgFood Platform Service
change
DataActions 2022-12-13 17:44:15
8508508a-4469-4e45-963b-2518ee0bb728 AgFood Platform Service Contributor Provides contribute access to AgFood Platform Service
change
NotDataActions 2022-12-13 17:44:15
b279062a-9be3-42a0-92ae-8b3cf002ec4d Workbook Reader Can read workbooks.
change
Actions 2022-12-12 17:45:20
e8ddcd69-c73f-4f9f-9844-4100522f16ad Workbook Contributor Can save shared workbooks.
change
Actions 2022-12-12 17:45:20
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them.
change
Actions 2022-12-12 17:45:20
51d6186e-6489-4900-b93f-92e23144cca5 Microsoft Sentinel Playbook Operator Microsoft Sentinel Playbook Operator
change
Actions 2022-12-08 17:44:50
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator.
change
Actions, DataActions 2022-12-08 17:44:50
4ba50f17-9666-485c-a643-ff00808643f0 FHIR SMART User Role allows user to access FHIR Service according to SMART on FHIR specification
change
DataActions 2022-12-08 17:44:50
0e5f05e5-9ab9-446b-b98d-1e2157c94125 Quota Request Operator Read and create quota requests, get quota request status, and create support tickets.
change
DisplayName, Description, Actions 2022-12-08 17:44:50
f5819b54-e033-4d82-ac66-4fec3cbf3f4c Azure Connected Machine Resource Manager Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group
change
Actions 2022-11-16 17:42:38
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them.
change
Actions 2022-11-16 17:42:38
1afdec4b-e479-420e-99e7-f82237c7c5e6 Azure Kubernetes Service Cluster Monitoring User List cluster monitoring user credential action.
add
new Role 2022-11-16 17:42:38
f5819b54-e033-4d82-ac66-4fec3cbf3f4c Azure Connected Machine Resource Manager Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group
add
new Role 2022-11-15 17:42:13
7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 Azure Center for SAP solutions administrator This role provides read and write access to all capabilities of Azure Center for SAP solutions.
add
new Role 2022-11-14 17:43:02
05352d14-a920-4328-a0de-4cbe7430e26b Azure Center for SAP solutions reader This role provides read access to all capabilities of Azure Center for SAP solutions.
add
new Role 2022-11-14 17:43:02
68ff5d27-c7f5-4fa9-a21c-785d0df7bd9e Impact Reader Allows read-only access to reported impacts and impact categories
add
new Role 2022-11-14 17:43:02
36e80216-a7e8-4f42-a7e1-f12c98cbaf8a Impact Reporter Allows access to create/report, read and delete impacts
add
new Role 2022-11-14 17:43:02
aabbc5dd-1af0-458b-a942-81af88f9c138 Azure Center for SAP solutions service role Azure Center for SAP solutions service role - This role is intended to be used for providing the permissions to user assigned managed identity. Azure Center for SAP solutions will use this identity to deploy and manage SAP systems.
add
new Role 2022-11-14 17:43:02
ce551c02-7c42-47e0-9deb-e3b6fc3a9a83 Azure Arc VMware Private Cloud User Azure Arc VMware Private Cloud User has permissions to use the VMware cloud resources to deploy VMs.
change
Actions 2022-11-14 17:43:02
2837e146-70d7-4cfd-ad55-7efa6464f958 CodeSigning Certificate Profile Signer Sign files with a certificate profile. This role is in preview and subject to change.
change
Actions 2022-11-03 17:41:51
4339b7cf-9826-4e41-b4ed-c7f4505dac08 Code Signing Identity Verifier Manage identity or business verification requests. This role is in preview and subject to change.
change
Actions 2022-11-02 17:41:52
fbc52c3f-28ad-4303-a892-8a056630b8f1 Azure Traffic Controller Configuration Manager Allows access to traffic controller resource. Also allows all confiuration Updates on traffic controller
add
new Role 2022-10-28 16:42:56
4447db05-44ed-4da3-ae60-6cbece780e32 Chamber User Lets you view everything under your HPC Workbench chamber, but not make any changes.
change
Actions 2022-10-27 16:42:48
5e0bd9bd-7b93-4f28-af87-19fc36ad61bd Cognitive Services OpenAI User Ability to view files, models, deployments. Readers can't make any changes They can inference
add
new Role 2022-10-27 16:42:48
a001fd3d-188f-4b5d-821b-7da978bf7442 Cognitive Services OpenAI Contributor Full access including the ability to fine-tune, deploy and generate text
add
new Role 2022-10-27 16:42:48
6b77f0a0-0d89-41cc-acd1-579c22c17a67 AgFood Platform Sensor Partner Contributor Provides contribute access to manage sensor related entities in AgFood Platform Service
change
DataActions, NotDataActions 2022-10-27 16:42:48
4ba50f17-9666-485c-a643-ff00808643f0 FHIR SMART User Role allows user to access FHIR Service according to SMART on FHIR specification
add
new Role 2022-10-26 16:44:05
51d6186e-6489-4900-b93f-92e23144cca5 Microsoft Sentinel Playbook Operator Microsoft Sentinel Playbook Operator
change
Actions 2022-10-24 16:44:14
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backup service,but can't create vaults and give access to others
change
Actions 2022-10-14 16:34:33
a795c7a0-d4a2-40c1-ae25-d81f01202912 Backup Reader Can view backup services, but can't make changes
change
Actions 2022-10-14 16:34:33
00c29273-979b-4161-815c-10b084fb9324 Backup Operator Lets you manage backup services, except removal of backup, vault creation and giving access to others
change
Actions 2022-10-14 16:34:33
b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b Azure Kubernetes Service RBAC Cluster Admin Lets you manage all resources in the cluster.
change
Actions 2022-10-13 16:34:55
7f6c6a51-bcf8-42ba-9220-52d62157d7db Azure Kubernetes Service RBAC Reader Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.
change
Actions 2022-10-13 16:34:55
a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb Azure Kubernetes Service RBAC Writer Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.
change
Actions 2022-10-13 16:34:55
3498e952-d568-435e-9b2c-8d77e338d7f7 Azure Kubernetes Service RBAC Admin Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.
change
Actions 2022-10-13 16:34:55
18e40d4e-8d2e-438d-97e1-9528336e149c Deployment Environments User Provides access to manage environment resources.
change
DisplayName, Description, Actions 2022-10-12 16:34:55
331c37c6-af14-46d9-b9f4-e1909e1b95a0 DevCenter Project Admin Provides access to manage project resources.
change
DataActions 2022-10-12 16:34:55
a795c7a0-d4a2-40c1-ae25-d81f01202912 Backup Reader Can view backup services, but can't make changes
change
Actions 2022-09-28 16:34:30
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backup service,but can't create vaults and give access to others
change
Actions 2022-09-28 16:34:30
67d33e57-3129-45e6-bb0b-7cc522f762fa Azure Arc VMware Private Clouds Onboarding Azure Arc VMware Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vCenter instances to Azure.
change
Actions 2022-09-27 16:35:31
e503ece1-11d0-4e8e-8e2c-7a6c3bf38815 AzureML Compute Operator Can access and perform CRUD operations on Machine Learning Services managed compute resources (including Notebook VMs).
add
new Role 2022-09-27 16:35:31
331c37c6-af14-46d9-b9f4-e1909e1b95a0 DevCenter Project Admin Provides access to manage project resources.
change
DataActions 2022-09-27 16:35:31
1823dd4f-9b8c-4ab6-ab4e-7397a3684615 AzureML Registry User Can perform all actions on Machine Learning Services Registry assets as well as get Registry resources.
add
new Role 2022-09-27 16:35:31
51d6186e-6489-4900-b93f-92e23144cca5 Microsoft Sentinel Playbook Operator Microsoft Sentinel Playbook Operator
change
Actions 2022-09-26 16:35:37
18e40d4e-8d2e-438d-97e1-9528336e149c Microsoft.DevCenter Deployment Environments User Microsoft.DevCenter Deployment Environments User.
add
new Role 2022-09-26 16:35:37
00c29273-979b-4161-815c-10b084fb9324 Backup Operator Lets you manage backup services, except removal of backup, vault creation and giving access to others
change
Actions 2022-09-26 16:35:37
a99b0159-1064-4c22-a57b-c9b3caa1c054 Azure Spring Apps Remote Debugging Role Azure Spring Apps Remote Debugging Role
add
new Role 2022-09-23 16:35:48
80558df3-64f9-4c0f-b32d-e5094b036b0b Azure Spring Apps Connect Role Azure Spring Apps Connect Role
add
new Role 2022-09-23 16:35:48
51d6186e-6489-4900-b93f-92e23144cca5 Microsoft Sentinel Playbook Operator Microsoft Sentinel Playbook Operator
add
new Role 2022-09-20 16:36:14
ac63b705-f282-497d-ac71-919bf39d939d Management Group Reader Management Group Reader Role
change
Actions 2022-09-19 16:35:35
5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c Management Group Contributor Management Group Contributor Role
change
Actions 2022-09-19 16:35:35
7e4f1700-ea5a-4f59-8f37-079cfe29dce3 SignalR Service Owner Full access to Azure SignalR Service REST APIs
change
DataActions 2022-09-15 16:34:33
b8b15564-4fa6-4a59-ab12-03e1d9594795 Autonomous Development Platform Data Contributor (Preview) Grants permissions to upload and manage new Autonomous Development Platform measurements.
change
DataActions 2022-09-15 16:34:33
c6decf44-fd0a-444c-a844-d653c394e7ab Data Labeling - Labeler Can label data in Labeling.
add
new Role 2022-09-09 16:35:25
d57506d4-4c8d-48b1-8587-93c323f6a5a3 Azure Digital Twins Data Reader Read-only role for Digital Twins data-plane properties
change
DisplayName, DataActions 2022-09-08 16:34:42
bcd981a7-7f74-457b-83e1-cceb9e632ffe Azure Digital Twins Data Owner Full access role for Digital Twins data-plane
change
DisplayName, DataActions 2022-09-08 16:34:42
392ae280-861d-42bd-9ea5-08ee6d83b80e Template Spec Reader Allows read access to Template Specs at the assigned scope.
add
new Role 2022-09-08 16:34:42
1c9b6475-caf0-4164-b5a1-2142a7116f4b Template Spec Contributor Allows full access to Template Spec operations at the assigned scope.
add
new Role 2022-09-08 16:34:42
f58310d9-a9f6-439a-9e8d-f62e7b41a168 Role Based Access Control Administrator (Preview) Manage access to Azure resources by assigning roles using Azure RBAC. This role does not allow you to manage access using other ways, such as Azure Policy.
add
new Role 2022-09-07 16:35:18
43d0d8ad-25c7-4714-9337-8ba259a9fe05 Monitoring Reader Can read all monitoring data.
change
DataActions 2022-09-06 17:33:15
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings.
change
DataActions 2022-09-06 17:33:15
2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b Web Plan Contributor Lets you manage the web plans for websites, but not access to them.
change
Actions 2022-09-05 16:34:39
434fb43a-c01c-447e-9f67-c3ad923cfaba Azure Kubernetes Fleet Manager RBAC Admin This role grants admin access - provides write permissions on most objects within a a namespace, with the exception of ResourceQuota object and the namespace object itself. Applying this role at cluster scope will give access across all namespaces.
change
DataActions 2022-08-29 16:36:36
30b27cfc-9c84-438e-b0ce-70e35255df80 Azure Kubernetes Fleet Manager RBAC Reader Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.
change
DataActions 2022-08-29 16:36:36
5af6afb3-c06c-4fa4-8848-71a8aee05683 Azure Kubernetes Fleet Manager RBAC Writer Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.
change
Description, DataActions 2022-08-29 16:36:36
ba79058c-0414-4a34-9e42-c3399d80cd5a Kubernetes Namespace User Allows a user to read namespace resources and retrieve kubeconfig for the cluster
add
new Role 2022-08-24 16:35:21
b0d8363b-8ddd-447d-831f-62ca05bff136 Monitoring Data Reader Can read all monitoring data.
add
new Role 2022-08-22 16:34:26
63bb64ad-9799-4770-b5c3-24ed299a07bf Azure Kubernetes Fleet Manager Contributor Role Grants access to read and write Azure Kubernetes Fleet Manager clusters
add
new Role 2022-08-22 16:34:26
434fb43a-c01c-447e-9f67-c3ad923cfaba Azure Kubernetes Fleet Manager RBAC Admin This role grants admin access - provides write permissions on most objects within a a namespace, with the exception of ResourceQuota object and the namespace object itself. Applying this role at cluster scope will give access across all namespaces.
add
new Role 2022-08-22 16:34:26
18ab4d3d-a1bf-4477-8ad9-8359bc988f69 Azure Kubernetes Fleet Manager RBAC Cluster Admin Lets you manage all resources in the fleet manager cluster.
add
new Role 2022-08-22 16:34:26
30b27cfc-9c84-438e-b0ce-70e35255df80 Azure Kubernetes Fleet Manager RBAC Reader Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.
add
new Role 2022-08-22 16:34:26
5af6afb3-c06c-4fa4-8848-71a8aee05683 Azure Kubernetes Fleet Manager RBAC Writer Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.
add
new Role 2022-08-22 16:34:26
a2c4a527-7dc0-4ee3-897b-403ade70fafb Video Indexer Restricted Viewer Has access to view and search through all video's insights and transcription in the Video Indexer portal. No access to model customization, embedding of widget, downloading videos, or sharing the account.
add
new Role 2022-08-10 16:33:37
8d289c81-5878-46d4-8554-54e1e3d8b5cb Microsoft Sentinel Reader Microsoft Sentinel Reader
change
NotActions 2022-08-02 16:33:17
3e150937-b8fe-4cfb-8069-0eaf05ecd056 Microsoft Sentinel Responder Microsoft Sentinel Responder
change
DisplayName, Description, NotActions 2022-08-02 16:33:17
ab8e14d6-4a74-4a29-9ba8-549422addade Microsoft Sentinel Contributor Microsoft Sentinel Contributor
change
DisplayName, Description, NotActions 2022-08-02 16:33:17
4339b7cf-9826-4e41-b4ed-c7f4505dac08 Code Signing Identity Verifier Manage identity or business verification requests. This role is in preview and subject to change.
add
new Role 2022-07-29 16:32:42
45d50f46-0b78-4001-a660-4198cbe8cd05 DevCenter Dev Box User Provides access to create and manage dev boxes.
change
Actions, DataActions 2022-07-25 16:32:45
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings.
change
DataActions 2022-07-25 16:32:45
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backup service,but can't create vaults and give access to others
change
Actions 2022-07-25 16:32:45
331c37c6-af14-46d9-b9f4-e1909e1b95a0 DevCenter Project Admin Provides access to manage project resources.
change
Actions, NotActions, DataActions 2022-07-25 16:32:45
af6a70f8-3c9f-4105-acf1-d719e9fca4ca Elastic San Reader Read Azure Elastic SAN and all sub-resources
change
Actions 2022-07-21 16:31:45
a8281131-f312-4f34-8d98-ae12be9f0d23 Elastic San Volume Group Owner Lets you manage a volume group in elastic san account
change
Actions 2022-07-21 16:31:45
40c5ff49-9181-41f8-ae61-143b0e78555e Desktop Virtualization Power On Off Contributor This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines.
add
new Role 2022-07-18 16:33:50
489581de-a3bd-480d-9518-53dea7416b33 Desktop Virtualization Power On Contributor This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to start virtual machines.
add
new Role 2022-07-18 16:33:50
a959dbd1-f747-45e3-8ba6-dd80f235f97c Desktop Virtualization Virtual Machine Contributor This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines.
add
new Role 2022-07-18 16:33:50
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator.
change
Actions, DataActions 2022-07-13 16:33:16
43d0d8ad-25c7-4714-9337-8ba259a9fe05 Monitoring Reader Can read all monitoring data.
change
DataActions 2022-07-07 16:32:17
76cc9ee4-d5d3-4a45-a930-26add3d73475 Access Review Operator Service Role Lets you grant Access Review System app permissions to discover and revoke access as needed by the access review process.
add
new Role 2022-07-04 16:35:09
a8281131-f312-4f34-8d98-ae12be9f0d23 Elastic San Volume Group Owner Lets you manage a volume group in elastic san account
add
new Role 2022-07-04 16:35:09
80dcbedb-47ef-405d-95bd-188a1b4ac406 Elastic San Contributor Lets you manage elastic san accounts
change
Actions 2022-06-29 16:32:23
361898ef-9ed1-48c2-849c-a832951106bb Domain Services Reader Can view Azure AD Domain Services and related network configurations
change
Actions 2022-06-27 16:32:39
eeaeda52-9324-47f6-8069-5d5bade478b2 Domain Services Contributor Can manage Azure AD Domain Services and related network configurations
change
Actions 2022-06-27 16:32:39
361898ef-9ed1-48c2-849c-a832951106bb Domain Services Reader Can view Azure AD Domain Services and related network configurations
change
Actions 2022-06-22 16:32:37
eeaeda52-9324-47f6-8069-5d5bade478b2 Domain Services Contributor Can manage Azure AD Domain Services and related network configurations
change
Actions 2022-06-22 16:32:37
7628b7b8-a8b2-4cdc-b46f-e9b35248918e Cognitive Services Language Reader Has access to Read and Test functions under Language portal
change
DataActions 2022-06-17 16:31:04
d24ecba3-c1f4-40fa-a7bb-4588a071e8fd VM Scanner Operator Role that provides access to disk snapshot for security analysis.
add
new Role 2022-06-08 16:32:24
af6a70f8-3c9f-4105-acf1-d719e9fca4ca Elastic San Reader Read Azure Elastic SAN and all sub-resources
add
new Role 2022-06-01 16:31:39
b8b15564-4fa6-4a59-ab12-03e1d9594795 Autonomous Development Platform Data Contributor (Preview) Grants permissions to upload and manage new Autonomous Development Platform measurements.
change
DataActions 2022-05-31 16:32:29
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator.
change
Actions, DataActions 2022-05-30 16:30:40
80dcbedb-47ef-405d-95bd-188a1b4ac406 Elastic San Contributor Lets you manage elastic san accounts
add
new Role 2022-05-26 16:30:22
0e75ca1e-0464-4b4d-8b93-68208a576181 Cognitive Services Speech Contributor Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice.
change
Actions 2022-05-20 16:30:38
f2dc8367-1007-4938-bd23-fe263f013447 Cognitive Services Speech User Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models.
change
Actions 2022-05-20 16:30:38
0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8 Azure Kubernetes Service Cluster Admin Role List cluster admin credential action.
change
Actions 2022-05-17 16:30:38
c031e6a8-4391-4de0-8d69-4706a7ed3729 API Management Developer Portal Content Editor Can customize the developer portal, edit its content, and publish it.
add
new Role 2022-05-11 16:32:15
8d289c81-5878-46d4-8554-54e1e3d8b5cb Microsoft Sentinel Reader Microsoft Sentinel Reader
change
DisplayName, Description, Actions 2022-05-09 16:29:26
c0781e91-8102-4553-8951-97c6d4243cda Azure Arc ScVmm Private Cloud User Azure Arc ScVmm Private Cloud User has permissions to use the ScVmm resources to deploy VMs.
add
new Role 2022-05-05 21:31:23
6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9 Azure Arc ScVmm Private Clouds Onboarding Azure Arc ScVmm Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vmm server instances to Azure.
add
new Role 2022-05-05 21:31:23
e582369a-e17b-42a5-b10c-874c387c530b Azure Arc ScVmm VM Contributor Arc ScVmm VM Contributor has permissions to perform all VM actions.
add
new Role 2022-05-05 21:31:23
a92dfd61-77f9-4aec-a531-19858b406c87 Azure Arc ScVmm Administrator role Arc ScVmm VM Administrator has permissions to perform all ScVmm actions.
add
new Role 2022-05-05 21:31:23
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator.
change
Actions 2022-05-04 16:30:32
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator.
change
Actions 2022-05-03 16:57:51
6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 SQL Server Contributor Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.
change
NotActions 2022-04-29 18:06:01
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them.
change
Actions 2022-04-28 17:39:09
4465e953-8ced-4406-a58e-0f6e3f3b530b FHIR Data Importer Role allows user or principal to read and import FHIR Data
add
new Role 2022-04-21 16:39:45
e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1 Storage Account Backup Contributor Lets you perform backup and restore operations using Azure Backup on the storage account.
change
DisplayName, Description, Actions 2022-04-20 16:54:13
602da2ba-a5c2-41da-b01d-5360126ab525 Virtual Machine Local User Login View Virtual Machines in the portal and login as a local user configured on the arc server
change
Actions 2022-04-18 16:32:42
f7b75c60-3036-4b75-91c3-6b41c27c1689 Reservation Purchaser Lets you purchase reservations
change
Actions 2022-04-14 16:55:58
cd08ab90-6b14-449c-ad9a-8f8e549482c6 Scheduled Patching Contributor Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments
change
Actions 2022-04-13 16:45:15
cd08ab90-6b14-449c-ad9a-8f8e549482c6 Scheduled Patching Contributor Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments
add
new Role 2022-04-11 16:38:49
a8889054-8d42-49c9-bc1c-52486c10e7cd Reservations Administrator Lets one read and manage all the reservations in a tenant
add
new Role 2022-04-09 02:54:25
602da2ba-a5c2-41da-b01d-5360126ab525 Virtual Machine Local User Login View Virtual Machines in the portal and login as a local user configured on the arc server
add
new Role 2022-04-07 17:18:35
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator.
change
Actions 2022-04-05 17:06:52
331c37c6-af14-46d9-b9f4-e1909e1b95a0 DevCenter Project Admin Provides access to manage project resources.
add
new Role 2022-04-01 20:29:16
45d50f46-0b78-4001-a660-4198cbe8cd05 DevCenter Dev Box User Provides access to create and manage dev boxes.
add
new Role 2022-03-31 18:06:31
f07febfe-79bc-46b1-8b37-790e26e6e498 Cognitive Services Language Owner Has access to all Read, Test, Write, Deploy and Delete functions under Language portal
change
DataActions, NotDataActions 2022-03-30 16:45:33
f2310ca1-dc64-4889-bb49-c8e0fa3d47a8 Cognitive Services Language Writer Has access to all Read, Test, and Write functions under Language Portal
change
DataActions, NotDataActions 2022-03-30 16:45:33
7628b7b8-a8b2-4cdc-b46f-e9b35248918e Cognitive Services Language Reader Has access to Read and Test functions under Language portal
change
DataActions, NotDataActions 2022-03-30 16:45:33
1ef6a3be-d0ac-425d-8c01-acb62866290b Compute Gallery Sharing Admin This role allows user to share gallery to another subscription/tenant or share it to the public.
add
new Role 2022-03-28 17:59:08
18ed5180-3e48-46fd-8541-4ea054d57064 Azure Kubernetes Service Policy Add-on Deployment Deploy the Azure Policy add-on on Azure Kubernetes Service clusters
change
Actions 2022-03-16 17:58:57
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator.
change
Actions 2022-03-16 17:58:57
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings.
change
Actions 2022-03-11 18:17:07
0e75ca1e-0464-4b4d-8b93-68208a576181 Cognitive Services Speech Contributor Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice.
change
DataActions 2022-03-10 18:07:12
6b77f0a0-0d89-41cc-acd1-579c22c17a67 AgFood Platform Sensor Partner Contributor Provides contribute access to manage sensor related entities in AgFood Platform Service
add
new Role 2022-03-09 19:15:11
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings.
change
Actions 2022-03-08 17:46:41
18500a29-7fe2-46b2-a342-b16a415e101d Managed HSM contributor Lets you manage managed HSM pools, but not access to them.
change
Actions 2022-03-08 17:46:41
0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d DNS Resolver Contributor Lets you manage DNS resolver resources
change
Actions 2022-03-01 18:03:34
959f8984-c045-4866-89c7-12bf9737be2e Data Operator for Managed Disks Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication.
add
new Role 2022-03-01 18:03:34
0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d DNS Resolver Contributor Lets you manage DNS resolver resources
add
new Role 2022-02-28 17:26:57
eeaeda52-9324-47f6-8069-5d5bade478b2 Domain Services Contributor Can manage Azure AD Domain Services and related network configurations
add
new Role 2022-02-23 18:03:00
361898ef-9ed1-48c2-849c-a832951106bb Domain Services Reader Can view Azure AD Domain Services and related network configurations
add
new Role 2022-02-23 18:03:00
088ab73d-1256-47ae-bea9-9de8e7131f31 Guest Configuration Resource Contributor Lets you read, write Guest Configuration Resource.
change
Description, Actions 2022-02-11 18:30:29
18ed5180-3e48-46fd-8541-4ea054d57064 Azure Kubernetes Service Policy Add-on Deployment Deploy the Azure Policy add-on on Azure Kubernetes Service clusters
change
Actions 2022-02-10 17:19:06
18ed5180-3e48-46fd-8541-4ea054d57064 Azure Kubernetes Service Policy Add-on Deployment Deploy the Azure Policy add-on on Azure Kubernetes Service clusters
add
new Role 2022-02-08 18:24:32
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator.
add
new Role 2022-02-07 17:17:23
00493d72-78f6-4148-b6c5-d3ce8e4799dd Azure Arc Enabled Kubernetes Cluster User Role List cluster user credentials action.
change
Actions 2022-02-02 17:45:29
f2dc8367-1007-4938-bd23-fe263f013447 Cognitive Services Speech User Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models.
change
DataActions, NotDataActions 2022-01-28 19:51:28
4447db05-44ed-4da3-ae60-6cbece780e32 Chamber User Lets you view everything under your HPC Workbench chamber, but not make any changes.
change
Actions 2022-01-27 17:51:50
871e35f6-b5c1-49cc-a043-bde969a0f2cd CDN Endpoint Reader Can view CDN endpoints, but can't make changes.
change
Actions 2022-01-27 17:51:50
f4c81013-99ee-4d62-a7ee-b3f1f648599a Microsoft Sentinel Automation Contributor Microsoft Sentinel Automation Contributor
change
DisplayName, Description, Actions 2022-01-26 17:48:32
56be40e2-4db1-4ccf-93c3-7e44c597135b Monitored Objects Contributor Can read and update Monitored Objects and associated Data Collection Rules.
add
new Role 2022-01-21 18:03:29
4e9b8407-af2e-495b-ae54-bb60a55b1b5a Chamber Admin Lets you manage everything under your HPC Workbench chamber.
add
new Role 2022-01-20 18:36:47
4447db05-44ed-4da3-ae60-6cbece780e32 Chamber User Lets you view everything under your HPC Workbench chamber, but not make any changes.
add
new Role 2022-01-20 18:36:47
088ab73d-1256-47ae-bea9-9de8e7131f31 Guest Configuration Resource Contributor Grants access to read or write to Guest Configuration resources.
add
new Role 2022-01-14 17:44:10
67d33e57-3129-45e6-bb0b-7cc522f762fa Azure Arc VMware Private Clouds Onboarding Azure Arc VMware Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vCenter instances to Azure.
add
new Role 2022-01-14 17:44:10
e4237640-0e3d-4a46-8fda-70bc94856432 Device Update Deployments Administrator Gives you full access to management operations
change
DataActions 2022-01-13 19:18:33
49e2f5d2-7741-4835-8efa-19e1fe35e47f Device Update Deployments Reader Gives you read access to management operations, but does not allow making changes
change
DataActions 2022-01-13 19:18:33
14b46e9e-c2b7-41b4-b07b-48a6ebf60603 Key Vault Crypto Officer Perform any action on the keys of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.
change
DisplayName, DataActions 2022-01-07 18:14:37
d63b75f7-47ea-4f27-92ac-e0d173aaf093 Autonomous Development Platform Data Reader (Preview) Grants read access to Autonomous Development Platform data.
change
Actions, DataActions 2022-01-04 13:44:22
b8b15564-4fa6-4a59-ab12-03e1d9594795 Autonomous Development Platform Data Contributor (Preview) Grants permissions to upload and manage new Autonomous Development Platform measurements.
change
Actions, DataActions, NotDataActions 2022-01-04 13:44:22
27f8b550-c507-4db9-86f2-f4b8e816d59d Autonomous Development Platform Data Owner (Preview) Grants full access to Autonomous Development Platform data.
change
Actions, DataActions 2022-01-04 13:44:22
3913510d-42f4-4e42-8a64-420c390055eb Monitoring Metrics Publisher Enables publishing metrics against Azure resources
change
DataActions 2022-01-04 11:26:52
e8ddcd69-c73f-4f9f-9844-4100522f16ad Workbook Contributor Can save shared workbooks.
change
Actions 2022-01-04 11:26:52
b279062a-9be3-42a0-92ae-8b3cf002ec4d Workbook Reader Can read workbooks.
change
Actions 2022-01-04 11:26:52
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings.
change
Actions 2022-01-04 11:26:52
00c29273-979b-4161-815c-10b084fb9324 Backup Operator Lets you manage backup services, except removal of backup, vault creation and giving access to others
change
Actions 2021-12-16 17:24:54
cd570a14-e51a-42ad-bac8-bafd67325302 Azure Connected Machine Resource Administrator Can read, write, delete and re-onboard Azure Connected Machines.
change
Actions 2021-12-15 17:18:05
fb879df8-f326-4884-b1cf-06f3ad86be52 Virtual Machine User Login View Virtual Machines in the portal and login as a regular user.
change
Actions 2021-11-18 17:19:50
1c0163c0-47e6-4577-8991-ea5c82e286e4 Virtual Machine Administrator Login View Virtual Machines in the portal and login as administrator
change
Actions 2021-11-18 17:19:50
bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf Web PubSub Service Reader (Preview) Read-only access to Azure Web PubSub Service REST APIs
change
DataActions 2021-11-16 16:27:38
12cf5a90-567b-43ae-8102-96cf46c7d9b4 Web PubSub Service Owner (Preview) Full access to Azure Web PubSub Service REST APIs
change
DataActions 2021-11-16 16:27:38
420fcaa2-552c-430f-98ca-3264be4806c7 SignalR App Server Lets your app server access SignalR Service with AAD auth options.
change
DisplayName, DataActions 2021-11-16 16:27:38
fb1c8493-542b-48eb-b624-b4c8fea62acd Security Admin Security Admin Role
change
NotActions 2021-11-15 17:00:51
582fc458-8989-419f-a480-75249bc5db7e Reservations Reader Lets one read all the reservations in a tenant
add
new Role 2021-11-11 20:15:16
dd920d6d-f481-47f1-b461-f338c46b2d9f Marketplace Admin Marketplace Admin grants full access to manage Private Azure Marketplace, including read and take action for private marketplace notifications, but does not allow to assign Marketplace Admin role to others
change
Description, Actions 2021-11-11 20:14:21
53be45b2-ad40-43ab-bc1f-2c962ac99ded PowerApps Administrator The user has access to perform administrative actions on all PowerApps resources within the tenant.
add
new Role 2021-11-11 20:13:47
6877c72c-edd3-4048-9b4b-cf8e514477b0 PowerAppsReaderWithReshare PowerAppsReadersWithReshare can use the resource and re-share it with other users, but cannot edit the resource or re-share it with edit permissions.
add
new Role 2021-11-11 20:13:46
ed2561a6-b260-4d25-9d88-54ee1b8e8b37 Guest configuration deploy policy role Lets you deploy guest configuration policy on to machines under a subscription or resource group.
add
new Role 2021-11-11 20:13:34
b97fb8bc-a8b2-4522-a38b-dd33c7e65ead Lab Creator Lets you create new labs under your Azure Lab Accounts.
change
Actions, DataActions 2021-11-11 17:21:27
2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc Lab Services Reader The lab services reader role
add
new Role 2021-11-11 17:21:27
5daaa2af-1fe8-407c-9122-bba179798270 Lab Contributor The lab contributor role
add
new Role 2021-11-11 17:21:27
ce40b423-cede-4313-a93f-9b28290b72e1 Lab Assistant The lab assistant role
add
new Role 2021-11-11 17:21:27
a36e6959-b6be-4b12-8e9f-ef4b474d304d Lab Operator The lab operator role
add
new Role 2021-11-11 17:21:27
f69b8690-cc87-41d6-b77a-a4bc3c0a966f Lab Services Contributor The lab services contributor role
add
new Role 2021-11-11 17:21:27
b2de6794-95db-4659-8781-7e080d3f2b9d Cognitive Services Immersive Reader User Provides access to create Immersive Reader sessions and call APIs
add
new Role 2021-11-11 17:21:27
3ae3fb29-0000-4ccd-bf80-542e7b26e081 Load Test Reader View and list all load tests and load test resources but can not make any changes
add
new Role 2021-11-10 17:42:24
0c8b84dc-067c-4039-9615-fa1a4b77c726 PlayFab Contributor Provides contributor access to PlayFab resources
add
new Role 2021-11-10 17:42:24
45bb0b16-2f0c-4e78-afaa-a07599b003f6 Load Test Owner Execute all operations on load test resources and load tests
add
new Role 2021-11-09 16:56:00
749a398d-560b-491b-bb21-08924219302e Load Test Contributor View, create, update, delete and execute load tests. View and list load test resources but can not make any changes.
add
new Role 2021-11-09 16:56:00
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings.
change
Actions 2021-11-08 16:50:39
a9a19cc5-31f4-447c-901f-56c0bb18fcaf PlayFab Reader Provides read access to PlayFab resources
add
new Role 2021-11-08 16:50:39
ddc140ed-e463-4246-9145-7c664192013f Azure Arc VMware Administrator role Arc VMware VM Contributor has permissions to perform all connected VMwarevSphere actions.
add
new Role 2021-11-05 17:28:15
f2310ca1-dc64-4889-bb49-c8e0fa3d47a8 Cognitive Services Language Writer Has access to all Read, Test, and Write functions under Language Portal
add
new Role 2021-11-04 17:27:00
7628b7b8-a8b2-4cdc-b46f-e9b35248918e Cognitive Services Language Reader Has access to Read and Test functions under Language portal
add
new Role 2021-11-04 17:27:00
6322a993-d5c9-4bed-b113-e49bbea25b27 Cognitive Services LUIS Writer Has access to all Read, Test, and Write functions under LUIS
add
new Role 2021-11-04 17:27:00
f07febfe-79bc-46b1-8b37-790e26e6e498 Cognitive Services Language Owner Has access to all Read, Test, Write, Deploy and Delete functions under Language portal
add
new Role 2021-11-04 17:27:00
18e81cdc-4e98-4e29-a639-e7d10c5a6226 Cognitive Services LUIS Reader Has access to Read and Test functions under LUIS.
add
new Role 2021-11-04 17:27:00
f72c8140-2111-481c-87ff-72b910f6e3f8 Cognitive Services LUIS Owner Has access to all Read, Test, Write, Deploy and Delete functions under LUIS
add
new Role 2021-11-04 17:27:00
ce551c02-7c42-47e0-9deb-e3b6fc3a9a83 Azure Arc VMware Private Cloud User Azure Arc VMware Private Cloud User has permissions to use the VMware cloud resources to deploy VMs.
add
new Role 2021-10-28 15:43:30
b748a06d-6150-4f8a-aaa9-ce3940cd96cb Azure Arc VMware VM Contributor Arc VMware VM Contributor has permissions to perform all VM actions.
add
new Role 2021-10-28 15:43:30
0e75ca1e-0464-4b4d-8b93-68208a576181 Cognitive Services Speech Contributor Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice.
change
Actions 2021-10-26 15:38:27
f2dc8367-1007-4938-bd23-fe263f013447 Cognitive Services Speech User Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models.
change
Actions 2021-10-26 15:38:27
8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204 Azure Maps Data Contributor Grants access to read, write, and delete access to map related data from an Azure maps account.
change
DataActions 2021-10-13 16:30:51
dba33070-676a-4fb0-87fa-064dc56ff7fb Azure Maps Contributor Grants access all Azure Maps resource management.
add
new Role 2021-10-04 15:27:18
6be48352-4f82-47c9-ad5e-0acacefdb005 Azure Maps Search and Render Data Reader Grants access to very limited set of data APIs for common visual web SDK scenarios. Specifically, render and search data APIs.
add
new Role 2021-10-04 15:27:18
9980e02c-c2be-4d73-94e8-173b1dc7cf3c Virtual Machine Contributor Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
change
Actions 2021-10-01 15:34:12
60fc6e62-5479-42d4-8bf4-67625fcc2840 Disk Pool Operator Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool.
add
new Role 2021-09-14 15:45:54
6ae96244-5829-4925-a7d3-5975537d91dd Azure VM Managed identities restore Contributor Azure VM Managed identities restore Contributors are allowed to perform Azure VM Restores with managed identities both user and system
add
new Role 2021-09-13 16:35:21
fd53cd77-2268-407a-8f46-7e7863d0f521 SignalR REST API Owner Full access to Azure SignalR Service REST APIs
change
DisplayName, Description, DataActions 2021-09-13 16:35:21
494ae006-db33-4328-bf46-533a6560a3ca Site Recovery Operator Lets you failover and failback but not perform other Site Recovery management operations
change
Actions 2021-09-10 15:51:14
1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf Stream Analytics Query Tester Lets you perform query testing without creating a stream analytics job first
change
Actions 2021-09-08 15:40:07
a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b Azure Spring Cloud Config Server Contributor Allow read, write and delete access to Azure Spring Cloud Config Server
add
new Role 2021-09-06 17:54:17
6670b86e-a3f7-4917-ac9b-5d6ab1be4567 Site Recovery Contributor Lets you manage Site Recovery service except vault creation and role assignment
change
Actions 2021-09-02 16:18:17
dbaa88c4-0c30-4179-9fb3-46319faa6149 Site Recovery Reader Lets you view Site Recovery status but not perform other management operations
change
Actions 2021-09-02 16:18:17
f353d9bd-d4a6-484e-a77a-8050b599b867 Automation Contributor Manage azure automation resources and other resources using azure automation.
change
Actions 2021-09-01 15:00:06
1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf Stream Analytics Query Tester Lets you perform query testing without creating a stream analytics job first
change
Actions 2021-09-01 15:00:06
d04c6db6-4947-4782-9e91-30a88feb7be7 Azure Spring Cloud Config Server Reader Allow read access to Azure Spring Cloud Config Server
add
new Role 2021-08-26 16:23:33
f5880b48-c26d-48be-b172-7927bfa1c8f1 Azure Spring Cloud Service Registry Contributor Allow read, write and delete access to Azure Spring Cloud Service Registry
add
new Role 2021-08-20 15:48:24
cff1b556-2399-4e7e-856d-a8f754be7b65 Azure Spring Cloud Service Registry Reader Allow read access to Azure Spring Cloud Service Registry
add
new Role 2021-08-20 15:48:24
9980e02c-c2be-4d73-94e8-173b1dc7cf3c Virtual Machine Contributor Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
change
Actions 2021-08-19 16:32:19
2837e146-70d7-4cfd-ad55-7efa6464f958 CodeSigning Certificate Profile Signer Sign files with a certificate profile. This role is in preview and subject to change.
add
new Role 2021-08-17 16:31:35
a79a5197-3a5c-4973-a920-486035ffd60f Grafana Editor Built-in Grafana Editor role
add
new Role 2021-08-13 17:07:50
22926164-76b3-42b3-bc55-97df8dab3e41 Grafana Admin Built-in Grafana admin role
add
new Role 2021-08-13 17:07:50
60921a7e-fef1-4a43-9b16-a26c52ad4769 Grafana Viewer Built-in Grafana Viewer role
add
new Role 2021-08-13 17:07:50
39bc4728-0917-49c7-9d2c-d95423bc2eb4 Security Reader Security Reader Role
change
Actions 2021-08-12 19:47:01
fb1c8493-542b-48eb-b624-b4c8fea62acd Security Admin Security Admin Role
change
NotActions 2021-08-12 19:47:01
85cb6faf-e071-4c9b-8136-154b5a04f717 Kubernetes Extension Contributor Can create, update, get, list and delete Kubernetes Extensions, and get extension async operations
add
new Role 2021-08-11 15:29:45
dfce44e4-17b7-4bd1-a6d1-04996ec95633 Device Provisioning Service Data Contributor Allows for full access to Device Provisioning Service data-plane operations.
add
new Role 2021-08-09 22:29:09
10745317-c249-44a1-a5ce-3a4353c0bbd8 Device Provisioning Service Data Reader Allows for full read access to Device Provisioning Service data-plane properties.
add
new Role 2021-08-09 22:29:09
f353d9bd-d4a6-484e-a77a-8050b599b867 Automation Contributor Manage azure automation resources and other resources using azure automation.
add
new Role 2021-08-09 19:32:28
1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf Stream Analytics Query Tester Lets you perform query testing without creating a stream analytics job first
change
Actions 2021-08-06 15:06:08
15e0f5a1-3450-4248-8e25-e2afe88a9e85 Test Base Reader Let you view and download packages and test results.
change
Actions 2021-08-06 15:06:08
92aaf0da-9dab-42b6-94a3-d43ce8d16293 Log Analytics Contributor Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources.
change
Description, Actions 2021-08-06 15:06:08
3e150937-b8fe-4cfb-8069-0eaf05ecd056 Azure Sentinel Responder Azure Sentinel Responder
change
Actions 2021-08-05 14:48:34
ab8e14d6-4a74-4a29-9ba8-549422addade Azure Sentinel Contributor Azure Sentinel Contributor
change
Actions 2021-08-05 14:48:34
8d289c81-5878-46d4-8554-54e1e3d8b5cb Azure Sentinel Reader Azure Sentinel Reader
change
Actions 2021-08-05 14:48:34
25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68 Cognitive Services Contributor Lets you create, read, update, delete and manage keys of Cognitive Services.
change
Actions 2021-08-03 20:37:08
fb879df8-f326-4884-b1cf-06f3ad86be52 Virtual Machine User Login View Virtual Machines in the portal and login as a regular user.
change
Actions, DataActions 2021-08-02 15:58:24
1c0163c0-47e6-4577-8991-ea5c82e286e4 Virtual Machine Administrator Login View Virtual Machines in the portal and login as administrator
change
Actions, DataActions 2021-08-02 15:58:24
0e75ca1e-0464-4b4d-8b93-68208a576181 Cognitive Services Speech Contributor Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice.
change
Description, DataActions 2021-07-29 15:40:44
7e4f1700-ea5a-4f59-8f37-079cfe29dce3 SignalR Service Owner Full access to Azure SignalR Service REST APIs
change
DisplayName, DataActions 2021-07-29 15:40:44
f2dc8367-1007-4938-bd23-fe263f013447 Cognitive Services Speech User Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models.
change
Description, DataActions, NotDataActions 2021-07-29 15:40:44
26e0b698-aa6d-4085-9386-aadae190014d Azure Relay Listener Allows for listen access to Azure Relay resources.
add
new Role 2021-07-21 16:02:28
26baccc8-eea7-41f1-98f4-1762cc7f685d Azure Relay Sender Allows for send access to Azure Relay resources.
add
new Role 2021-07-20 17:09:18
2787bf04-f1f5-4bfe-8383-c8a24483ee38 Azure Relay Owner Allows for full access to Azure Relay resources.
add
new Role 2021-07-20 17:09:18
3db33094-8700-4567-8da5-1501d4e7e843 FHIR Data Exporter Role allows user or principal to read and export FHIR Data
change
DataActions 2021-07-19 14:20:08
e8113dce-c529-4d33-91fa-e9b972617508 Azure Connected SQL Server Onboarding Microsoft.AzureArcData service role to access the resources of Microsoft.AzureArcData stored with RPSAAS.
add
new Role 2021-07-19 14:20:08
8508508a-4469-4e45-963b-2518ee0bb728 AgFood Platform Service Contributor Provides contribute access to AgFood Platform Service
change
NotDataActions 2021-07-19 14:20:08
f6c7c914-8db3-469d-8ca1-694a8f32e121 AzureML Data Scientist Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself.
add
new Role 2021-07-15 16:24:54
60fc6e62-5479-42d4-8bf4-67625fcc2840 Disk Pool Operator Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool.
remove
decommissioned Role 2021-07-12 16:24:45
39bc4728-0917-49c7-9d2c-d95423bc2eb4 Security Reader Security Reader Role
change
Actions 2021-07-12 16:24:45
a1705bd2-3a8f-45a5-8683-466fcfd5cc24 FHIR Data Converter Role allows user or principal to convert data from legacy format to FHIR
change
DataActions 2021-07-09 14:39:01
4c8d0bbc-75d3-4935-991f-5f3c56d81508 FHIR Data Reader Role allows user or principal to read FHIR Data
change
DataActions 2021-07-09 14:39:01
60fc6e62-5479-42d4-8bf4-67625fcc2840 Disk Pool Operator Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool.
add
new Role 2021-07-09 14:39:01
5a1fc7df-4bf1-4951-a576-89034ee01acd FHIR Data Contributor Role allows user or principal full access to FHIR Data
change
DataActions 2021-07-09 14:39:01
3f88fce4-5892-4214-ae73-ba5294559913 FHIR Data Writer Role allows user or principal to read and write FHIR Data
change
DataActions, NotDataActions 2021-07-09 14:39:01
fb1c8493-542b-48eb-b624-b4c8fea62acd Security Admin Security Admin Role
change
Actions 2021-07-08 14:19:50
c8d4ff99-41c3-41a8-9f60-21dfdad59608 AcrQuarantineWriter acr quarantine data writer
change
DataActions 2021-07-07 15:26:33
d5a91429-5739-47e2-a06b-3470a27159e7 EventGrid Data Sender Allows send access to event grid events.
add
new Role 2021-07-05 14:23:05
cdda3590-29a3-44f6-95f2-9f980659eb04 AcrQuarantineReader acr quarantine data reader
change
DataActions 2021-06-24 14:29:36
6cef56e8-d556-48e5-a04f-b8e64114680f AcrImageSigner acr image signer
change
DataActions 2021-06-24 14:29:36
e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a DICOM Data Reader Read and search DICOM data.
add
new Role 2021-06-18 14:19:53
58a3b984-7adf-4c20-983a-32417c86fbc8 DICOM Data Owner Full access to DICOM data.
add
new Role 2021-06-18 14:19:53
0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3 Storage Table Data Contributor Allows for read, write and delete access to Azure Storage tables and entities
add
new Role 2021-06-15 14:06:27
76199698-9eea-4c19-bc75-cec21354c6b6 Storage Table Data Reader Allows for read access to Azure Storage tables and entities
add
new Role 2021-06-15 14:06:27
00c29273-979b-4161-815c-10b084fb9324 Backup Operator Lets you manage backup services, except removal of backup, vault creation and giving access to others
change
Actions 2021-06-14 13:58:52
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backup service,but can't create vaults and give access to others
change
Actions 2021-06-14 13:58:52
9b7fa17d-e63e-47b0-bb0a-15c516ac86ec SQL DB Contributor Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.
change
NotActions 2021-06-10 15:19:34
a795c7a0-d4a2-40c1-ae25-d81f01202912 Backup Reader Can view backup services, but can't make changes
change
Actions 2021-06-10 15:19:34
cd570a14-e51a-42ad-bac8-bafd67325302 Azure Connected Machine Resource Administrator Can read, write, delete and re-onboard Azure Connected Machines.
change
Actions 2021-06-09 16:50:31
1407120a-92aa-4202-b7e9-c0e197c71c8f Search Index Data Reader Grants read access to Azure Cognitive Search index data.
add
new Role 2021-06-02 22:45:24
8ebe5a00-799e-43f5-93ac-243d3dce84a7 Search Index Data Contributor Grants full access to Azure Cognitive Search index data.
add
new Role 2021-06-02 22:45:24
a795c7a0-d4a2-40c1-ae25-d81f01202912 Backup Reader Can view backup services, but can't make changes
change
Actions 2021-05-25 14:52:54
0b555d9b-b4a7-4f43-b330-627f0e5be8f0 Security Detonation Chamber Submitter Allowed to create submissions to Security Detonation Chamber
change
DataActions 2021-05-24 17:13:01
a37b566d-3efa-4beb-a2f2-698963fa42ce Security Detonation Chamber Submission Manager Allowed to create and manage submissions to Security Detonation Chamber
change
DataActions 2021-05-24 17:13:01
15e0f5a1-3450-4248-8e25-e2afe88a9e85 Test Base Reader Let you view and download packages and test results.
add
new Role 2021-05-12 14:41:18
532bc159-b25e-42c0-969e-a1d439f60d77 Media Services Live Events Administrator Create, read and modify Live Events, Assets, Asset Filters and Streaming Locators; read-only access to other Media Services resources.
add
new Role 2021-05-07 14:29:30
e4395492-1534-4db2-bedf-88c14621589c Media Services Media Operator Create, read, modify, and delete of Assets, Asset Filters, Streaming Locators and Jobs; read-only access to other Media Services resources.
add
new Role 2021-05-07 14:29:30
c4bba371-dacd-4a26-b320-7250bca963ae Media Services Policy Administrator Create, read, modify, and delete Account Filters, Streaming Policies, Content Key Policies and Transforms; read-only access to other Media Services resources. Cannot create Jobs, Assets or Streaming resources.
add
new Role 2021-05-07 14:29:30
99dba123-b5fe-44d5-874c-ced7199a5804 Media Services Streaming Endpoints Administrator Create, read, modify and delete Streaming Endpoints; read-only access to other Media Services resources.
add
new Role 2021-05-07 14:29:30
054126f8-9a2b-4f1c-a9ad-eca461f08466 Media Services Account Administrator Create, read, modify and delete Media Services accounts; read-only access to other Media Services resources.
add
new Role 2021-05-03 14:09:38
cd570a14-e51a-42ad-bac8-bafd67325302 Azure Connected Machine Resource Administrator Can read, write, delete and re-onboard Azure Connected Machines.
change
Actions 2021-04-29 16:55:26
1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf Stream Analytics Query Tester Lets you perform query testing without creating a stream analytics job first
add
new Role 2021-04-27 15:39:18
7a6f0e70-c033-4fb1-828c-08514e5f4102 Collaborative Runtime Operator Can manage resources created by AICS at runtime
change
Actions 2021-04-26 14:08:50
4ea46cd5-c1b2-4a8e-910b-273211f9ce47 Azure Iot Hubs Registry Contributor Allows for full access to Azure IoT Hubs device registry.
add
new Role 2021-04-23 13:42:10
494bdba2-168f-4f31-a0a1-191d2f7c028c Azure Iot?Hubs?Twin?Contributor Allows for read and write access to all Azure IoT Hubs device and module twins.
add
new Role 2021-04-23 13:42:10
4fc6c259-987e-4a07-842e-c321cc9d413f Azure Iot?Hubs?Data?Contributor Allows for full access to Azure IoT Hubs data plane operations.
add
new Role 2021-04-23 13:42:10
b447c946-2db7-41ec-983d-d8bf3b1c77e3 Azure Iot Hubs Data Reader Allows for full read access to Azure Iot Hubs data-plane properties
add
new Role 2021-04-23 13:42:10
a2138dac-4907-4679-a376-736901ed8ad8 AnyBuild Builder Basic user role for AnyBuild. This role allows listing of agent information and execution of remote build capabilities.
add
new Role 2021-04-21 13:28:47
9894cab4-e18a-44aa-828b-cb588cd6f2d7 Cognitive Services Face Recognizer Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices.
add
new Role 2021-03-31 14:35:06
0e75ca1e-0464-4b4d-8b93-68208a576181 Cognitive Services Speech Contributor This is a role that can read, write and delete all speech resources.
add
new Role 2021-03-30 13:51:32
f2dc8367-1007-4938-bd23-fe263f013447 Cognitive Services Speech User This is a role that can create, read, change and delete batch transcriptions, do real time transcriptions and list or get other speech resources.
add
new Role 2021-03-30 13:51:32
b5537268-8956-4941-a8f0-646150406f0c Azure Spring Cloud Data Reader Allow read access to Azure Spring Cloud Data
add
new Role 2021-03-25 15:40:30
bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf Web PubSub Service Reader (Preview) Read-only access to Azure Web PubSub Service REST APIs
add
new Role 2021-03-24 14:32:47
12cf5a90-567b-43ae-8102-96cf46c7d9b4 Web PubSub Service Owner (Preview) Full access to Azure Web PubSub Service REST APIs
add
new Role 2021-03-24 14:32:47
b64e21ea-ac4e-4cdf-9dc9-5b892992bee7 Azure Connected Machine Onboarding Can onboard Azure Connected Machines.
change
Actions 2021-03-24 14:32:47
7e4f1700-ea5a-4f59-8f37-079cfe29dce3 SignalR Service Owner (Preview) Full access to Azure SignalR Service REST APIs
change
DataActions 2021-03-24 14:32:47
cd570a14-e51a-42ad-bac8-bafd67325302 Azure Connected Machine Resource Administrator Can read, write, delete and re-onboard Azure Connected Machines.
change
Actions 2021-03-24 14:32:47
daa9e50b-21df-454c-94a6-a8050adab352 Collaborative Data Contributor Can manage data packages of a collaborative.
change
Actions 2021-03-17 17:26:57
d17ce0a2-0697-43bc-aac5-9113337ab61c WorkloadBuilder Migration Agent Role WorkloadBuilder Migration Agent Role.
add
new Role 2021-03-12 15:32:19
f4cc2bf9-21be-47a1-bdf1-5c5804381025 Cognitive Services QnA Maker Editor Let's you create, edit, import and export a KB. You cannot publish or delete a KB.
change
DataActions 2021-03-11 15:16:45
466ccd10-b268-4a11-b098-b4849f024126 Cognitive Services QnA Maker Reader Let's you read and test a KB only.
change
DataActions 2021-03-11 15:16:45
6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 SQL Server Contributor Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.
change
NotActions 2021-03-09 14:37:39
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them.
change
Actions 2021-03-09 14:37:39
7f646f1b-fa08-80eb-a22b-edd6ce5c915c Experimentation Contributor Experimentation Contributor
change
DataActions 2021-03-08 14:55:25
6188b7c9-7d01-4f99-a59f-c88b630326c0 Experimentation Metric Contributor Allows for creation, writes and reads to the metric set via the metrics service APIs.
change
DisplayName, Actions, DataActions 2021-03-08 14:55:25
7f646f1b-fa08-80eb-a33b-edd6ce5c915c Experimentation Administrator Experimentation Administrator
change
Actions 2021-03-08 14:55:25
352470b3-6a9c-4686-b503-35deb827e500 Security Detonation Chamber Publisher Allowed to publish and modify platforms, workflows and toolsets to Security Detonation Chamber
change
DataActions 2021-03-08 14:55:25
ca0835dd-bacc-42dd-8ed2-ed5e7230d15b Object Anchors Account Owner Provides user with ingestion capabilities for an object anchors account.
add
new Role 2021-03-02 15:11:43
4a167cdf-cb95-4554-9203-2347fe489bd9 Object Anchors Account Reader Lets you read ingestion jobs for an object anchors account.
add
new Role 2021-03-02 15:11:43
28241645-39f8-410b-ad48-87863e2951d5 Security Detonation Chamber Reader Allowed to query submission info and files from Security Detonation Chamber
add
new Role 2021-03-01 15:42:30
230815da-be43-4aae-9cb4-875f7bd000aa Cosmos DB Operator Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.
change
NotActions 2021-02-26 14:41:31
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them.
change
Actions 2021-02-15 15:24:20
1e241071-0855-49ea-94dc-649edcd759de EventGrid Contributor Lets you manage EventGrid operations.
change
Actions 2021-02-11 14:23:07
1e241071-0855-49ea-94dc-649edcd759de EventGrid Contributor Lets you manage EventGrid operations.
add
new Role 2021-02-09 14:46:34
d63b75f7-47ea-4f27-92ac-e0d173aaf093 Autonomous Development Platform Data Reader (Preview) Grants read access to Autonomous Development Platform data.
change
DataActions 2021-02-09 14:46:34
b8b15564-4fa6-4a59-ab12-03e1d9594795 Autonomous Development Platform Data Contributor (Preview) Grants permissions to upload and manage new Autonomous Development Platform measurements.
change
DataActions 2021-02-09 14:46:34
27f8b550-c507-4db9-86f2-f4b8e816d59d Autonomous Development Platform Data Owner (Preview) Grants full access to Autonomous Development Platform data.
change
DataActions 2021-02-09 14:46:34
7a6f0e70-c033-4fb1-828c-08514e5f4102 Collaborative Runtime Operator Can manage resources created by AICS at runtime
change
Actions 2021-02-08 14:18:19
0e5f05e5-9ab9-446b-b98d-1e2157c94125 Quota Request Operator Role Role to read and create Quota Requests and get Quota Request Status.
change
Actions 2021-02-05 15:19:18
ba92f5b4-2d11-453d-a403-e96b0029c9fe Storage Blob Data Contributor Allows for read, write and delete access to Azure Storage blob containers and data
change
DataActions 2021-02-04 14:17:50
7f646f1b-fa08-80eb-a33b-edd6ce5c915c Experimentation Administrator Experimentation Administrator
change
DataActions 2021-02-03 15:09:04
0e5f05e5-9ab9-446b-b98d-1e2157c94125 Quota Request Operator Role Role to read and create Quota Requests and get Quota Request Status.
add
new Role 2021-02-03 15:09:04
6188b7c9-7d01-4f99-a59f-c88b630326c0 Metric Contributor Allows for creation, writes and reads to the metric set via the metrics service APIs.
change
DataActions 2021-01-29 15:07:15
f4c81013-99ee-4d62-a7ee-b3f1f648599a Azure Sentinel Automation Contributor Azure Sentinel Automation Contributor
change
Actions 2021-01-26 16:07:29
f4c81013-99ee-4d62-a7ee-b3f1f648599a Azure Sentinel Automation Contributor Azure Sentinel Automation Contributor
add
new Role 2021-01-25 16:07:06
a37b566d-3efa-4beb-a2f2-698963fa42ce Security Detonation Chamber Submission Manager Allowed to create and manage submissions to Security Detonation Chamber
change
DataActions 2021-01-25 16:07:06
352470b3-6a9c-4686-b503-35deb827e500 Security Detonation Chamber Publisher Allowed to publish and modify platforms, workflows and toolsets to Security Detonation Chamber
change
DataActions 2021-01-25 16:07:06
0b555d9b-b4a7-4f43-b330-627f0e5be8f0 Security Detonation Chamber Submitter Allowed to create submissions to Security Detonation Chamber
change
DataActions 2021-01-25 16:07:06
a1705bd2-3a8f-45a5-8683-466fcfd5cc24 FHIR Data Converter Role allows user or principal to convert data from legacy format to FHIR
add
new Role 2021-01-25 16:07:06
974c5e8b-45b9-4653-ba55-5f855dd0fb88 Storage Queue Data Contributor Allows for read, write, and delete access to Azure Storage queues and queue messages
change
DataActions 2021-01-25 16:07:06
5432c526-bc82-444a-b7ba-57c5b0b5b34f CosmosRestoreOperator Can perform restore action for Cosmos DB database account
add
new Role 2021-01-22 09:15:20
ae349356-3a1b-4a5e-921d-050484c6347e Application Insights Component Contributor Can manage Application Insights components
change
Actions 2021-01-20 16:06:17
7a6f0e70-c033-4fb1-828c-08514e5f4102 Collaborative Runtime Operator Can manage resources created by AICS at runtime
add
new Role 2021-01-19 16:07:23
00c29273-979b-4161-815c-10b084fb9324 Backup Operator Lets you manage backup services, except removal of backup, vault creation and giving access to others
change
Actions 2021-01-19 16:07:23
7f646f1b-fa08-80eb-a22b-edd6ce5c915c Experimentation Contributor Experimentation Contributor
change
Actions 2021-01-18 16:05:49
7f646f1b-fa08-80eb-a33b-edd6ce5c915c Experimentation Administrator Experimentation Administrator
change
Actions 2021-01-18 16:05:49
352470b3-6a9c-4686-b503-35deb827e500 Security Detonation Chamber Publisher Allowed to publish and modify platforms, workflows and toolsets to Security Detonation Chamber
add
new Role 2021-01-18 16:05:49
a37b566d-3efa-4beb-a2f2-698963fa42ce Security Detonation Chamber Submission Manager Allowed to create and manage submissions to Security Detonation Chamber
add
new Role 2021-01-18 16:05:49
49632ef5-d9ac-41f4-b8e7-bbe587fa74a1 Experimentation Reader Experimentation Reader
change
Actions 2021-01-12 16:06:58
5548b2cf-c94c-4228-90ba-30851930a12f Microsoft.Kubernetes connected cluster role Microsoft.Kubernetes connected cluster role.
add
new Role 2021-01-08 16:05:47
7efff54f-a5b4-42b5-a1c5-5411624893ce Disk Snapshot Contributor Provides permission to backup vault to manage disk snapshots.
change
Actions 2021-01-06 16:06:44
b8b15564-4fa6-4a59-ab12-03e1d9594795 Autonomous Development Platform Data Contributor (Preview) Grants permissions to upload and manage new Autonomous Development Platform measurements.
change
Description, DataActions, NotDataActions 2021-01-05 16:06:49
39bc4728-0917-49c7-9d2c-d95423bc2eb4 Security Reader Security Reader Role
change
Actions 2021-01-04 16:05:39
7efff54f-a5b4-42b5-a1c5-5411624893ce Disk Snapshot Contributor Provides permission to backup vault to manage disk snapshots.
change
Actions 2020-12-18 16:05:51
b50d9833-a0cb-478e-945f-707fcc997c13 Disk Restore Operator Provides permission to backup vault to perform disk restore.
change
Actions 2020-12-18 16:05:51
e147488a-f6f5-4113-8e2d-b22465e65bf6 Key Vault Crypto Service Encryption User (preview) Read metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the 'Azure role-based access control' permission model.
change
DisplayName, Actions 2020-12-18 16:05:51
3e5e47e6-65f7-47ef-90b5-e5dd4d455f24 Disk Backup Reader Provides permission to backup vault to perform disk backup.
change
Actions 2020-12-18 16:05:51
7efff54f-a5b4-42b5-a1c5-5411624893ce Disk Snapshot Contributor Provides permission to backup vault to manage disk snapshots.
add
new Role 2020-12-15 16:36:19
d63b75f7-47ea-4f27-92ac-e0d173aaf093 Autonomous Development Platform Data Reader (Preview) Grants read access to Autonomous Development Platform data.
add
new Role 2020-12-15 16:36:19
b50d9833-a0cb-478e-945f-707fcc997c13 Disk Restore Operator Provides permission to backup vault to perform disk restore.
add
new Role 2020-12-15 16:36:19
3e5e47e6-65f7-47ef-90b5-e5dd4d455f24 Disk Backup Reader Provides permission to backup vault to perform disk backup.
add
new Role 2020-12-15 16:36:19
27f8b550-c507-4db9-86f2-f4b8e816d59d Autonomous Development Platform Data Owner (Preview) Grants full access to Autonomous Development Platform data.
add
new Role 2020-12-15 16:36:19
b8b15564-4fa6-4a59-ab12-03e1d9594795 Autonomous Development Platform Data Contributor (Preview) Grants permissions to manage Autonomous Development Platform data entities, but does not allow accessing the underlying data. Note that entity deletion is not permitted by this role.
add
new Role 2020-12-15 16:36:19
e307426c-f9b6-4e81-87de-d99efb3c32bc Desktop Virtualization Host Pool Contributor Contributor of the Desktop Virtualization Host Pool.
add
new Role 2020-12-14 15:13:28
aebf23d0-b568-4e86-b8f9-fe83a2c6ab55 Desktop Virtualization Application Group Reader Reader of the Desktop Virtualization Application Group.
add
new Role 2020-12-14 15:13:28
21efdde3-836f-432b-bf3d-3e8e734d4b2b Desktop Virtualization Workspace Contributor Contributor of the Desktop Virtualization Workspace.
add
new Role 2020-12-14 15:13:28
ceadfde2-b300-400a-ab7b-6143895aa822 Desktop Virtualization Host Pool Reader Reader of the Desktop Virtualization Host Pool.
add
new Role 2020-12-14 15:13:28
c7aa55d3-1abb-444a-a5ca-5e51e485d6ec Integration Service Environment Developer Allows developers to create and update workflows, integration accounts and API connections in integration service environments.
change
Actions 2020-12-14 15:13:28
0fa44ee9-7a7d-466b-9bb2-2bf446b1204d Desktop Virtualization Workspace Reader Reader of the Desktop Virtualization Workspace.
add
new Role 2020-12-14 15:13:28
2ad6aaab-ead9-4eaa-8ac5-da422f562408 Desktop Virtualization Session Host Operator Operator of the Desktop Virtualization Session Host.
add
new Role 2020-12-14 15:13:28
ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6 Desktop Virtualization User Session Operator Operator of the Desktop Virtualization Uesr Session.
add
new Role 2020-12-14 15:13:28
49a72310-ab8d-41df-bbb0-79b649203868 Desktop Virtualization Reader Reader of Desktop Virtualization.
add
new Role 2020-12-14 15:13:28
082f0a83-3be5-4ba1-904c-961cca79b387 Desktop Virtualization Contributor Contributor of Desktop Virtualization.
add
new Role 2020-12-14 15:13:28
86240b0e-9422-4c43-887b-b61143f32ba8 Desktop Virtualization Application Group Contributor Contributor of the Desktop Virtualization Application Group.
add
new Role 2020-12-14 15:13:28
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them.
change
Actions 2020-12-10 15:11:36
72fafb9e-0641-4937-9268-a91bfd8191a3 Cost Management Reader Can view cost data and configuration (e.g. budgets, exports)
change
Actions 2020-12-08 15:44:03
3e150937-b8fe-4cfb-8069-0eaf05ecd056 Azure Sentinel Responder Azure Sentinel Responder
change
Actions 2020-12-08 15:44:03
434105ed-43f6-45c7-a02f-909b2ba83430 Cost Management Contributor Can view costs and manage cost configuration (e.g. budgets, exports)
change
Actions 2020-12-08 15:44:03
ca6382a4-1721-4bcf-a114-ff0c70227b6b Application Group Contributor Contributor of the Application Group.
change
Actions 2020-12-07 15:13:35
ca6382a4-1721-4bcf-a114-ff0c70227b6b Application Group Contributor Contributor of the Application Group.
add
new Role 2020-12-04 15:12:58
6188b7c9-7d01-4f99-a59f-c88b630326c0 Metric Contributor Allows for creation, writes and reads to the metric set via the metrics service APIs.
change
DataActions 2020-11-24 15:34:53
c8d896ba-346d-4f50-bc1d-7d1c84130446 Project Babylon Data Reader The Microsoft.ProjectBabylon data reader can read catalog data objects. This role is in preview and subject to change.
change
DisplayName, Description, Actions 2020-11-23 14:37:57
05b7651b-dc44-475e-b74d-df3db49fae0f Project Babylon Data Source Administrator The Microsoft.ProjectBabylon data source administrator can manage data sources and data scans. This role is in preview and subject to change.
change
DisplayName, Description, Actions 2020-11-23 14:37:57
9ef4ef9c-a049-46b0-82ab-dd8ac094c889 Project Babylon Data Curator The Microsoft.ProjectBabylon data curator can create, read, modify and delete catalog data objects and establish relationships between objects. This role is in preview and subject to change.
change
DisplayName, Description, Actions 2020-11-23 14:37:57
8a3c2885-9b38-4fd2-9d99-91af537c1347 Purview Data Curator Role Preview The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects
change
Actions 2020-11-19 14:28:56
ff100721-1b9d-43d8-af52-42b69c1272db Purview Data Reader Role Preview The Microsoft.Purview data reader can read catalog data objects
change
Actions 2020-11-19 14:28:56
e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1 Storage Account Backup Contributor Role Storage Account Backup Contributors are allowed to perform backup and restore of Storage Account.
change
Actions 2020-11-19 14:28:56
200bba9e-f0c8-430f-892b-6f0794863803 Purview Data Source Administrator Role Preview The Microsoft.Purview data source administrator can manage data sources and data scans
change
Actions 2020-11-19 14:28:56
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings.
change
Actions 2020-11-18 18:53:03
f2f79976-90be-4501-89c6-7caf12474683 Azure Data Cloud Lifter Management Grants full access to manage all resources in managed Resource Group.
remove
decommissioned Role 2020-11-18 18:53:03
6188b7c9-7d01-4f99-a59f-c88b630326c0 Metric Contributor Allows for creation, writes and reads to the metric set via the metrics service APIs.
change
DisplayName, DataActions 2020-11-18 18:53:03
200bba9e-f0c8-430f-892b-6f0794863803 Purview Data Source Administrator Role Preview The Microsoft.Purview data source administrator can manage data sources and data scans
add
new Role 2020-11-16 13:39:23
ff100721-1b9d-43d8-af52-42b69c1272db Purview Data Reader Role Preview The Microsoft.Purview data reader can read catalog data objects
add
new Role 2020-11-16 13:39:23
8a3c2885-9b38-4fd2-9d99-91af537c1347 Purview Data Curator Role Preview The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects
add
new Role 2020-11-16 13:39:23
e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1 Storage Account Backup Contributor Role Storage Account Backup Contributors are allowed to perform backup and restore of Storage Account.
change
Actions 2020-11-16 13:39:23
c8d896ba-346d-4f50-bc1d-7d1c84130446 Project Babylon Data Reader Role Preview The Microsoft.ProjectBabylon data reader can read catalog data objects
add
new Role 2020-11-16 13:39:23
05b7651b-dc44-475e-b74d-df3db49fae0f Project Babylon Data Source Administrator Role Preview The Microsoft.ProjectBabylon data source administrator can manage data sources and data scans
add
new Role 2020-11-16 13:39:23
9ef4ef9c-a049-46b0-82ab-dd8ac094c889 Project Babylon Data Curator Role Preview The Microsoft.ProjectBabylon data curator can create, read, modify and delete catalog data objects and establish relationships between objects
add
new Role 2020-11-16 13:39:23
e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1 Storage Account Backup Contributor Role Storage Account Backup Contributors are allowed to perform backup and restore of Storage Account.
add
new Role 2020-11-13 14:22:44
6188b7c9-7d01-4f99-a59f-c88b630326c0 Metric Contributor Service Role Allows for creation, writes and reads to the metric set via the metrics service APIs.
add
new Role 2020-11-12 14:32:48
b24988ac-6180-42a0-ab88-20f7382dd24c Contributor Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC.
change
NotActions 2020-11-11 15:02:47
3e150937-b8fe-4cfb-8069-0eaf05ecd056 Azure Sentinel Responder Azure Sentinel Responder
change
NotActions 2020-11-09 14:42:02
8d289c81-5878-46d4-8554-54e1e3d8b5cb Azure Sentinel Reader Azure Sentinel Reader
change
Actions 2020-11-04 15:39:11
ab8e14d6-4a74-4a29-9ba8-549422addade Azure Sentinel Contributor Azure Sentinel Contributor
change
Actions 2020-11-04 15:39:11
3e150937-b8fe-4cfb-8069-0eaf05ecd056 Azure Sentinel Responder Azure Sentinel Responder
change
Actions 2020-11-04 15:39:11
dffb1e0c-446f-4dde-a09f-99eb5cc68b96 Azure Arc Kubernetes Admin Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.
change
DataActions, NotDataActions 2020-11-03 14:38:31
63f0a09d-1495-4db4-a681-037d84835eb4 Azure Arc Kubernetes Viewer Lets you view all resources in cluster/namespace, except secrets.
change
DataActions, NotDataActions 2020-11-03 14:38:31
5b999177-9696-4545-85c7-50de3797e5a1 Azure Arc Kubernetes Writer Lets you update everything in cluster/namespace, except (cluster)roles and (cluster)role bindings.
change
DataActions, NotDataActions 2020-11-03 14:38:31
635dd51f-9968-44d3-b7fb-6d9a6bd613ae AzureML Metrics Writer (preview) Lets you write metrics to AzureML workspace
add
new Role 2020-10-29 15:20:50
f2f79976-90be-4501-89c6-7caf12474683 Azure Data Cloud Lifter Management Grants full access to manage all resources in managed Resource Group.
change
Actions 2020-10-28 15:04:35
8508508a-4469-4e45-963b-2518ee0bb728 AgFood Platform Service Contributor Provides contribute access to AgFood Platform Service
change
NotDataActions 2020-10-27 14:13:08
f7b75c60-3036-4b75-91c3-6b41c27c1689 Reservation Purchaser Lets you purchase reservations
add
new Role 2020-10-26 14:19:04
420fcaa2-552c-430f-98ca-3264be4806c7 SignalR App Server (Preview) Lets your app server access SignalR Service with AAD auth options.
change
DataActions 2020-10-23 13:31:33
7e4f1700-ea5a-4f59-8f37-079cfe29dce3 SignalR Service Owner (Preview) Full access to Azure SignalR Service REST APIs
change
DataActions 2020-10-23 13:31:33
fd53cd77-2268-407a-8f46-7e7863d0f521 SignalR Serverless Contributor (Preview) Lets your app access service in serverless mode with AAD auth options.
change
Description, DataActions 2020-10-23 13:31:33
a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb Azure Kubernetes Service RBAC Writer Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.
change
Description, Actions, DataActions, NotDataActions 2020-10-23 13:31:33
7f6c6a51-bcf8-42ba-9220-52d62157d7db Azure Kubernetes Service RBAC Reader Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.
change
Description, Actions, DataActions, NotDataActions 2020-10-23 13:31:33
9b7fa17d-e63e-47b0-bb0a-15c516ac86ec SQL DB Contributor Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.
change
NotActions 2020-10-20 13:29:34
6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 SQL Server Contributor Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.
change
NotActions 2020-10-20 13:29:34
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them.
change
Actions 2020-10-20 13:29:34
f2f79976-90be-4501-89c6-7caf12474683 Azure Data Cloud Lifter Management Grants full access to manage all resources in managed Resource Group.
add
new Role 2020-10-20 13:29:34
0b555d9b-b4a7-4f43-b330-627f0e5be8f0 Security Detonation Chamber Submitter Allowed to create submissions to Security Detonation Chamber
add
new Role 2020-10-19 15:27:07
7e4f1700-ea5a-4f59-8f37-079cfe29dce3 SignalR Service Owner (Preview) Full access to Azure SignalR Service REST APIs
add
new Role 2020-10-13 13:23:37
ddde6b66-c0df-4114-a159-3618637b3035 SignalR Service Reader (Preview) Read-only access to Azure SignalR Service REST APIs
add
new Role 2020-10-13 13:23:37
82200a5b-e217-47a5-b665-6d8765ee745b Services Hub Operator Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors.
change
Actions 2020-10-07 08:52:18
4fe6d683-8411-4247-8525-b6b5b8a80669 Microsoft.ScVmm service role Microsoft.ScVmm service role.
remove
decommissioned Role 2020-09-23 13:42:44
18500a29-7fe2-46b2-a342-b16a415e101d Managed HSM contributor Lets you manage managed HSM pools, but not access to them.
add
new Role 2020-09-17 14:31:34
7ec7ccdc-f61e-41fe-9aaf-980df0a44eba AgFood Platform Service Reader Provides read access to AgFood Platform Service
add
new Role 2020-09-14 13:55:19
f8da80de-1ff9-4747-ad80-a19b7f6079e3 AgFood Platform Service Admin Provides admin access to AgFood Platform Service
add
new Role 2020-09-14 13:55:19
5dffeca3-4936-4216-b2bc-10343a5abb25 Schema Registry Contributor (Preview) Read, write, and delete Schema Registry groups and schemas.
add
new Role 2020-09-14 13:55:19
8508508a-4469-4e45-963b-2518ee0bb728 AgFood Platform Service Contributor Provides contribute access to AgFood Platform Service
add
new Role 2020-09-14 13:55:19
4fe6d683-8411-4247-8525-b6b5b8a80669 Microsoft.ScVmm service role Microsoft.ScVmm service role.
add
new Role 2020-09-14 13:55:19
2c56ea50-c6b3-40a6-83c0-9d98858bc7d2 Schema Registry Reader (Preview) Read and list Schema Registry groups and schemas.
add
new Role 2020-09-14 13:55:19
3b20f47b-3825-43cb-8114-4bd2201156a8 Cognitive Services Metrics Advisor User Access to the project.
add
new Role 2020-09-10 14:55:48
cb43c632-a144-4ec5-977c-e80c4affc34a Cognitive Services Metrics Advisor Administrator Full access to the project, including the system level configuration.
add
new Role 2020-09-10 14:55:48
0378884a-3af5-44ab-8323-f5b22f9f3c98 Device Update Content Administrator Gives you full access to content operations
add
new Role 2020-08-23 16:02:03
d1ee9a80-8b14-47f0-bdc2-f4a351625a7b Device Update Content Reader Gives you read access to content operations, but does not allow making changes
add
new Role 2020-08-23 16:02:03
e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f Device Update Reader Gives you read access to management and content operations, but does not allow making changes
add
new Role 2020-08-23 16:02:03
e4237640-0e3d-4a46-8fda-70bc94856432 Device Update Deployments Administrator Gives you full access to management operations
add
new Role 2020-08-23 16:02:03
02ca0879-e8e4-47a5-a61e-5c618b76e64a Device Update Administrator Gives you full access to management and content operations
add
new Role 2020-08-23 16:02:03
49e2f5d2-7741-4835-8efa-19e1fe35e47f Device Update Deployments Reader Gives you read access to management operations, but does not allow making changes
add
new Role 2020-08-23 16:02:03
daa9e50b-21df-454c-94a6-a8050adab352 Collaborative Data Contributor Can manage data packages of a collaborative.
add
new Role 2020-08-14 14:27:30
fd53cd77-2268-407a-8f46-7e7863d0f521 SignalR Serverless Contributor (Preview) Lets your app access service in serverless mode.
add
new Role 2020-07-29 13:49:09
00493d72-78f6-4148-b6c5-d3ce8e4799dd Azure Arc Enabled Kubernetes Cluster User Role List cluster user credentials action.
add
new Role 2020-07-29 13:49:09
420fcaa2-552c-430f-98ca-3264be4806c7 SignalR App Server (Preview) Lets your app server access SignalR Service with AAD Auth options.
add
new Role 2020-07-29 13:49:09
d18777c0-1514-4662-8490-608db7d334b6 Object Understanding Account Reader Lets you read ingestion jobs for an object understanding account.
add
new Role 2020-07-24 14:41:55
82200a5b-e217-47a5-b665-6d8765ee745b Services Hub Operator Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors.
add
new Role 2020-07-21 19:48:17
3498e952-d568-435e-9b2c-8d77e338d7f7 Azure Kubernetes Service RBAC Admin Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.
add
new Role 2020-07-03 14:58:03
7f6c6a51-bcf8-42ba-9220-52d62157d7db Azure Kubernetes Service RBAC Reader Lets you view all resources in cluster/namespace, except secrets.
add
new Role 2020-07-03 14:58:03
a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb Azure Kubernetes Service RBAC Writer Lets you update everything in cluster/namespace, except resource quotas, namespaces, pod security policies, certificate signing requests, (cluster)roles and (cluster)role bindings.
add
new Role 2020-07-03 14:58:03
b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b Azure Kubernetes Service RBAC Cluster Admin Lets you manage all resources in the cluster.
add
new Role 2020-07-03 14:58:03
63f0a09d-1495-4db4-a681-037d84835eb4 Azure Arc Kubernetes Viewer Lets you view all resources in cluster/namespace, except secrets.
add
new Role 2020-06-15 15:35:59
8393591c-06b9-48a2-a542-1bd6b377f6a2 Azure Arc Kubernetes Cluster Admin Lets you manage all resources in the cluster.
add
new Role 2020-06-15 15:35:59
5b999177-9696-4545-85c7-50de3797e5a1 Azure Arc Kubernetes Writer Lets you update everything in cluster/namespace, except (cluster)roles and (cluster)role bindings.
add
new Role 2020-06-15 15:35:59
dffb1e0c-446f-4dde-a09f-99eb5cc68b96 Azure Arc Kubernetes Admin Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.
add
new Role 2020-06-15 15:35:59
e147488a-f6f5-4113-8e2d-b22465e65bf6 Key Vault Crypto Service Encryption (preview) Can read metadata of keys and perform wrap/unwrap operations.
add
new Role 2020-05-21 16:07:05
a4417e6f-fecd-4de8-b567-7b0420556985 Key Vault Certificates Officer (preview) Can perform any action on the certificates of a key vault, except manage permissions.
add
new Role 2020-05-19 20:42:36
4633458b-17de-408a-b874-0445c86b69e6 Key Vault Secrets User (preview) Can read secret contents.
add
new Role 2020-05-19 20:42:36
14b46e9e-c2b7-41b4-b07b-48a6ebf60603 Key Vault Crypto Officer (preview) Can perform any action on the keys of a key vault, except manage permissions.
add
new Role 2020-05-19 20:42:36
21090545-7ca7-4776-b22c-e363652d74d2 Key Vault Reader (preview) Can read metadata of key vaults and its certificates, keys and secrets. Cannot read sensitive values such as secret contents or key material.
add
new Role 2020-05-19 20:42:36
00482a5a-887f-4fb3-b363-3b7fe8e74483 Key Vault Administrator (preview) Can perform any action on certificates, keys and secrets of a key vault, except manage permissions.
add
new Role 2020-05-19 20:42:36
12338af0-0e69-4776-bea7-57ae8d297424 Key Vault Crypto User (preview) Can perform cryptographic operations on keys and certificates.
add
new Role 2020-05-19 20:42:36
b86a8fe4-44ce-4948-aee5-eccb2c155cd7 Key Vault Secrets Officer (preview) Can perform any action on the secrets of a key vault, except manage permissions.
add
new Role 2020-05-19 20:42:36
c1ff6cc2-c111-46fe-8896-e0ef812ad9f3 Cognitive Services Custom Vision Contributor Full access to the project, including the ability to view, create, edit, or delete projects.
add
new Role 2020-05-09 14:57:51
93586559-c37d-4a6b-ba08-b9f0940c2d73 Cognitive Services Custom Vision Reader Read-only actions in the project. Readers can't create or update the project.
add
new Role 2020-05-09 14:57:51
5c4089e1-6d96-4d2f-b296-c1bc7137275f Cognitive Services Custom Vision Deployment Publish, unpublish or export models. Deployment can view the project but can't update.
add
new Role 2020-05-09 14:57:51
0a5ae4ab-0d65-4eeb-be61-29fc9b54394b Cognitive Services Custom Vision Trainer View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can't create or delete the project.
add
new Role 2020-05-09 14:57:51
88424f51-ebe7-446f-bc41-7fa16989e96c Cognitive Services Custom Vision Labeler View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags.
add
new Role 2020-05-09 14:57:51
8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204 Azure Maps Data Contributor Grants access to read, write, and delete access to map related data from an Azure maps account.
add
new Role 2020-05-08 05:22:07
466ccd10-b268-4a11-b098-b4849f024126 Cognitive Services QnA Maker Reader Let's you read and test a KB only.
change
DisplayName 2020-05-04 15:11:45
f4cc2bf9-21be-47a1-bdf1-5c5804381025 Cognitive Services QnA Maker Editor Let's you create, edit, import and export a KB. You cannot publish or delete a KB.
change
DisplayName 2020-05-04 15:11:45
423170ca-a8f6-4b0f-8487-9e4eb8f49bfa Azure Maps Data Reader Grants access to read map related data from an Azure maps account.
change
DisplayName 2020-04-29 16:42:26
aefefa01-2a29-4197-83a8-2828f33ce315 Tenant registration role Service role used by RP's for tenant level registration
remove
decommissioned Role 2020-04-24 19:20:22
49632ef5-d9ac-41f4-b8e7-bbe587fa74a1 Experimentation Reader Experimentation Reader
change
DisplayName 2020-04-23 15:06:19
4dd61c23-6743-42fe-a388-d8bdd41cb745 Object Understanding Account Owner Provides user with ingestion capabilities for Azure Object Understanding.
add
new Role 2020-04-23 15:06:19
ed4b1625-bac7-4b49-8578-127fc3440d25 Experiment Administrator Experiment Administrator
remove
decommissioned Role 2020-04-23 15:06:19
70ea1423-466c-4e7b-a2ee-f1206ef2072d Experiment Contributor Experiment Contributor
remove
decommissioned Role 2020-04-23 15:06:19
aefefa01-2a29-4197-83a8-2828f33ce315 Tenant registration role Service role used by RP's for tenant level registration
add
new Role 2020-04-23 15:06:19
49632ef5-d9ac-41f4-b8e7-bbe587fa74a1 Experiment Operator Experiment Operator
change
DisplayName 2020-03-28 01:22:25
b879ac78-f1e6-448d-ab4c-5908cd5967c1 VSOnline Virtual Network Service Role This role will have access to customer's virtual networks, nics, and public ips. It used by VSOnline to deploy VMs into customer's virtual network
remove
decommissioned Role 2020-03-28 01:22:25
49632ef5-d9ac-41f4-b8e7-bbe587fa74a1 Experimentation Operator Experiment Operator
add
new Role 2020-03-26 18:26:05
ed4b1625-bac7-4b49-8578-127fc3440d25 Experiment Administrator Experiment Administrator
add
new Role 2020-03-26 18:26:05
70ea1423-466c-4e7b-a2ee-f1206ef2072d Experiment Contributor Experiment Contributor
add
new Role 2020-03-26 18:26:05
3f88fce4-5892-4214-ae73-ba5294559913 FHIR Data Writer Role allows user or principal to read and write FHIR Data
add
new Role 2020-03-18 07:39:13
5a1fc7df-4bf1-4951-a576-89034ee01acd FHIR Data Contributor Role allows user or principal full access to FHIR Data
add
new Role 2020-03-18 07:39:13
3db33094-8700-4567-8da5-1501d4e7e843 FHIR Data Exporter Role allows user or principal to read FHIR Data
add
new Role 2020-03-18 07:39:13
4c8d0bbc-75d3-4935-991f-5f3c56d81508 FHIR Data Reader Role allows user or principal to read FHIR Data
add
new Role 2020-03-18 07:39:13
b879ac78-f1e6-448d-ab4c-5908cd5967c1 VSOnline Virtual Network Service Role This role will have access to customer's virtual networks, nics, and public ips. It used by VSOnline to deploy VMs into customer's virtual network
add
new Role 2020-03-14 15:10:08
350f8d15-c687-4448-8ae1-157740a3936d Hierarchy Settings Administrator Allows users to edit and delete Hierarchy Settings
add
new Role 2020-03-14 15:10:08
bcd981a7-7f74-457b-83e1-cceb9e632ffe Azure Digital Twins Owner (Preview) Full access role for Digital Twins data-plane
add
new Role 2020-03-11 05:47:56
d57506d4-4c8d-48b1-8587-93c323f6a5a3 Azure Digital Twins Reader (Preview) Read-only role for Digital Twins data-plane properties
add
new Role 2020-03-11 05:47:56
ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8 Azure Kubernetes Service Contributor Role Grants access to read and write Azure Kubernetes Service clusters
add
new Role 2020-02-28 09:58:27
dd920d6d-f481-47f1-b461-f338c46b2d9f Marketplace Admin Administrator of marketplace resource provider
add
new Role 2020-02-27 09:26:20
c7aa55d3-1abb-444a-a5ca-5e51e485d6ec Integration Service Environment Developer Allows developers to create and update workflows, integration accounts and API connections in integration service environments.
add
new Role 2020-02-21 00:11:51
a41e2c5b-bd99-4a07-88f4-9bf657a760b8 Integration Service Environment Contributor Lets you manage integration service environments, but not access to them.
add
new Role 2020-02-21 00:11:51
4a9ae827-6dc8-4573-8ac7-8239d42aa03f Tag Contributor Lets you manage tags on entities, without providing access to the entities themselves.
add
new Role 2020-02-19 09:00:33
612c2aa1-cb24-443b-ac28-3ab7272de6f5 Security Assessment Contributor Lets you push assessments to Security Center
add
new Role 2020-02-13 13:58:05
34e09817-6cbe-4d01-b1a2-e0eac5743d41 Kubernetes Cluster - Azure Arc Onboarding Role definition to authorize any user/service to create connectedClusters resource
change
DisplayName 2020-02-11 08:11:18
641177b8-a67a-45b9-a033-47bc880bb21e Managed Application Contributor Role Allows for creating managed application resources.
add
new Role 2020-02-08 03:50:49
0b072326-6884-49b7-a53d-ae6aa62260ff MLC Service Role This role defines permissions for control plane actions by the Machine Learning Compute (MLC) service.
remove
decommissioned Role 2020-01-30 21:07:35
d39065c4-c120-43c9-ab0a-63eed9795f0a Remote Rendering Client Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering.
add
new Role 2020-01-24 05:21:10
3df8b902-2a6f-47c7-8cc5-360e9b272a7e Remote Rendering Administrator Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering
add
new Role 2020-01-24 05:21:10
7f646f1b-fa08-80eb-a33b-edd6ce5c915c Experimentation Administrator Experimentation Administrator
add
new Role 2019-12-19 07:49:46
466ccd10-b268-4a11-b098-b4849f024126 QnA Maker Reader
add
new Role 2019-12-18 15:43:34
f4cc2bf9-21be-47a1-bdf1-5c5804381025 QnA Maker Editor
add
new Role 2019-12-18 15:43:34
7f646f1b-fa08-80eb-a22b-edd6ce5c915c Experimentation Contributor Experimentation Contributor
add
new Role 2019-12-17 15:43:46
34e09817-6cbe-4d01-b1a2-e0eac5743d41 Kubernetes Cluster - Azure Arc Onborading Role definition to authorize any user/service to create connectedClusters resource
change
DisplayName 2019-12-13 11:23:49
0b072326-6884-49b7-a53d-ae6aa62260ff MLC Service Role This role defines permissions for control plane actions by the Machine Learning Compute (MLC) service.
add
new Role 2019-11-26 15:41:35
36243c78-bf99-498c-9df9-86d9f8d28608 Resource Policy Contributor Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.
change
DisplayName 2019-11-20 21:32:41
516239f1-63e1-4d78-a4de-a74fb236a071 App Configuration Data Reader Allows read access to App Configuration data.
add
new Role 2019-10-26 02:15:31
5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b App Configuration Data Owner Allows full access to App Configuration data.
add
new Role 2019-10-26 02:15:31
cd570a14-e51a-42ad-bac8-bafd67325302 Azure Connected Machine Resource Administrator Can read, write, delete and re-onboard Azure Connected Machines.
add
new Role 2019-10-24 02:15:32
7f646f1b-fa07-40eb-a22b-edd6ce5c915c Altretya test Service Role Altretya test
remove
decommissioned Role 2019-10-24 02:15:32
91c1777a-f3dc-4fae-b103-61d183457e46 Managed Services Registration assignment Delete Role Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.
add
new Role 2019-10-24 02:15:32
b64e21ea-ac4e-4cdf-9dc9-5b892992bee7 Azure Connected Machine Onboarding Can onboard Azure Connected Machines.
add
new Role 2019-10-24 02:15:32
7f646f1b-fa07-40eb-a22b-edd6ce5c915c Altretya test Service Role Altretya test
add
new Role 2019-10-07 13:33:12