| Id | DisplayName | Description | Subject | Change | Date (UTC ymd) (i) |
|---|---|---|---|---|---|
| dd24193f-ef65-44e5-8a7e-6fa6e03f7713 | Azure API Center Service Contributor | Allows managing Azure API Center service. | change |
Actions | 2025-06-30 17:25:28 |
| 804db8d3-32c7-4ad4-a975-3f6f90d5f5f5 | FHIR Data Bulk Operator | Role allows user or principal to perform bulk operations | add |
new Role | 2025-06-27 17:23:14 |
| 548d7e7c-65ee-412b-ae37-2dbb419d4207 | Experimentation Resource Admin | Experimentation Resource Admin | add |
new Role | 2025-06-27 17:23:14 |
| 2016c9ed-c18d-4120-93d7-178e583efe92 | Grounding with Bing User | Enable Approved Microsoft Applications to connect to Bing to retrieve and ground responses using real-time data | add |
new Role | 2025-06-25 17:22:29 |
| 12b8206a-0216-4469-908d-a3e2025fe085 | Azure Stack Edge Operations Role | Built in role for managing operations in azure stack edge | add |
new Role | 2025-06-24 17:21:37 |
| 1a928ab0-1fee-43cf-9266-f9d8c22a8ddb | Service Health Security Reader | Grants permissions to view sensitive security information present in service health events | add |
new Role | 2025-06-23 17:29:53 |
| 32c34659-0f83-4a4c-80f2-63a244f8ae0b | Service Health Billing Reader | Grants permissions to view billing information present in service health events | add |
new Role | 2025-06-23 17:29:53 |
| de754d53-652d-4c75-a67f-1e48d8b49c97 | Service Group Reader | Role Definition for reader of a Service Group | change |
Actions | 2025-06-20 17:23:26 |
| 532bc159-b25e-42c0-969e-a1d439f60d77 | Media Services Live Events Administrator | Create, read, modify, and delete Live Events, Assets, Asset Filters, and Streaming Locators; read-only access to other Media Services resources. | remove |
decommissioned Role | 2025-06-19 17:22:57 |
| c4bba371-dacd-4a26-b320-7250bca963ae | Media Services Policy Administrator | Create, read, modify, and delete Account Filters, Streaming Policies, Content Key Policies, and Transforms; read-only access to other Media Services resources. Cannot create Jobs, Assets or Streaming resources. | remove |
decommissioned Role | 2025-06-19 17:22:57 |
| 99dba123-b5fe-44d5-874c-ced7199a5804 | Media Services Streaming Endpoints Administrator | Create, read, modify, and delete Streaming Endpoints; read-only access to other Media Services resources. | remove |
decommissioned Role | 2025-06-19 17:22:57 |
| 054126f8-9a2b-4f1c-a9ad-eca461f08466 | Media Services Account Administrator | Create, read, modify, and delete Media Services accounts; read-only access to other Media Services resources. | remove |
decommissioned Role | 2025-06-19 17:22:57 |
| e4395492-1534-4db2-bedf-88c14621589c | Media Services Media Operator | Create, read, modify, and delete Assets, Asset Filters, Streaming Locators, and Jobs; read-only access to other Media Services resources. | remove |
decommissioned Role | 2025-06-19 17:22:57 |
| 73c42c96-874c-492b-b04d-ab87d138a893 | Log Analytics Reader | Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. | change |
DataActions | 2025-06-18 17:23:19 |
| 92aaf0da-9dab-42b6-94a3-d43ce8d16293 | Log Analytics Contributor | Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources. | change |
DataActions | 2025-06-18 17:23:19 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
DataActions | 2025-06-18 17:23:19 |
| 43d0d8ad-25c7-4714-9337-8ba259a9fe05 | Monitoring Reader | Can read all monitoring data. | change |
DataActions | 2025-06-18 17:23:19 |
| be1a1ac2-09d3-4261-9e57-a73a6e227f53 | Procurement Contributor | Lets you manage the procurement of products and services. | change |
Actions | 2025-06-17 17:23:42 |
| 76153a9e-0edb-49bc-8e01-93c47e6b5180 | DevOps Infrastructure Contributor Role | Read, write, delete and perform actions on Managed DevOps Pools | add |
new Role | 2025-06-16 17:23:05 |
| b4ebc951-a0c2-41f7-a3cd-a57fe27c8e3a | Reservations Contributor | Lets you read and manage reservations but cannot delegate reservation-related roles | add |
new Role | 2025-06-16 17:23:05 |
| 4c6569b6-f23e-4295-9b90-bd4cc4ff3292 | DevCenter Owner | Provides access to manage all Microsoft.DevCenter resources. | add |
new Role | 2025-06-16 17:23:05 |
| 73c42c96-874c-492b-b04d-ab87d138a893 | Log Analytics Reader | Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. | change |
DataActions | 2025-06-13 17:22:48 |
| 289d8817-ee69-43f1-a0af-43a45505b488 | Azure Kubernetes Service Namespace Contributor | Allows users to create and manage Azure Kubernetes Service namespace resources. | add |
new Role | 2025-06-13 17:22:48 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
DataActions | 2025-06-13 17:22:48 |
| 43d0d8ad-25c7-4714-9337-8ba259a9fe05 | Monitoring Reader | Can read all monitoring data. | change |
DataActions | 2025-06-13 17:22:48 |
| 92aaf0da-9dab-42b6-94a3-d43ce8d16293 | Log Analytics Contributor | Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources. | change |
DataActions | 2025-06-13 17:22:48 |
| c9f76ca8-b262-4b10-8ed2-09cf0948aa35 | Azure Kubernetes Service Namespace User | Allows users to read Azure Kubernetes Service namespace resources. In-cluster namespace access further requires assignment of Azure Kubernetes Service RBAC roles to the namespace resource for an Entra ID enabled cluster. | add |
new Role | 2025-06-13 17:22:48 |
| 8b9beb50-e28c-4879-8472-24c9d328085f | AI Model Scanner Operator | Grants Microsoft Defender for AI access to AI services and resources. | add |
new Role | 2025-06-11 17:23:41 |
| 49fc33c1-886f-4b21-a00e-1d9993234734 | AVS on Fleet VIS Role | Do not remove this role from your resource because it is critical to enable your AVS private cloud to operate. If the role is removed, it will cause your AVS private cloud control plane to no longer operate correctly. The role is used to enable the AVS private cloud control plane to inject address prefix changes of the private clouds attached virtual network to SDN and support peering sync feature. This role is not intended for use cases outside of assignment to the associated AVS identity in your entra-id tenant. | change |
Actions | 2025-06-11 17:23:41 |
| 230815da-be43-4aae-9cb4-875f7bd000aa | Cosmos DB Operator | Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings. | change |
NotActions | 2025-06-06 17:22:54 |
| 6fbca9a8-3561-41fd-8b20-6576043c1076 | Scheduled Actions Contributor | Allows users to use Scheduled Actions offered by Microsoft.ComputeSchedule | change |
Actions | 2025-06-06 17:22:54 |
| bf7f8882-3383-422a-806a-6526c631a88a | Azure Deployment Stack Contributor | Allows a user to manage deployment stacks, but cannot create or delete deny assignments within the deployment stack. | change |
Actions | 2025-06-05 17:27:26 |
| 4436bae4-7702-4c84-919b-c4069ff25ee2 | Azure Red Hat OpenShift Service Operator | Maintain machine health, network configuration, monitoring, and other features that are specific to an OpenShift cluster's continued functionality as a managed service. | change |
DisplayName, Actions | 2025-06-03 17:22:50 |
| 532bc159-b25e-42c0-969e-a1d439f60d77 | Media Services Live Events Administrator | Create, read, modify, and delete Live Events, Assets, Asset Filters, and Streaming Locators; read-only access to other Media Services resources. | change |
Actions, NotActions | 2025-05-30 17:23:17 |
| e4395492-1534-4db2-bedf-88c14621589c | Media Services Media Operator | Create, read, modify, and delete Assets, Asset Filters, Streaming Locators, and Jobs; read-only access to other Media Services resources. | change |
Actions, NotActions | 2025-05-30 17:23:17 |
| 054126f8-9a2b-4f1c-a9ad-eca461f08466 | Media Services Account Administrator | Create, read, modify, and delete Media Services accounts; read-only access to other Media Services resources. | change |
Actions | 2025-05-30 17:23:17 |
| c4bba371-dacd-4a26-b320-7250bca963ae | Media Services Policy Administrator | Create, read, modify, and delete Account Filters, Streaming Policies, Content Key Policies, and Transforms; read-only access to other Media Services resources. Cannot create Jobs, Assets or Streaming resources. | change |
Actions, NotActions | 2025-05-30 17:23:17 |
| 99dba123-b5fe-44d5-874c-ced7199a5804 | Media Services Streaming Endpoints Administrator | Create, read, modify, and delete Streaming Endpoints; read-only access to other Media Services resources. | change |
Actions | 2025-05-30 17:23:17 |
| b6d9c0f6-d69f-472b-91b4-7a6838c6d1cb | Microsoft.AzureStackHCI Device Pool Machine Manager | Microsoft.AzureStackHCI Device Pool Machine Manager | add |
new Role | 2025-05-28 17:23:16 |
| 0869d06d-e3d1-4472-8764-1bb71b2bdaf7 | Oracle.Database Exascale VmCluster Administrator | Grants full access to manage Exascale VmClusters | change |
Actions | 2025-05-26 17:11:53 |
| a00ed373-f085-4b75-a950-53eacdc52ac0 | Oracle.Database Exascale Storage Vault Administrator | Grants full access to manage Exascale Storage Vaults | change |
Actions | 2025-05-26 17:11:53 |
| 59c05558-2358-462d-ba19-afbd7118936d | Oracle.Database Autonomous Database Administrator | Grants full access to manage all Autonomous Database resources | change |
Actions | 2025-05-26 17:11:53 |
| 4cfdd23b-aece-4fd1-b614-ad3a06c53453 | Oracle.Database Exadata Infrastructure Administrator Built-in Role | Grants full access to manage all Exadata Infrastructure resources | change |
Actions | 2025-05-26 17:11:53 |
| d623d097-b882-4e1e-a26f-ac60e31065a1 | Oracle.Database Reader Built-in Role | Grants read access to all Oracle.Database resources | change |
Actions | 2025-05-26 17:11:53 |
| e9ce8739-6fa2-4123-a0a2-0ef41a67806f | Oracle.Database VmCluster Administrator Built-in Role | Grants full access to manage all VmCluster resources | change |
Actions | 2025-05-26 17:11:53 |
| 7ee386e9-84f0-448e-80a6-f185f6533131 | Storage Queue Delegator | Allows for generation of a user delegation key, which can then be used to create a shared access signature for an Azure Storage queue that is signed with Entra ID credentials. | add |
new Role | 2025-05-23 18:27:00 |
| 6fbca9a8-3561-41fd-8b20-6576043c1076 | Scheduled Actions Contributor | Allows users to use Scheduled Actions offered by Microsoft.ComputeSchedule | add |
new Role | 2025-05-23 18:27:00 |
| 765a04e0-5de8-4bb2-9bf6-b2a30bc03e91 | Storage File Delegator | Allows for generation of a user delegation key, which can then be used to create a shared access signature for a file or Azure file share that is signed with Entra ID credentials. | add |
new Role | 2025-05-23 18:27:00 |
| 965033a5-c8eb-4f35-b82f-fef460a3606d | Storage Table Delegator | Allows for generation of a user delegation key, which can then be used to create a shared access signature for an Azure Storage table that is signed with Entra ID credentials. | add |
new Role | 2025-05-23 18:27:00 |
| 92b92042-07d9-4307-87f7-36a593fc5850 | Azure File Sync Administrator | Provides full access to manage all Azure File Sync (Storage Sync Service) resources. | change |
Actions | 2025-05-21 17:56:13 |
| db7003cd-07a9-490c-bfa5-23e40314f8d7 | Service Connector Contributor | Can Manage Service Connector. | change |
Actions | 2025-05-16 17:48:11 |
| 5c2d7e57-b7c2-4d8a-be4f-82afa42c6e95 | Azure Managed Grafana Workspace Contributor | Can manage Azure Managed Grafana resources, without providing access to the workspaces themselves. | change |
Actions | 2025-05-16 17:48:11 |
| 5f569efd-4da5-4123-99cd-d42fbb2a836e | Microsoft.AzureStackHCI EdgeMachine Reader | Microsoft.AzureStackHCI EdgeMachine Reader | add |
new Role | 2025-05-15 18:21:42 |
| 8e253927-1f29-4d89-baa2-c3a549eff423 | Azure Kubernetes Service Machine Manager Role | Role for machine related actions | add |
new Role | 2025-05-15 18:21:42 |
| adc3c795-c41e-4a89-a478-0b321783324c | Microsoft.AzureStackHCI Device Pool Manager | Microsoft.AzureStackHCI Device Pool Manager | add |
new Role | 2025-05-15 18:21:42 |
| 73c2c328-d004-4c5e-938c-35c6f5679a1f | API Management Workspace API Product Manager | Has read access to entities in the workspace and read and write access to entities for publishing APIs. This role should be assigned on the workspace scope. | change |
Actions | 2025-05-14 18:51:55 |
| 56328988-075d-4c6a-8766-d93edd6725b6 | API Management Workspace API Developer | Has read access to entities in the workspace and read and write access to entities for editing APIs. This role should be assigned on the workspace scope. | change |
Actions | 2025-05-14 18:51:55 |
| 0c34c906-8d99-4cb7-8bb7-33f5b0a1a799 | API Management Workspace Contributor | Can manage the workspace and view, but not modify its members. This role should be assigned on the workspace scope. | change |
Actions | 2025-05-14 18:51:55 |
| ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2 | API Management Workspace Reader | Has read-only access to entities in the workspace. This role should be assigned on the workspace scope. | change |
Actions | 2025-05-14 18:51:55 |
| 63304235-eaf4-4c15-8e93-46c483611231 | Workload Orchestration IT Admin | Grants you access to manage the IT Admin operations for Workload Orchestration | add |
new Role | 2025-05-08 19:35:07 |
| f6e92014-8af2-414d-9948-9b1abf559285 | Arc Gateway Manager | Manage Arc Gateway Resources | add |
new Role | 2025-05-08 19:35:07 |
| bda0d508-adf1-4af0-9c28-88919fc3ae06 | Azure Stack HCI Administrator | Grants full access to the cluster and its resources, including the ability to register Azure Stack HCI and assign others as Azure Arc HCI VM Contributor and/or Azure Arc HCI VM Reader | change |
Actions | 2025-05-06 19:40:16 |
| be7a6435-15ae-4171-8f30-4a343eff9e8f | Azure Red Hat OpenShift Network Operator | Install and upgrade the networking components on an OpenShift cluster. | change |
DisplayName, Actions | 2025-05-06 19:40:16 |
| 49fc33c1-886f-4b21-a00e-1d9993234734 | AVS on Fleet VIS Role | Do not remove this role from your resource because it is critical to enable your AVS private cloud to operate. If the role is removed, it will cause your AVS private cloud control plane to no longer operate correctly. The role is used to enable the AVS private cloud control plane to inject address prefix changes of the private clouds attached virtual network to SDN and support peering sync feature. This role is not intended for use cases outside of assignment to the associated AVS identity in your entra-id tenant. | change |
Actions | 2025-05-05 19:21:20 |
| de2b316d-7a2c-4143-b4cd-c148f6a355a1 | Azure Kubernetes Fleet Manager Hub Agent Role | Grants read access to Azure network resources needed by Azure Kubernetes Fleet Manager. | add |
new Role | 2025-05-05 19:21:20 |
| 53ca6127-db72-4b80-b1b0-d745d6d5456d | Azure AI User | Grants reader access to AI projects, reader access to AI accounts, and data actions for an AI project. | add |
new Role | 2025-05-02 19:26:43 |
| fc0c873f-45e9-4d0d-a7d1-585aab30c6ed | Azure Red Hat OpenShift Hosted Control Planes Control Plane Operator | Enables the control plane operator to read resources necessary for OpenShift cluster. | add |
new Role | 2025-05-02 19:26:43 |
| c0ff367d-66d8-445e-917c-583feb0ef0d4 | Azure Red Hat OpenShift Hosted Control Planes Service Managed Identity | Azure Red Hat OpenShift Hosted Control Planes Service Managed Identity | add |
new Role | 2025-05-02 19:26:43 |
| 88366f10-ed47-4cc0-9fab-c8a06148393e | Azure Red Hat OpenShift Hosted Control Planes Cluster API Provider | Enables permissions to allow cluster API to manage nodes, networks and disks for OpenShift cluster. | change |
Actions | 2025-05-02 19:26:43 |
| 5c227a58-cff3-4b51-9fa3-51bdafb6ca55 | Secrets Store Extension Owner | Read, create and modify secretsync and secretproviderclass objects. Register and deregister the provider from the subscription. | add |
new Role | 2025-05-01 19:36:20 |
| e47c6f54-e4a2-4754-9501-8e0985b135e1 | Azure AI Account Owner | Grants full access to manage AI projects and accounts. Grants conditional assignment of the Azure AI User role to other user principles. | add |
new Role | 2025-05-01 19:36:20 |
| 93629c8c-5d36-4533-85cd-f5bb3338710e | Entra Connect Health Service Admin | Can set up and manage Microsoft Entra Connect Health. Includes agent set up and managing services on the Azure portal | add |
new Role | 2025-04-30 19:25:10 |
| 0618ae3d-2930-4bb7-aa00-718db34ee9f9 | Azure Monitor Dashboards with Grafana Contributor | Can manage dashboards with Grafana. | add |
new Role | 2025-04-29 17:15:48 |
| 5e0bd9bd-7b93-4f28-af87-19fc36ad61bd | Cognitive Services OpenAI User | Ability to view files, models, deployments. Readers can't make any changes They can inference and create images | change |
DataActions | 2025-04-28 19:51:08 |
| 68ac31b4-936a-4046-a6d2-ba6f8a757bf6 | Agentless scanning for Serverless Scanner Service Role | Grants access to Serverless resources and thier connections | add |
new Role | 2025-04-25 19:39:24 |
| 577a9874-89fd-4f24-9dbd-b5034d0ad23a | Container Registry Data Importer and Data Reader | Provides the ability to import images into a registry through the registry import operation. Provides the ability to list repositories, view images and tags, get manifests, and pull images. Does not provide permissions for importing images through configuring registry transfer pipelines such as import and export pipelines. Does not provide permissions for importing through configuring Artifact Cache or Sync rules. | change |
DataActions | 2025-04-25 19:39:24 |
| b64e21ea-ac4e-4cdf-9dc9-5b892992bee7 | Azure Connected Machine Onboarding | Can onboard Azure Connected Machines. | change |
Actions | 2025-04-25 19:39:24 |
| db9875ba-bd2b-4e98-934d-0daa549a07f0 | Workload Orchestration Solution External Validator | Grants you access to fetch targets, solution templates, solutions and update the external validation status | add |
new Role | 2025-04-23 18:17:42 |
| eadc314b-1a2d-4efa-be10-5d325db5065e | Azure AI Project Manager | Lets you perform developer actions and management actions on Azure AI Foundry Projects. Allows for making role assignments, but limited to Cognitive Service User role. | add |
new Role | 2025-04-23 18:17:42 |
| c7244dfb-f447-457d-b2ba-3999044d1706 | Azure API Center Data Reader | Allows for access to Azure API Center data plane read operations. | change |
DataActions | 2025-04-23 18:17:42 |
| 8d7ecc5c-f27b-43cf-883f-46409d445502 | Issue Contributor | Can read all issues data and update issues settings. | change |
Actions | 2025-04-23 18:17:42 |
| 92b92042-07d9-4307-87f7-36a593fc5850 | Azure File Sync Administrator | Provides full access to manage all Azure File Sync (Storage Sync Service) resources. | change |
Actions | 2025-04-22 16:45:35 |
| 1c4770c0-34f7-4110-a1ea-a5855cc7a939 | Elastic SAN Snapshot Exporter | Allows for creating and exporting Snapshot of Elastic San Volume | change |
Actions | 2025-04-22 16:45:35 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
Actions | 2025-04-22 16:45:35 |
| 33cdeeac-0940-4f85-9317-7e2432c17289 | Usage Billing Contributor | Contributor access to Accounts | add |
new Role | 2025-04-22 16:45:35 |
| 64702f94-c441-49e6-a78b-ef80e0188fee | Azure AI Developer | Can perform all actions within an Azure AI resource besides managing the resource itself. | change |
DataActions | 2025-04-22 16:45:35 |
| 90e8b822-3e73-47b5-868a-787dc80c008f | Elastic SAN Volume Importer | Allows for Importing Elastic San Volume | change |
Actions | 2025-04-22 16:45:35 |
| 73c2c328-d004-4c5e-938c-35c6f5679a1f | API Management Workspace API Product Manager | Has read access to entities in the workspace and read and write access to entities for publishing APIs. This role should be assigned on the workspace scope. | change |
Actions | 2025-04-22 16:45:35 |
| 0b962ed2-6d56-471c-bd5f-3477d83a7ba4 | Azure Resource Notifications System Topics Subscriber | Lets you create system topics and event subscriptions on all system topics exposed currently and in the future by Azure Resource Notifications | change |
Actions | 2025-04-17 17:48:17 |
| b78c5d69-af96-48a3-bf8d-a8b4d589de94 | Azure AI Administrator | A Built-In Role that has all control plane permissions to work with Azure AI and its dependencies. | change |
Actions | 2025-04-15 18:16:29 |
| 88366f10-ed47-4cc0-9fab-c8a06148393e | Azure Red Hat OpenShift Hosted Control Planes Cluster API Provider | Enables permissions to allow cluster API to manage nodes, networks and disks for OpenShift cluster. | change |
Actions | 2025-04-14 17:29:02 |
| 2593f4c7-8bf4-4fff-9804-2ee069b41902 | Power Platform Account Contributor | Create, Read, Update, and Delete Power Platform Account resources | add |
new Role | 2025-04-11 18:14:42 |
| 0869d06d-e3d1-4472-8764-1bb71b2bdaf7 | Oracle.Database Exascale VmCluster Administrator | Grants full access to manage Exascale VmClusters | add |
new Role | 2025-04-11 18:14:42 |
| babe7770-cdbc-4f46-9bd7-b90b34842946 | Power Platform Enterprise Policy Contributor | Create, Read, Update, and Delete Power Platform Enterprise Policy resources | add |
new Role | 2025-04-11 18:14:42 |
| c357b964-0002-4b64-a50d-7a28f02edc52 | Container Registry Cache Rule Reader | Read the configuration of Cache Rules in Container Registry. This permission doesn't grant permission to read Credential Sets. | add |
new Role | 2025-04-07 19:25:45 |
| df87f177-bb12-4db1-9793-a413691eff94 | Container Registry Cache Rule Administrator | Create, Read, Update, and Delete Cache Rules in Container Registry. This role doesn't grant permissions to manage Credential Sets. | add |
new Role | 2025-04-07 19:25:45 |
| 92b92042-07d9-4307-87f7-36a593fc5850 | Azure File Sync Administrator | Provides full access to manage all Azure File Sync (Storage Sync Service) resources. | change |
Actions | 2025-04-07 19:25:45 |
| a00ed373-f085-4b75-a950-53eacdc52ac0 | Oracle.Database Exascale Storage Vault Administrator | Grants full access to manage Exascale Storage Vaults | add |
new Role | 2025-04-07 19:25:45 |
| 8d7ecc5c-f27b-43cf-883f-46409d445502 | Issue Contributor | Can read all issues data and update issues settings. | add |
new Role | 2025-04-07 19:25:45 |
| 29093635-9924-4f2c-913b-650a12949526 | Container Registry Credential Set Reader | Read the configuration of Credential Sets in Container Registry. This permission doesn't allow permission to see content inside Azure Key vault only the content inside Container Registry. This permission doesn't grant permission to read Cache Rules. | add |
new Role | 2025-04-07 19:25:45 |
| f094fb07-0703-4400-ad6a-e16dd8000e14 | Container Registry Credential Set Administrator | Create, Read, Update, and Delete Credential Sets in Container Registry. This role doesn't affect the needed permissions for storing content inside Azure Key Vault. This role also doesn't grant permissions to manage Cache Rules. | add |
new Role | 2025-04-07 19:25:45 |
| c64499e0-74c3-47ad-921c-13865957895c | Advisor Reviews Reader | View reviews for a workload and recommendations linked to them. | change |
Actions | 2025-04-03 18:34:43 |
| 8aac15f0-d885-4138-8afa-bfb5872f7d13 | Advisor Reviews Contributor | View reviews for a workload and triage recommendations linked to them. | change |
Actions | 2025-04-03 18:34:43 |
| 61eb6405-5f4a-440b-ad03-fe06c5c85e44 | Flux Configurations Contributor | Can create, update, get, list and delete Flux Configurations | add |
new Role | 2025-04-01 18:15:29 |
| 2c7a01fe-5518-4a42-93c2-658e45441691 | Online Experimentation Contributor | Grants permissions for all management operations to Online Experimentation resources. | add |
new Role | 2025-03-31 18:12:10 |
| d623d097-b882-4e1e-a26f-ac60e31065a1 | Oracle.Database Reader Built-in Role | Grants read access to all Oracle.Database resources | change |
Actions | 2025-03-31 18:12:10 |
| 58b80de8-4b34-424c-9e47-23faf0f7cfe2 | Online Experimentation Reader | Grants permission for read operations to Online Experimentation resources. | add |
new Role | 2025-03-31 18:12:10 |
| 92b92042-07d9-4307-87f7-36a593fc5850 | Azure File Sync Administrator | Provides full access to manage all Azure File Sync (Storage Sync Service) resources. | add |
new Role | 2025-03-28 18:29:55 |
| 88366f10-ed47-4cc0-9fab-c8a06148393e | Azure Red Hat OpenShift Hosted Control Planes Cluster API Provider | Enables permissions to allow cluster API to manage nodes, networks and disks for OpenShift cluster. | add |
new Role | 2025-03-28 18:29:55 |
| 5b7237c5-45e1-49d6-bc18-a1f62f400748 | Azure Red Hat OpenShift Disk Storage Operator | Install Container Storage Interface (CSI) drivers that enable your cluster to use Azure Disks. Set OpenShift cluster-wide storage defaults to ensure a default storageclass exists for clusters. | change |
Actions | 2025-03-28 18:29:55 |
| 754c1a27-40dc-4708-8ad4-2bffdeee09e8 | Azure File Sync Reader | Provides read access to Azure File Sync service (Storage Sync Service). | add |
new Role | 2025-03-28 18:29:55 |
| d6a5505f-6ebb-45a4-896e-ac8274cfc0ac | Durable Task Data Reader | Read all Durable Task Scheduler data. | change |
DataActions | 2025-03-27 19:42:11 |
| 36243c78-bf99-498c-9df9-86d9f8d28608 | Resource Policy Contributor | Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. | change |
Actions | 2025-03-25 20:13:47 |
| 7e559ce2-48d7-4b27-9128-fa1b247f1308 | Managed Identity Federated Identity Credential Contributor | Create, Read, Update, and Delete User Assigned Identity Federated Identity Credentials(FIC) | add |
new Role | 2025-03-21 20:19:24 |
| 80d0d6b0-f522-40a4-8886-a5a11720c375 | Durable Task Worker | Used by worker applications to interact with the Durable Task service | change |
DataActions | 2025-03-21 20:19:24 |
| 8b32b316-c2f5-4ddf-b05b-83dacd2d08b5 | Azure Red Hat OpenShift Image Registry Operator | Enables permissions for the operator to manage a singleton instance of the OpenShift image registry. It manages all configuration of the registry, including creating storage. | change |
DisplayName, Actions | 2025-03-21 20:19:24 |
| 0358943c-7e01-48ba-8889-02cc51d78637 | Azure Red Hat OpenShift Machine API Operator | Manage the lifecycle of specific-purpose custom resource definitions (CRD), controllers, and Azure RBAC objects that extend the Kubernetes API to declares the desired state of machines in a cluster. | change |
Actions | 2025-03-20 19:17:46 |
| 1df7cd83-1d3f-41df-95b0-53b30d963369 | Azure API Center Credential Access Reader | Allows for access to Azure API Center data plane get credentials operations. | add |
new Role | 2025-03-20 19:17:46 |
| c20923c5-b089-47a5-bf67-fd89569c4ad9 | Azure Programmable Connectivity Gateway Dataplane User | Allows access to all Gateway dataplane APIs. | change |
Actions | 2025-03-18 19:37:49 |
| 49fc33c1-886f-4b21-a00e-1d9993234734 | AVS on Fleet VIS Role | Do not remove this role from your resource because it is critical to enable your AVS private cloud to operate. If the role is removed, it will cause your AVS private cloud control plane to no longer operate correctly. The role is used to enable the AVS private cloud control plane to inject address prefix changes of the private clouds attached virtual network to SDN and support peering sync feature. This role is not intended for use cases outside of assignment to the associated AVS identity in your entra-id tenant. | add |
new Role | 2025-03-18 19:37:49 |
| 2bed379c-9fba-455b-99e4-6b911073bcf2 | Compute Fleet Contributor | Allows users to manage Compute Fleet resources. | add |
new Role | 2025-03-18 19:37:49 |
| 5e0bd9bd-7b93-4f28-af87-19fc36ad61bd | Cognitive Services OpenAI User | Ability to view files, models, deployments. Readers can't make any changes They can inference and create images | change |
DataActions | 2025-03-17 18:27:14 |
| 4e9b8407-af2e-495b-ae54-bb60a55b1b5a | Chamber Admin | Lets you manage everything under your Modeling and Simulation Workbench chamber. | remove |
decommissioned Role | 2025-03-17 18:27:14 |
| afc680e2-a938-412d-b213-9a49efa7fb83 | Azure Backup Snapshot Contributor | Provide permissions to backup identity to manage RPC snapshots | change |
Actions | 2025-03-17 18:27:14 |
| 4447db05-44ed-4da3-ae60-6cbece780e32 | Chamber User | Lets you view everything under your Modeling and Simulation Workbench chamber, but not make any changes. | remove |
decommissioned Role | 2025-03-17 18:27:14 |
| eb5a76d5-50e7-4c33-a449-070e7c9c4cf2 | Healthcare Agent Reader | Users with reader access can sign in, have read-only access to the bot resources, scenarios and configuration setting except for the bot instance keys & secrets (including Authentication, Data Connection and Channels keys) and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). | change |
DisplayName, DataActions, NotDataActions | 2025-03-13 18:28:33 |
| af854a69-80ce-4ff7-8447-f1118a2e0ca8 | Healthcare Agent Editor | Users with editor access can sign in, view and edit all the bot resources, scenarios and configuration setting except for the bot instance keys & secrets and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). A read-only access to the bot skills and channels. | change |
DisplayName, DataActions, NotDataActions | 2025-03-13 18:28:33 |
| f1082fec-a70f-419f-9230-885d2550fb38 | Healthcare Agent Admin | Users with admin access can sign in, view and edit all of the bot resources, scenarios and configuration setting including the bot instance keys & secrets. | change |
DisplayName, DataActions, NotDataActions | 2025-03-13 18:28:33 |
| e9701b4d-e6e7-4657-91cd-360a0881d224 | HybridCompute Machine ListAccessDetails Action In-Built Role | In-Built Role definition that grants permissions to execute the listAccessDetails action on HybridCompute Machines | add |
new Role | 2025-03-12 18:29:00 |
| ef318e2a-8334-4a05-9e4a-295a196c6a6e | Azure Red Hat OpenShift Federated Credential | Create, update and delete federated credentials on user assigned managed identities in order to build a trust relationship between the managed identity, OpenID Connect (OIDC), and the service account. | change |
DisplayName, Actions | 2025-03-11 18:29:19 |
| 0358943c-7e01-48ba-8889-02cc51d78637 | Azure Red Hat OpenShift Machine API Operator | Manage the lifecycle of specific-purpose custom resource definitions (CRD), controllers, and Azure RBAC objects that extend the Kubernetes API to declares the desired state of machines in a cluster. | change |
DisplayName, Actions | 2025-03-11 18:29:19 |
| 0d7aedc0-15fd-4a67-a412-efad370c947e | Azure Red Hat OpenShift File Storage Operator | Install Container Storage Interface (CSI) drivers that enable your cluster to use Azure Files. Set OpenShift cluster-wide storage defaults to ensure a default storageclass exists for clusters. | change |
DisplayName, Actions | 2025-03-11 18:29:19 |
| 96ebd254-ecc7-4590-aff5-e9af3ff5f3b3 | Dedicated Host Contributor Role | This is the role created for DedicatedHosts Contributor | add |
new Role | 2025-03-11 18:29:19 |
| a1f96423-95ce-4224-ab27-4e3dc72facd4 | Azure Red Hat OpenShift Cloud Controller Manager | Manage and update the cloud controller manager deployed on top of OpenShift. | change |
DisplayName, Actions | 2025-03-11 18:29:19 |
| 1b7f3653-4324-473a-9165-bc55e4d04ba8 | Azure Kubernetes Service Agent Pool Manager Role | Role for agentpool related actions | add |
new Role | 2025-03-06 18:27:52 |
| 80d0d6b0-f522-40a4-8886-a5a11720c375 | Durable Task Worker | Used by worker applications to interact with the Durable Task service | change |
DataActions | 2025-03-03 18:37:49 |
| cd08ab90-6b14-449c-ad9a-8f8e549482c6 | Scheduled Patching Contributor | Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments | change |
Actions | 2025-02-27 18:38:18 |
| 31ef6312-5b0c-4ce9-8c5d-587a91344fe7 | SSH PublicKeys Reader Role | This is the role created for SSH PublicKeys Reader | add |
new Role | 2025-02-24 18:36:56 |
| 4e9b8407-af2e-495b-ae54-bb60a55b1b5a | Chamber Admin | Lets you manage everything under your Modeling and Simulation Workbench chamber. | change |
Actions, NotActions, DataActions | 2025-02-24 18:36:56 |
| 4447db05-44ed-4da3-ae60-6cbece780e32 | Chamber User | Lets you view everything under your Modeling and Simulation Workbench chamber, but not make any changes. | change |
Actions, DataActions | 2025-02-24 18:36:56 |
| fc6e3395-6a8c-4527-bb4c-d0abd41e8e74 | SSH PublicKeys Contributor Role | This is the role created for SSH PublicKeys Contributor | add |
new Role | 2025-02-24 18:36:56 |
| a227fb39-f479-404b-96fd-0176f5d88ab4 | Azure Device Onboarding Discovery Contributor | Can read, write or delete the discovery and it's child resources. | add |
new Role | 2025-02-21 18:37:10 |
| a8d01690-9418-4783-8ca2-9f0f1791783d | Auto Actions Contributor | Allows users to manage Auto Actions resources. | add |
new Role | 2025-02-18 18:37:01 |
| 0336e1d3-7a87-462b-b6db-342b63f7802c | Azure Red Hat OpenShift Cluster Ingress Operator | Manage and configure the OpenShift router. | change |
DisplayName, Actions | 2025-02-17 18:36:56 |
| 5b7237c5-45e1-49d6-bc18-a1f62f400748 | Azure Red Hat OpenShift Disk Storage Operator | Install Container Storage Interface (CSI) drivers that enable your cluster to use Azure Disks. Set OpenShift cluster-wide storage defaults to ensure a default storageclass exists for clusters. | change |
DisplayName, Actions | 2025-02-17 18:36:56 |
| fa0d39e6-28e5-40cf-8521-1eb320653a4c | Carbon Optimization Reader | Allow read access to Azure Carbon Optimization data | change |
Actions | 2025-02-17 18:36:56 |
| d715fb95-a0f0-4f1c-8be6-5ad2d2767f67 | AVS Orchestrator Role | Do not remove this role from your resource group because it is critical to enable your AVS private cloud to operate. If the role is removed, it will cause your AVS private cloud control plane to no longer operate correctly. The role is used to enable the AVS private cloud control plane to create the supporting resources in the resource group of the private clouds attached virtual network and bind them to the attached virtual network. This role is not intended for use cases outside of assignment to the associated AVS identity in your entra-id tenant. | change |
Actions | 2025-02-14 18:36:54 |
| 59a618e3-3c9a-406e-9f03-1a20dd1c55f1 | Chaos Studio Target Contributor | Can onboard targets and manage capabilities but cannot create, run, or see details for experiments | add |
new Role | 2025-02-14 18:36:54 |
| 53747cdd-e97c-477a-948c-b587d0e514b2 | Online Experimentation Data Owner | Allows full access to Online Experimentation data. | change |
DataActions | 2025-02-14 18:36:54 |
| a35466a1-cfd6-450a-b35e-683fcdf30363 | Azure Batch Service Orchestration Role | Grants the required permissions to Azure Batch Resource Provider to manage compute and other backing resources in the subscription. | change |
Actions | 2025-02-12 18:00:54 |
| 865ae368-6a45-4bd1-8fbf-0d5151f56fc1 | Azure Stack HCI Device Management Role | Microsoft.AzureStackHCI Device Management Role | change |
Actions | 2025-02-11 20:59:11 |
| 9980e02c-c2be-4d73-94e8-173b1dc7cf3c | Virtual Machine Contributor | Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | change |
Actions | 2025-02-06 19:31:19 |
| e2217c0e-04bb-4724-9580-91cf9871bc01 | GroupQuota Request Operator | Read and create GroupQuota requests, get GroupQuota request status, and get groupQuotaLimits. | change |
Actions | 2025-02-04 19:39:05 |
| b64e21ea-ac4e-4cdf-9dc9-5b892992bee7 | Azure Connected Machine Onboarding | Can onboard Azure Connected Machines. | change |
Actions | 2025-02-03 19:46:16 |
| cd570a14-e51a-42ad-bac8-bafd67325302 | Azure Connected Machine Resource Administrator | Can read, write, delete and re-onboard Azure Connected Machines. | change |
Actions | 2025-02-03 19:46:16 |
| 1a6f9009-515c-4455-b170-143e4c9ce229 | Azure Stack HCI Edge Machine Contributor Role | Microsoft.AzureStackHCI Edge Machine Contributor Role | add |
new Role | 2025-01-30 19:27:00 |
| 9fc6112f-f48e-4e27-8b09-72a5c94e4ae9 | Azure Bot Service Contributor Role | To perform actions on the bots by copilot studio platform and extensibility team | change |
Actions | 2025-01-30 19:27:00 |
| 1363e94d-546f-4fe9-8434-b0eefb292d59 | Online Experimentation Data Reader | Allows read access to Online Experimentation data. | add |
new Role | 2025-01-30 19:27:00 |
| b556d68e-0be0-4f35-a333-ad7ee1ce17ea | Azure AI Enterprise Network Connection Approver | Can approve private endpoint connections to Azure AI common dependency resources | change |
Actions | 2025-01-30 19:27:00 |
| bda0d508-adf1-4af0-9c28-88919fc3ae06 | Azure Stack HCI Administrator | Grants full access to the cluster and its resources, including the ability to register Azure Stack HCI and assign others as Azure Arc HCI VM Contributor and/or Azure Arc HCI VM Reader | change |
Actions | 2025-01-30 19:27:00 |
| 53747cdd-e97c-477a-948c-b587d0e514b2 | Online Experimentation Data Owner | Allows full access to Online Experimentation data. | add |
new Role | 2025-01-30 19:27:00 |
| 5e467623-bb1f-42f4-a55d-6e525e11384b | Backup Contributor | Lets you manage backups, but can't delete vaults and give access to others | change |
Actions | 2025-01-27 19:31:07 |
| 00c29273-979b-4161-815c-10b084fb9324 | Backup Operator | Lets you manage backup services, except removal of backup, vault creation and giving access to others | change |
Actions | 2025-01-27 19:31:07 |
| d6a5505f-6ebb-45a4-896e-ac8274cfc0ac | Durable Task Data Reader | Read all Durable Task Scheduler data. | add |
new Role | 2025-01-24 19:28:50 |
| 53e48117-a530-4075-bcbe-d91913e3bdb8 | Edge Management Copilot User | Enables users access to Edge Management Copilot. | add |
new Role | 2025-01-23 19:27:52 |
| 78eacb5e-e318-4560-85a9-e6a724ca60c9 | Portal Dashboard Writer Service Role | Can write an Azure Portal Dashboard | add |
new Role | 2025-01-17 18:58:57 |
| 2142ea27-02ad-4094-bfea-2dbac6d24934 | Enclave Approver Role | Read all resources in Azure Virtual Enclaves and Approve approval requests within the Enclave | change |
Actions | 2025-01-13 18:59:07 |
| afc680e2-a938-412d-b213-9a49efa7fb83 | Azure Backup Snapshot Contributor | Provide permissions to backup identity to manage RPC snapshots | add |
new Role | 2025-01-10 18:55:49 |
| fb382eab-e894-4461-af04-94435c366c3f | Container Registry Tasks Contributor | Provides permissions to configure, read, list, trigger, or cancel Container Registry Tasks, Task Runs, Task Logs, Quick Runs, Quick Builds, and Task Agent Pools. Permissions granted for Tasks management can be used for full registry data plane permissions including reading/writing/deleting container images in registries. Permissions granted for Tasks management can also be used to run customer authored build directives and run scripts to build software artifacts. | add |
new Role | 2025-01-10 18:55:49 |
| 11102f94-c441-49e6-a78b-ef80e0188abc | Azure AI Safety Evaluator | This role can perform all actions under workspace evaluations and simulations. | add |
new Role | 2024-12-17 18:59:50 |
| 64702f94-c441-49e6-a78b-ef80e0188fee | Azure AI Developer | Can perform all actions within an Azure AI resource besides managing the resource itself. | change |
NotActions | 2024-12-17 18:59:50 |
| ada52afe-776a-4b4d-a8f2-55670d3d8178 | Kubernetes Agent Subscription Level Operator | Grants Microsoft Defender for Cloud subscription level permissions needed to activate Containers plan | change |
Actions | 2024-12-12 18:54:41 |
| 28bf596f-4eb7-45ce-b5bc-6cf482fec137 | Locks Contributor | Can Manage Locks Operations. | add |
new Role | 2024-12-09 18:57:36 |
| 566f0da3-e2a5-4393-9089-763f8bab8fb6 | Health Safeguards Data User | Allows processing of health data in all available Health Safeguards | change |
DataActions | 2024-12-09 18:57:36 |
| 59c05558-2358-462d-ba19-afbd7118936d | Oracle.Database Autonomous Database Administrator | Grants full access to manage all Autonomous Database resources | add |
new Role | 2024-12-09 18:57:36 |
| ada52afe-776a-4b4d-a8f2-55670d3d8178 | Kubernetes Agent Subscription Level Operator | Grants Microsoft Defender for Cloud subscription level permissions needed to activate Containers plan | change |
Actions | 2024-12-05 18:53:40 |
| 5e93ba01-8f92-4c7a-b12a-801e3df23824 | Kubernetes Agent Operator | Grants Microsoft Defender for Cloud access to Azure Kubernetes Services | change |
Actions | 2024-12-05 18:53:40 |
| 5e0bd9bd-7b93-4f28-af87-19fc36ad61bd | Cognitive Services OpenAI User | Ability to view files, models, deployments. Readers can't make any changes They can inference and create images | change |
DataActions, NotDataActions | 2024-12-04 18:55:44 |
| b24988ac-6180-42a0-ab88-20f7382dd24c | Contributor | Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. | change |
NotActions | 2024-11-20 18:52:37 |
| 09976791-48a7-449e-bb21-39d1a415f350 | Communication and Email Service Owner | Create, read, modify, and delete Communications and Email Service resources. | add |
new Role | 2024-11-19 18:54:40 |
| c1410b24-3e69-4857-8f86-4d0a2e603250 | Quantum Workspace Data Contributor | Create, read, and modify jobs and other Workspace data. This role is in preview and subject to change. | add |
new Role | 2024-11-18 18:56:42 |
| ada52afe-776a-4b4d-a8f2-55670d3d8178 | Kubernetes Agent Subscription Level Operator | Grants Microsoft Defender for Cloud subscription level permissions needed to activate Containers plan | add |
new Role | 2024-11-14 18:51:40 |
| f3bd1b5c-91fa-40e7-afe7-0c11d331232c | Container Apps Operator | Read, logstream and exec into Container Apps. | change |
DataActions | 2024-11-13 18:53:54 |
| 8ea85a25-eb16-4e29-ab4d-6f2a26c711a2 | App Service Environment Contributor | Manage App Service Environments but not the App Service Plans or Websites that it hosts. | add |
new Role | 2024-11-11 18:54:47 |
| 97dfb3ce-e936-462c-9425-9cdb67e66d45 | Desktop Virtualization App Attach Contributor | Provide permission to manage app attach resources | add |
new Role | 2024-11-07 18:53:45 |
| bf94e731-3a51-4a7c-8c54-a1ab9971dfc1 | Container Registry Transfer Pipeline Contributor | Provides the ability to transfer, import, and export artifacts through configuring registry transfer pipelines that involve intermediary storage accounts and key vaults. Does not provide permissions to push or pull images. Does not provide permissions to create, manage, or list storage accounts or key vaults. Does not provide permissions to perform role assignments. | add |
new Role | 2024-11-06 18:56:37 |
| 0b6ca2e8-2cdc-4bd6-b896-aa3d8c21fc35 | Defender CSPM Storage Data Scanner | Grants access to read blobs and files. This role is used by the data scanner of Dfender CSPM. | change |
Actions, DataActions | 2024-11-06 18:56:37 |
| 0fb8eba5-a2bb-4abe-b1c1-49dfad359bb0 | Azure ContainerApps Session Executor | Create and execute sessions in a sessionPool | change |
DataActions | 2024-11-01 18:49:42 |
| 69b07be0-09bf-439a-b9a6-e73de851bd59 | Container Registry Configuration Reader and Data Access Configuration Reader | Provides permissions to list container registries and registry configuration properties. Provides permissions to list data access configuration such as admin user credentials, scope maps, and tokens, which can be used to read, write or delete repositories and images. Does not provide direct permissions to read, list, or write registry contents including repositories and images. Does not provide permissions to modify data plane content such as imports, Artifact Cache or Sync, and Transfer Pipelines. Does not provide permissions for managing Tasks. | add |
new Role | 2024-10-31 18:50:49 |
| 34e09817-6cbe-4d01-b1a2-e0eac5743d41 | Kubernetes Cluster - Azure Arc Onboarding | Role definition to authorize any user/service to create connectedClusters resource | change |
Actions | 2024-10-31 18:50:49 |
| fbc52c3f-28ad-4303-a892-8a056630b8f1 | AppGw for Containers Configuration Manager | Allows access and configuration updates to Application Gateway for Containers resource. | change |
DisplayName, Actions | 2024-10-29 18:54:58 |
| 566f0da3-e2a5-4393-9089-763f8bab8fb6 | Health Safeguards Data User | Allows processing of health data in all available Health Safeguards | add |
new Role | 2024-10-28 18:53:50 |
| 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b | App Configuration Data Owner | Allows full access to App Configuration data. | change |
NotDataActions | 2024-10-28 18:53:50 |
| 7fd69092-c9bc-4b59-9e2e-bca63317e147 | App Configuration Data SAS User | Allows the usage of SAS tokens for authentication. | add |
new Role | 2024-10-28 18:53:50 |
| 3bc748fc-213d-45c1-8d91-9da5725539b9 | Container Registry Contributor and Data Access Configuration Administrator | Provides permissions to create, list, and update container registries and registry configuration properties. Provides permissions to configure data access such as admin user credentials, scope maps, and tokens, which can be used to read, write or delete repositories and images. Does not provide direct permissions to read, list, or write registry contents including repositories and images. Does not provide permissions to modify data plane content such as imports, Artifact Cache or Sync, and Transfer Pipelines. Does not provide permissions for managing Tasks. | add |
new Role | 2024-10-25 17:51:38 |
| 4339b7cf-9826-4e41-b4ed-c7f4505dac08 | Trusted Signing Identity Verifier | Manage identity or business verification requests. This role is in preview and subject to change. | change |
DisplayName, DataActions | 2024-10-25 17:51:38 |
| 30b27cfc-9c84-438e-b0ce-70e35255df80 | Azure Kubernetes Fleet Manager RBAC Reader | Grants read-only access to most Kubernetes resources within a namespace in the fleet-managed hub cluster. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. | change |
DataActions | 2024-10-25 17:51:38 |
| 6f4fe6fc-f04f-4d97-8528-8bc18c848dca | Container Apps ConnectedEnvironments Contributor | Full management of Container Apps ConnectedEnvironments, including creation, deletion, and updates. | add |
new Role | 2024-10-23 17:54:47 |
| ff478a4e-8633-416e-91bc-ec33ce7c9516 | Azure Messaging Connectors Owner | Allows for full access to Azure Messaging Connectors resources. | add |
new Role | 2024-10-23 17:54:47 |
| 1a40e87e-6645-48e0-b27a-0b115d849a20 | Chaos Studio Operator | Can run and see details for experiments but cannot create experiments or manage targets and capabilities. | add |
new Role | 2024-10-22 17:52:41 |
| 7c2e40b7-25eb-482a-82cb-78ba06cb46d5 | Chaos Studio Experiment Contributor | Can create, run, and see details for experiments, onboard targets, and manage capabilities. | add |
new Role | 2024-10-22 17:52:41 |
| 29e2da8a-229c-4157-8ae8-cc72fc506b74 | Chaos Studio Reader | Can view targets, capabilities, experiments, and experiment details. | add |
new Role | 2024-10-22 17:52:41 |
| 434fb43a-c01c-447e-9f67-c3ad923cfaba | Azure Kubernetes Fleet Manager RBAC Admin | Grants read/write access to Kubernetes resources within a namespace in the fleet-managed hub cluster - provides write permissions on most objects within a a namespace, with the exception of ResourceQuota object and the namespace object itself. Applying this role at cluster scope will give access across all namespaces. | change |
DataActions | 2024-10-21 17:52:38 |
| 5af6afb3-c06c-4fa4-8848-71a8aee05683 | Azure Kubernetes Fleet Manager RBAC Writer | Grants read/write access to most Kubernetes resources within a namespace in the fleet-managed hub cluster. This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces. | change |
DataActions | 2024-10-21 17:52:38 |
| f2dc8367-1007-4938-bd23-fe263f013447 | Cognitive Services Speech User | Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models. | change |
DataActions | 2024-10-21 17:52:38 |
| 1dc4cd5a-de51-4ee4-bc8e-b40e9c17e320 | Azure Kubernetes Fleet Manager RBAC Cluster Writer | Grants read/write access to most Kubernetes cluster-scoped resources in the fleet-managed hub cluster. | add |
new Role | 2024-10-21 17:52:38 |
| bd80684d-2f5f-4130-892a-0955546282de | Azure Kubernetes Fleet Manager RBAC Cluster Reader | Grants read-only access to most Kubernetes cluster-scoped resources in the fleet-managed hub cluster. | add |
new Role | 2024-10-21 17:52:38 |
| 19c28022-e58e-450d-a464-0b2a53034789 | Cognitive Services Data Contributor (Preview) | Allows to call data plane APIs, but not any control plane APIs for Microsoft Cognitive Services. This role is in preview and subject to change. | add |
new Role | 2024-10-18 17:51:46 |
| d5adeb5b-107f-4aca-99ea-4e3f4fc008d5 | Container Apps ConnectedEnvironments Reader | Read access to Container Apps ConnectedEnvironments. | add |
new Role | 2024-10-18 17:51:46 |
| 90e8b822-3e73-47b5-868a-787dc80c008f | Elastic SAN Volume Importer | Allows for Importing Elastic San Volume | change |
Actions | 2024-10-18 17:51:46 |
| de754d53-652d-4c75-a67f-1e48d8b49c97 | Service Group Reader | Role Definition for reader of a Service Group | add |
new Role | 2024-10-18 17:51:46 |
| 32e6a4ec-6095-4e37-b54b-12aa350ba81f | Service Group Contributor | Role Definition for contributor of a Service Group | add |
new Role | 2024-10-18 17:51:46 |
| 4e50c84c-c78e-4e37-b47e-e60ffea0a775 | Service Group Administrator | Role Definition for administrator of a Service Group | add |
new Role | 2024-10-18 17:51:46 |
| 5c2d7e57-b7c2-4d8a-be4f-82afa42c6e95 | Azure Managed Grafana Workspace Contributor | Can manage Azure Managed Grafana resources, without providing access to the workspaces themselves. | add |
new Role | 2024-10-17 17:51:55 |
| 29fe4964-1e60-436b-bd3a-77fd4c178b3c | Azure Batch Account Contributor | Grants full access to manage all Batch resources, including Batch accounts, pools and jobs. | add |
new Role | 2024-10-16 17:55:33 |
| 6aaa78f1-f7de-44ca-8722-c64a23943cae | Azure Batch Data Contributor | Grants permissions to manage Batch pools and jobs but not to modify accounts. | add |
new Role | 2024-10-16 17:55:33 |
| 0b6ca2e8-2cdc-4bd6-b896-aa3d8c21fc35 | Defender CSPM Storage Data Scanner | Grants access to read blobs and files. This role is used by the data scanner of Dfender CSPM. | add |
new Role | 2024-10-16 17:55:33 |
| 48e5e92e-a480-4e71-aa9c-2778f4c13781 | Azure Batch Job Submitter | Lets you submit and manage jobs in the Batch account. | add |
new Role | 2024-10-16 17:55:33 |
| 11076f67-66f6-4be0-8f6b-f0609fd05cc9 | Azure Batch Account Reader | Lets you view all resources including pools and jobs in the Batch account. | add |
new Role | 2024-10-16 17:55:33 |
| bf2b6809-e9a5-4aea-a6e1-40a9dc8c43a7 | Landing Zone Account Owner | Microsoft.Sovereign Landing Zone Account Owner allowing to review and modify Landing Zone Account, Landing Zone Configurations, as well as reading and adding Landing Zone Registrations. Also enables read-access to policies and management groups for enabling the full user experience of the Sovereign Services RP in the Azure Portal (as otherwise some elements might not be accessible to end users). | add |
new Role | 2024-10-14 17:53:50 |
| 7b3e853f-ad5d-4fb5-a7b8-56a3581c7037 | IPAM Pool User | Read IPAM Pools and child resources. Create and remove associations. This role is in preview and subject to change. | change |
DisplayName, Actions | 2024-10-14 17:53:50 |
| 21bffb94-04c0-4ed0-b676-68bb926e832b | Microsoft.Windows365.CloudPcDelegatedMsis Writer User | Built in role to perform Write operations on CloudPcDelegatedMsis resources. | add |
new Role | 2024-10-14 17:53:50 |
| 2718b1f7-eb07-424e-8868-0137541392a1 | Landing Zone Account Reader | Microsoft.Sovereign Landing Zone Account Reader allowing to read Landing Zone Account, Landing Zone Configurations and Landing Zone Registrations. Also enables read-access to policies and management groups for enabling the full user experience of the Sovereign Services RP in the Azure Portal (as otherwise some elements might not be accessible to end users). | add |
new Role | 2024-10-14 17:53:50 |
| 9fc6112f-f48e-4e27-8b09-72a5c94e4ae9 | Azure Bot Service Contributor Role | To perform actions on the bots by copilot studio platform and extensibility team | change |
Actions | 2024-10-07 17:51:37 |
| d715fb95-a0f0-4f1c-8be6-5ad2d2767f67 | AVS Orchestrator Role | Custom role for AVS to manage customer resources used for AVS scenarios. | add |
new Role | 2024-10-04 17:51:49 |
| 80d0d6b0-f522-40a4-8886-a5a11720c375 | Durable Task Worker | Used by worker applications to interact with the Durable Task service | add |
new Role | 2024-10-04 17:51:49 |
| 0358943c-7e01-48ba-8889-02cc51d78637 | Azure Red Hat OpenShift Machine API Operator Role | Enables permissions for the operator to manage the lifecycle of specific purpose custom resource definitions (CRD), controllers, and RBAC objects that extend the Kubernetes API. This declares the desired state of machines in a cluster. | change |
DisplayName, Actions | 2024-10-03 17:51:55 |
| 4e9d0bd4-5aab-4f91-92df-9def33fe287c | CloudTest Contributor Role | Read, write, delete and perform actions on CloudTest Accounts, CloudTest Pools, 1ES Hosted Pools and 1ES Images. | add |
new Role | 2024-10-02 17:52:15 |
| 1dfc38e8-6ce7-447f-807c-029c65262c5f | Stream Analytics Reader | Read-only access to Clusters and Streaming Jobs | add |
new Role | 2024-10-02 17:52:15 |
| b78c5d69-af96-48a3-bf8d-a8b4d589de94 | Azure AI Administrator | A Built-In Role that has all control plane permissions to work with Azure AI and its dependencies. | change |
DisplayName, Actions | 2024-10-02 17:52:15 |
| 6e0c8711-85a0-4490-8365-8ec13c4560b4 | Stream Analytics Contributor | Contributor access to Clusters and Streaming Jobs | add |
new Role | 2024-10-02 17:52:15 |
| b6efc156-f0da-4e90-a50a-8c000140b017 | Service Fabric Cluster Contributor | Lets you manage your Service Fabric Cluster. Only provides Service Fabric permissions. You will need additional permissions to manage the cluster's underlying resources. | add |
new Role | 2024-10-01 17:52:47 |
| 8480c0f0-4509-4229-9339-7c10018cb8c4 | Defender CSPM Storage Scanner Operator | Lets you enable and configure Microsoft Defender CSPM's sensitive data discovery feature on your storage accounts. Includes an ABAC condition to limit role assignments. | change |
Actions | 2024-09-30 17:51:34 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
Actions | 2024-09-26 17:50:01 |
| 0b962ed2-6d56-471c-bd5f-3477d83a7ba4 | Azure Resource Notifications System Topics Subscriber | Lets you create system topics and event subscriptions on all system topics exposed currently and in the future by Azure Resource Notifications | change |
Actions | 2024-09-24 17:51:08 |
| 8c87871d-6201-42da-abb1-1c0c985ff71c | Microsoft PowerBI Tenant Operations Role | Allows management of tenant operations | add |
new Role | 2024-09-23 17:50:57 |
| a35466a1-cfd6-450a-b35e-683fcdf30363 | Azure Batch Service Orchestration Role | Grants the required permissions to Azure Batch Resource Provider to manage compute and other backing resources in the subscription. | add |
new Role | 2024-09-23 17:50:57 |
| 577a9874-89fd-4f24-9dbd-b5034d0ad23a | Container Registry Data Importer and Data Reader | Provides the ability to import images into a registry through the registry import operation. Provides the ability to list repositories, view images and tags, get manifests, and pull images. Does not provide permissions for importing images through configuring registry transfer pipelines such as import and export pipelines. Does not provide permissions for importing through configuring Artifact Cache or Sync rules. | add |
new Role | 2024-09-20 17:50:53 |
| 83f80186-3729-438c-ad2d-39e94d718838 | Service Fabric Managed Cluster Contributor | Lets you managed your Service Fabric Managed Cluster resources | add |
new Role | 2024-09-18 17:50:44 |
| 5e28a61e-8040-49db-b175-bb5b88af6239 | Community Owner Role | Community Owner Role to access the resources of Microsoft.Mission stored with RPSAAS. | change |
Actions | 2024-09-17 17:51:02 |
| 86fede04-b259-4277-8c3e-e26b9865abd8 | Enclave Reader Role | Enclave Reader Role to access the resources of Microsoft.Mission stored with RPSAAS. | change |
Actions | 2024-09-17 17:51:02 |
| e6aadb6b-e64f-41c0-9392-d2bba3bc3ebc | Community Reader Role | Community Reader Role to access the resources of Microsoft.Mission stored with RPSAAS. | change |
Actions | 2024-09-17 17:51:02 |
| 19feefae-eacc-4106-81fd-ac34c0671f14 | Enclave Contributor Role | Enclave Contributor Role to access the resources of Microsoft.Mission stored with RPSAAS. | change |
Actions | 2024-09-17 17:51:02 |
| 49435da6-99fe-48a5-a235-fc668b9dc04a | Community Contributor Role | Community Contributor Role to access the resources of Microsoft.Mission stored with RPSAAS. | change |
Actions | 2024-09-17 17:51:02 |
| 3d5f3eff-eb94-473d-91e3-7aac74d6c0bb | Enclave Owner Role | Enclave Owner Role to access the resources of Microsoft.Mission stored with RPSAAS. | change |
Actions | 2024-09-17 17:51:02 |
| fe86443c-f201-4fc4-9d2a-ac61149fbda0 | App Configuration Contributor | Grants permission for all management operations, except purge, for App Configuration resources. | add |
new Role | 2024-09-16 17:49:55 |
| 175b81b9-6e0d-490a-85e4-0d422273c10c | App Configuration Reader | Grants permission for read operations for App Configuration resources. | add |
new Role | 2024-09-16 17:49:55 |
| 9fc6112f-f48e-4e27-8b09-72a5c94e4ae9 | Azure Bot Service Contributor Role | To perform actions on the bots by copilot studio platform and extensibility team | add |
new Role | 2024-09-13 17:47:44 |
| 8d6517c1-e434-405c-9f3f-e0ae65085d76 | Azure Automanage Contributor | Azure Automanage Contributor | add |
new Role | 2024-09-10 17:48:48 |
| a959dbd1-f747-45e3-8ba6-dd80f235f97c | Desktop Virtualization Virtual Machine Contributor | This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines. | change |
Actions | 2024-09-10 17:48:48 |
| 77be276d-fb44-4f3b-beb5-9bf03c4cd2d3 | Operator Nexus Owner (Preview) | (Preview) This role allows full access to Azure Operator Nexus Network Cloud resources. This role is in preview and subject to change. | add |
new Role | 2024-09-09 17:51:20 |
| b9a307c4-5aa3-4b52-ba60-2b17c136cd7b | Container Apps Jobs Operator | Read, start, and stop Container Apps jobs. | add |
new Role | 2024-09-09 17:51:20 |
| d24ecba3-c1f4-40fa-a7bb-4588a071e8fd | VM Scanner Operator | Role that provides access to disk snapshot for security analysis. | change |
Actions | 2024-09-09 17:51:20 |
| b5b0c71d-aca9-4081-aee2-9b1bb335fc1a | Cognitive Services Face Contributor | Full access to perform all Face APIs | add |
new Role | 2024-09-03 17:52:47 |
| 2a740172-0fc2-4039-972c-b31864cd47d6 | Azure Device Update Agent | Provide full access to all Azure Device Update agent operations | add |
new Role | 2024-09-02 17:50:05 |
| a68e7c17-0ab2-4c09-9a58-125dae29748c | Key Vault Purge Operator | Allows permanent deletion of soft-deleted vaults. | add |
new Role | 2024-09-02 17:50:05 |
| 2142ea27-02ad-4094-bfea-2dbac6d24934 | Enclave Approver Role | Read all resources in Azure Virtual Enclaves and Approve approval requests within the Enclave | add |
new Role | 2024-08-30 17:48:46 |
| 207bcc4b-86a6-4487-9141-d6c1f4c238aa | Azure Edge On-Site Deployment Engineer | Grants you access to take actions as an on-site person to assist in the provisioning of an edge device | change |
Actions | 2024-08-30 17:48:46 |
| d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da | API Management Service Workspace API Product Manager | Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope. | change |
Actions | 2024-08-29 17:47:54 |
| 9565a273-41b9-4368-97d2-aeb0c976a9b3 | API Management Service Workspace API Developer | Has read access to tags and products and write access to allow: assigning APIs to products, assigning tags to products and APIs. This role should be assigned on the service scope. | change |
Actions | 2024-08-29 17:47:54 |
| db7003cd-07a9-490c-bfa5-23e40314f8d7 | Service Connector Contributor | Can Manage Service Connector. | add |
new Role | 2024-08-28 17:47:58 |
| be1a1ac2-09d3-4261-9e57-a73a6e227f53 | Procurement Contributor | Lets you manage the procurement of products and services. | change |
Actions | 2024-08-27 17:47:57 |
| cf7c76d2-98a3-4358-a134-615aa78bf44d | Compute Gallery Image Reader | This is the role for reading gallery images. | change |
DisplayName, Actions | 2024-08-27 17:47:57 |
| f5819b54-e033-4d82-ac66-4fec3cbf3f4c | Azure Connected Machine Resource Manager | Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group | change |
Actions | 2024-08-26 18:18:02 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
Actions | 2024-08-26 18:18:02 |
| 1a5682fc-4f12-4b25-927e-e8cfed0c539e | KubernetesRuntime Load Balancer Contributor Role | Read, write, and delete load balancers in an Arc connected Kubernetes cluster | add |
new Role | 2024-08-26 18:18:02 |
| cd570a14-e51a-42ad-bac8-bafd67325302 | Azure Connected Machine Resource Administrator | Can read, write, delete and re-onboard Azure Connected Machines. | change |
Actions | 2024-08-20 18:22:10 |
| b78c5d69-af96-48a3-bf8d-a8b4d589de94 | Azure AI Administrator Service Role | A Custom Role Assignment that has all permissions to work with Azure AI | add |
new Role | 2024-08-19 18:22:37 |
| a60b64c0-1adf-4051-956a-78f3ae578c7d | PostgreSQL Flexible Management Service Contributor | Create, read, modify, and delete required resources objects to be used by Azure PostgreSQL Flexible servers. | remove |
decommissioned Role | 2024-08-16 18:19:27 |
| 40c5ff49-9181-41f8-ae61-143b0e78555e | Desktop Virtualization Power On Off Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. | change |
Actions | 2024-08-16 18:19:27 |
| 0ad04412-c4d5-4796-b79c-f76d14c8d402 | Durable Task Data Contributor | Durable Task role for all data access operations. | add |
new Role | 2024-08-16 18:19:27 |
| 40c5ff49-9181-41f8-ae61-143b0e78555e | Desktop Virtualization Power On Off Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. | change |
Actions | 2024-08-15 18:18:54 |
| 44f0a1a8-6fea-4b35-980a-8ff50c487c97 | Operator Nexus Key Vault Writer Service Role (Preview) | (Preview) Provides Azure Operator Nexus services the ability to write to a Key Vault. This role is in preview and subject to change. | change |
Actions | 2024-08-14 19:48:07 |
| 40c5ff49-9181-41f8-ae61-143b0e78555e | Desktop Virtualization Power On Off Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. | change |
Actions | 2024-08-14 19:48:07 |
| 40c5ff49-9181-41f8-ae61-143b0e78555e | Desktop Virtualization Power On Off Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. | change |
Actions | 2024-08-14 18:18:52 |
| 358470bc-b998-42bd-ab17-a7e34c199c0f | Container Apps Contributor | Full management of Container Apps, including creation, deletion, and updates. | add |
new Role | 2024-08-13 18:20:01 |
| 57cc5028-e6a7-4284-868d-0611c5923f8d | Container Apps ManagedEnvironments Contributor | Full management of Container Apps ManagedEnvironments, including creation, deletion, and updates. | add |
new Role | 2024-08-13 18:20:01 |
| 1b32c00b-7eff-4c22-93e6-93d11d72d2d8 | Container Apps ManagedEnvironments Reader | Read access to ContainerApps managedenvironments. | add |
new Role | 2024-08-13 18:20:01 |
| f3bd1b5c-91fa-40e7-afe7-0c11d331232c | Container Apps Operator | Read, logstream and exec into Container Apps. | add |
new Role | 2024-08-13 18:20:01 |
| 40c5ff49-9181-41f8-ae61-143b0e78555e | Desktop Virtualization Power On Off Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. | change |
Actions | 2024-08-13 18:20:01 |
| af61e8fc-2633-4b95-bed3-421ad6826515 | Container Apps SessionPools Reader | Read access to ContainerApps sessionpools. | add |
new Role | 2024-08-13 18:20:01 |
| 1af232de-e806-426f-8ca1-c36142449755 | Bayer Ag Powered Services Field Imagery Solution Service Role | Provide access to Field Imagery Solution by Bayer Ag Powered Services | add |
new Role | 2024-08-13 18:20:01 |
| f7669afb-68b2-44b4-9c5f-6d2a47fddda0 | Container Apps SessionPools Contributor | Full management of Container Apps SessionPools, including creation, deletion, and updates. | add |
new Role | 2024-08-13 18:20:01 |
| 4e3d2b60-56ae-4dc6-a233-09c8e5a82e68 | Container Apps Jobs Contributor | Full management of Container Apps jobs, including creation, deletion, and updates. | add |
new Role | 2024-08-13 18:20:01 |
| edd66693-d32a-450b-997d-0158c03976b0 | Container Apps Jobs Reader | Read access to ContainerApps jobs | add |
new Role | 2024-08-13 18:20:01 |
| a9b99099-ead7-47db-8fcf-072597a61dfa | Bayer Ag Powered Services CWUM Solution | Provide access to CWUM Solution by Bayer Ag Powered Services | change |
DataActions | 2024-08-13 18:20:01 |
| 331c37c6-af14-46d9-b9f4-e1909e1b95a0 | DevCenter Project Admin | Provides access to manage project resources. | change |
DataActions | 2024-08-12 18:17:43 |
| 40c5ff49-9181-41f8-ae61-143b0e78555e | Desktop Virtualization Power On Off Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. | change |
Actions | 2024-08-12 18:17:43 |
| 5e93ba01-8f92-4c7a-b12a-801e3df23824 | Kubernetes Agent Operator | Grants Microsoft Defender for Cloud access to Azure Kubernetes Services | change |
Actions | 2024-08-09 18:18:05 |
| cf7c76d2-98a3-4358-a134-615aa78bf44d | Compute Gallery Image Version Reader | This is the role for reading gallery image versions. | add |
new Role | 2024-08-09 18:18:05 |
| 40c5ff49-9181-41f8-ae61-143b0e78555e | Desktop Virtualization Power On Off Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. | change |
Actions | 2024-08-09 18:18:05 |
| bda0d508-adf1-4af0-9c28-88919fc3ae06 | Azure Stack HCI Administrator | Grants full access to the cluster and its resources, including the ability to register Azure Stack HCI and assign others as Azure Arc HCI VM Contributor and/or Azure Arc HCI VM Reader | change |
Actions | 2024-08-08 18:19:52 |
| 40c5ff49-9181-41f8-ae61-143b0e78555e | Desktop Virtualization Power On Off Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. | change |
Actions | 2024-08-08 18:19:52 |
| f5819b54-e033-4d82-ac66-4fec3cbf3f4c | Azure Connected Machine Resource Manager | Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group | change |
Actions | 2024-08-08 18:19:52 |
| b5b192c1-773c-4543-bfb0-6c59254b74a9 | Bayer Ag Powered Services Historical Weather Data Solution User Role | Provide access to Historical Weather Data Solution by Bayer Ag Powered Services | change |
DataActions | 2024-08-08 18:19:52 |
| 40c5ff49-9181-41f8-ae61-143b0e78555e | Desktop Virtualization Power On Off Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. | change |
Actions | 2024-08-07 18:20:44 |
| 40c5ff49-9181-41f8-ae61-143b0e78555e | Desktop Virtualization Power On Off Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. | change |
Actions | 2024-08-06 18:20:07 |
| a60b64c0-1adf-4051-956a-78f3ae578c7d | PostgreSQL Flexible Management Service Contributor | Create, read, modify, and delete required resources objects to be used by Azure PostgreSQL Flexible servers. | add |
new Role | 2024-08-06 18:20:07 |
| 9295f069-25d0-4f44-bb6a-3da70d11aa00 | Azure Edge Hardware Center Administrator | Grants you access to take actions as an edge order administrator | add |
new Role | 2024-08-06 18:20:07 |
| de139f84-1756-47ae-9be6-808fbbe84772 | Website Contributor | Lets you manage websites (not web plans), but not access to them. | change |
Actions | 2024-08-05 18:24:48 |
| 40c5ff49-9181-41f8-ae61-143b0e78555e | Desktop Virtualization Power On Off Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. | change |
Actions | 2024-08-05 18:24:48 |
| 56328988-075d-4c6a-8766-d93edd6725b6 | API Management Workspace API Developer | Has read access to entities in the workspace and read and write access to entities for editing APIs. This role should be assigned on the workspace scope. | change |
Actions | 2024-07-19 18:16:28 |
| 136d308c-0937-4a49-9bd7-edfb42adbffc | Disk Encryption Set Operator for Managed Disks | Provides permissions to read, write or delete disk encryption sets which are used for encrypting managed disks with customer managed keys | add |
new Role | 2024-07-19 18:16:28 |
| 41e04612-9dac-4699-a02b-c82ff2cc3fb5 | Grafana Limited Viewer | View home page. | add |
new Role | 2024-07-18 18:18:37 |
| 8ad4d0ee-9bfb-49e8-93fc-01abb8db6240 | Transparency Logs Owner | Grants full access to manage Transparency Log resources. | add |
new Role | 2024-07-17 18:20:49 |
| 0b962ed2-6d56-471c-bd5f-3477d83a7ba4 | Azure Resource Notifications System Topics Subscriber | Lets you create system topics and event subscriptions on all system topics exposed currently and in the future by Azure Resource Notifications | change |
Actions | 2024-07-15 18:22:58 |
| 83ee7727-862c-4213-8ed8-2ce6c5d69a40 | Microsoft.Edge Winfields federated subscription read access role | Microsoft.Edge Winfields role for read access on federated subscriptions | add |
new Role | 2024-07-15 18:22:58 |
| fd1bd22b-8476-40bc-a0bc-69b95687b9f3 | Attestation Reader | Can read the attestation provider properties | change |
Actions | 2024-07-11 18:19:09 |
| 6cdbb904-5ff3-429d-8169-7d7818b91bd8 | Connector Reader | Read connectors and their associated resources, such as impacts and insights. | add |
new Role | 2024-07-11 18:19:09 |
| 5d977122-f97e-4b4d-a52f-6b43003ddb4d | Azure Container Instances Contributor Role | Grants read/write access to container groups provided by Azure Container Instances | add |
new Role | 2024-07-10 18:24:21 |
| 4aa368ec-fba9-4e93-81ed-396b3d461cc5 | Operator Nexus Compute Contributor Role (Preview) | (Preview) Manage and configure Azure Operator Nexus infrastructure resources. This role is in preview and subject to change. | add |
new Role | 2024-07-10 18:24:21 |
| 0847e196-2fd2-4c2f-a48c-fca6fd030f44 | HDInsight Cluster Admin | Can read, create, modify and delete HDInsight clusters, configuration, extensions, etc. | add |
new Role | 2024-07-04 18:22:05 |
| dfce8971-25e3-42e3-ba33-6055438e3080 | VM Restore Operator | Create and Delete resources during VM Restore. This role is in preview and subject to change. | add |
new Role | 2024-07-03 18:20:57 |
| c99c945f-8bd1-4fb1-a903-01460aae6068 | Azure Stack HCI Connected InfraVMs | Role of Arc Integration for Azure Stack HCI Infrastructure Virtual Machines. | add |
new Role | 2024-07-03 18:20:57 |
| a3ab03bc-5350-42ff-b0d5-00207672db55 | ProviderHub Contributor | Allows you to create and manage Microsoft.ProviderHub resources through the Resource Provider Platform. Does not allow you to assign roles in Azure RBAC. | add |
new Role | 2024-07-02 18:18:58 |
| 4d8c6f2e-3fd6-4d40-826e-93e3dc4c3fc1 | ProviderHub Reader | Allows you to view all Microsoft.ProviderHub resources created through the Resource Provider Platform, but does not allow you to make any changes to the resources. | add |
new Role | 2024-07-02 18:18:58 |
| 7656b436-37d4-490a-a4ab-d39f838f0042 | HDInsight on AKS Cluster Pool Admin | Can read, create, modify and delete HDInsight on AKS cluster pools and create clusters | change |
Actions | 2024-07-01 18:19:32 |
| 0f641de8-0b88-4198-bdef-bd8b45ceba96 | Defender for Storage Scanner Operator | Lets you enable and configure Microsoft Defender for Storage's malware scanning and sensitive data discovery features on your storage accounts. Includes an ABAC condition to limit role assignments. | change |
Actions | 2024-07-01 18:19:32 |
| bcf28286-af25-4c81-bb6f-351fcab5dbe9 | HDInsight on AKS Cluster Operator | Grants a user/group the ability to read cluster configurations, resize clusters and run jobs | add |
new Role | 2024-07-01 18:19:32 |
| fd036e6b-1266-47a0-b0bb-a05d04831731 | HDInsight on AKS Cluster Admin | Grants a user/group the ability to create, delete and manage clusters within a given cluster pool. Cluster Admin can also run workloads, monitor, and manage all user activity on these clusters. | change |
Actions | 2024-07-01 18:19:32 |
| ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8 | Azure Kubernetes Service Contributor Role | Grants access to read and write Azure Kubernetes Service clusters | change |
Actions | 2024-06-25 19:05:04 |
| e82342c9-ac7f-422b-af64-e426d2e12b2d | Compute Recommendations Role | Grants permissions to call Compute Recommendations APIs provided by Compute Diagnostic Resource Provider service. | add |
new Role | 2024-06-24 15:12:47 |
| 4b3fe76c-f777-4d24-a2d7-b027b0f7b273 | Azure Stack HCI VM Reader | Grants permissions to view VMs | change |
Actions | 2024-06-21 18:14:52 |
| 874d1c73-6003-4e60-a13a-cb31ea190a85 | Azure Stack HCI VM Contributor | Grants permissions to perform all VM actions | change |
Actions | 2024-06-21 18:14:52 |
| 85a2d0d9-2eba-4c9c-b355-11c2cc0788ab | Compute Gallery Artifacts Publisher | This is the role for publishing gallery artifacts. | add |
new Role | 2024-06-20 18:17:31 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
Actions | 2024-06-20 18:17:31 |
| 2ccf8795-8983-4912-8036-1c45212c95e8 | ToolchainOrchestrator Admin Role | Allows ToolchainOrchestrator Admin to do all management actions for symphony resources. | add |
new Role | 2024-06-20 18:17:31 |
| c5826735-177b-4a0d-a9a3-d0e4b4bda107 | ToolchainOrchestrator Viewer Role | Allows ToolchainOrchestrator Viewer to do all management read actions for ToolchainOrchestrator resources. | add |
new Role | 2024-06-20 18:17:31 |
| 39fcb0de-8844-4706-b050-c28ddbe3ff83 | Standby Container Group Pool Contributor | Allows users to manage standby container group pool resources. | add |
new Role | 2024-06-17 16:26:04 |
| 96062cf7-95ca-4f89-9b9d-2a2aa47356af | Azure Container Registry secure supply chain operator service role | Grants Microsoft Defender for Cloud access to Azure Container Registry for security assessment of container images | add |
new Role | 2024-06-12 18:18:58 |
| f5819b54-e033-4d82-ac66-4fec3cbf3f4c | Azure Connected Machine Resource Manager | Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group | change |
Actions | 2024-06-11 18:18:33 |
| 78e4b983-1a0b-472e-8b7d-8d770f7c5890 | DeID Data Owner | Full access to DeID data. This role is in preview and subject to change | add |
new Role | 2024-06-07 18:14:26 |
| b93aa761-3e63-49ed-ac28-beffa264f7ac | ACR Repository Reader | ACR Repository Reader | add |
new Role | 2024-06-05 18:15:20 |
| 2a1e307c-b015-4ebd-883e-5b7698a07328 | ACR Repository Writer | ACR Repository Writer | add |
new Role | 2024-06-05 18:15:20 |
| 2efddaa5-3f1f-4df3-97df-af3f13818f4c | ACR Repository Contributor | ACR Repository Contributor | add |
new Role | 2024-06-05 18:15:20 |
| bfdb9389-c9a5-478a-bb2f-ba9ca092c3c7 | ACR Registry Catalog Lister | ACR Registry Catalog Lister | add |
new Role | 2024-06-05 18:15:20 |
| c18f9900-27b8-47c7-a8f0-5b3b3d4c2bc2 | Microsoft Sentinel Business Applications Agent Operator | List and update actions on a business applications system. This role is in preview and subject to change. | change |
Actions | 2024-06-05 18:15:20 |
| f5819b54-e033-4d82-ac66-4fec3cbf3f4c | Azure Connected Machine Resource Manager | Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group | change |
Actions | 2024-06-04 18:17:09 |
| 5e93ba01-8f92-4c7a-b12a-801e3df23824 | Kubernetes Agent Operator | Grants Microsoft Defender for Cloud access to Azure Kubernetes Services | change |
Actions | 2024-06-03 17:40:03 |
| 56328988-075d-4c6a-8766-d93edd6725b6 | API Management Workspace API Developer | Has read access to entities in the workspace and read and write access to entities for editing APIs. This role should be assigned on the workspace scope. | change |
Actions | 2024-05-31 18:17:32 |
| 74252426-c508-480e-9345-4607bbebead4 | Azure Spring Apps Spring Cloud Config Server Log Reader Role | Read real-time logs for Spring Cloud Config Server in Azure Spring Apps | add |
new Role | 2024-05-29 18:33:10 |
| a9b99099-ead7-47db-8fcf-072597a61dfa | Bayer Ag Powered Services CWUM Solution | Provide access to CWUM Solution by Bayer Ag Powered Services | change |
DataActions | 2024-05-28 17:12:28 |
| c4bc862a-3b64-4a35-a021-a380c159b042 | Bayer Ag Powered Services GDU Solution | Provide access to GDU Solution by Bayer Ag Powered Services | change |
DataActions | 2024-05-28 17:12:28 |
| 539283cd-c185-4a9a-9503-d35217a1db7b | Bayer Ag Powered Services Smart Boundary Solution User Role | Provide access to Smart Boundary Solution by Bayer Ag Powered Services | change |
DataActions | 2024-05-28 17:12:28 |
| ef29765d-0d37-4119-a4f8-f9f9902c9588 | Bayer Ag Powered Services Imagery Solution | Provide access to Imagery Solution by Bayer Ag Powered Services | change |
DataActions | 2024-05-28 17:12:28 |
| 4cfdd23b-aece-4fd1-b614-ad3a06c53453 | Oracle.Database Exadata Infrastructure Administrator Built-in Role | Grants full access to manage all Exadata Infrastructure resources | add |
new Role | 2024-05-22 21:01:22 |
| d623d097-b882-4e1e-a26f-ac60e31065a1 | Oracle.Database Reader Built-in Role | Grants read access to all Oracle.Database resources | add |
new Role | 2024-05-22 21:01:22 |
| e2217c0e-04bb-4724-9580-91cf9871bc01 | GroupQuota Request Operator | Read and create GroupQuota requests, get GroupQuota request status, and get groupQuotaLimits. | change |
Actions | 2024-05-22 18:03:37 |
| ddc140ed-e463-4246-9145-7c664192013f | Azure Arc VMware Administrator role | Arc VMware VM Contributor has permissions to perform all connected VMwarevSphere actions. | change |
Actions | 2024-05-21 18:05:11 |
| 0fb8eba5-a2bb-4abe-b1c1-49dfad359bb0 | Azure ContainerApps Session Executor | Create and execute sessions in a sessionPool | change |
DisplayName, Actions | 2024-05-20 18:06:19 |
| adb29209-aa1d-457b-a786-c913953d2891 | Azure Deployment Stack Owner | Allows a user to manage deployment stacks, including those with deny assignments. | add |
new Role | 2024-05-16 18:05:17 |
| 39138f76-04e6-41f0-ba6b-c411b59081a9 | Bayer Ag Powered Services Crop Id Solution User Role | Provide access to Crop Id Solution by Bayer Ag Powered Services | change |
DataActions | 2024-05-16 18:05:17 |
| 749a398d-560b-491b-bb21-08924219302e | Load Test Contributor | View, create, update, delete and execute load tests. View and list load test resources but can not make any changes. | change |
DataActions | 2024-05-16 18:05:17 |
| 3ae3fb29-0000-4ccd-bf80-542e7b26e081 | Load Test Reader | View and list all load tests and load test resources but can not make any changes | change |
DataActions | 2024-05-16 18:05:17 |
| bf7f8882-3383-422a-806a-6526c631a88a | Azure Deployment Stack Contributor | Allows a user to manage deployment stacks, but cannot create or delete deny assignments within the deployment stack. | add |
new Role | 2024-05-16 18:05:17 |
| b24988ac-6180-42a0-ab88-20f7382dd24c | Contributor | Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. | change |
NotActions | 2024-05-16 18:05:17 |
| a5eb8433-97a5-4a06-80b2-a877e1622c31 | Nexus Network Fabric Service Writer | Read-write access to Nexus Network Fabric Service | add |
new Role | 2024-05-13 17:45:16 |
| 6cd4ddd5-44f4-45bf-853e-a23e79738ce8 | Copilot for Azure User | Enables users access to Copilot for Azure. | change |
Actions | 2024-05-13 17:45:16 |
| 05fdd44c-adc6-4aff-981c-61041f0c929a | Nexus Network Fabric Service Reader | Read-only access to Nexus Network Fabric Service | add |
new Role | 2024-05-13 17:45:16 |
| 6cd4ddd5-44f4-45bf-853e-a23e79738ce8 | Copilot for Azure User | Enables users access to Copilot for Azure. | add |
new Role | 2024-05-08 17:44:38 |
| b67fe603-310e-4889-b9ee-8257d09d353d | Scheduled Events Contributor | Provides access to scheduled event actions | add |
new Role | 2024-05-06 19:18:21 |
| 91422e52-bb88-4415-bb4a-90f5b71f6dcb | Azure Spring Apps Job Execution Instance List Role | List instances for job executions in Azure Spring Apps | add |
new Role | 2024-05-03 17:44:59 |
| 5e467623-bb1f-42f4-a55d-6e525e11384b | Backup Contributor | Lets you manage backups, but can't delete vaults and give access to others | change |
Description, Actions | 2024-05-03 17:44:59 |
| b459aa1d-e3c8-436f-ae21-c0531140f43e | Azure Spring Apps Job Log Reader Role | Read real-time logs for jobs in Azure Spring Apps | add |
new Role | 2024-05-03 17:44:59 |
| 00c29273-979b-4161-815c-10b084fb9324 | Backup Operator | Lets you manage backup services, except removal of backup, vault creation and giving access to others | change |
Actions | 2024-05-03 17:44:59 |
| c18f9900-27b8-47c7-a8f0-5b3b3d4c2bc2 | Microsoft Sentinel Business Applications Agent Operator | List and update actions on a business applications system. This role is in preview and subject to change. | change |
Actions | 2024-05-03 17:44:59 |
| 95dd08a6-00bd-4661-84bf-f6726f83a4d0 | Azure Container Storage Contributor | Lets you install Azure Container Storage and manage its storage resources | add |
new Role | 2024-05-02 17:48:17 |
| a795c7a0-d4a2-40c1-ae25-d81f01202912 | Backup Reader | Can view backup services, but can't make changes | change |
Actions | 2024-05-02 17:48:17 |
| 95de85bd-744d-4664-9dde-11430bc34793 | Azure Container Storage Owner | Lets you install Azure Container Storage and grants access to its storage resources | add |
new Role | 2024-05-02 17:48:17 |
| 39138f76-04e6-41f0-ba6b-c411b59081a9 | Bayer Ag Powered Services Crop Id Solution User Role | Provide access to Crop Id Solution by Bayer Ag Powered Services | add |
new Role | 2024-04-30 17:48:19 |
| 8480c0f0-4509-4229-9339-7c10018cb8c4 | Defender CSPM Storage Scanner Operator | Lets you enable and configure Microsoft Defender CSPM's sensitive data discovery feature on your storage accounts. Includes an ABAC condition to limit role assignments. | add |
new Role | 2024-04-30 17:48:19 |
| 0f641de8-0b88-4198-bdef-bd8b45ceba96 | Defender for Storage Scanner Operator | Lets you enable and configure Microsoft Defender for Storage's malware scanning and sensitive data discovery features on your storage accounts. Includes an ABAC condition to limit role assignments. | add |
new Role | 2024-04-30 17:48:19 |
| c7244dfb-f447-457d-b2ba-3999044d1706 | Azure API Center Data Reader | Allows for access to Azure API Center data plane read operations. | change |
DataActions | 2024-04-30 17:48:19 |
| 28c0d4cd-558d-4de9-91a0-faa18e7b3266 | Savings plan Contributor | Lets you read and manage savings plans but cannot delegate savings plan-related roles | add |
new Role | 2024-04-23 15:07:34 |
| 182a574c-b3c6-4acc-b019-48ae44cd4677 | Savings plan Administrator | Lets you read, manage savings plans and delegate savings plan-related roles | change |
Description, Actions | 2024-04-23 15:07:34 |
| 5d3f1697-4507-4d08-bb4a-477695db5f82 | Azure Kubernetes Service Arc Contributor Role | Grants access to read and write Azure Kubernetes Services hybrid clusters | change |
Actions | 2024-04-17 17:45:34 |
| ef318e2a-8334-4a05-9e4a-295a196c6a6e | Azure Red Hat OpenShift Federated Credential Role | This role grants the permissions required in order to patch cluster managed identities with the federated credential to build a trust relationship between the managed identity, OIDC, and the service account. | add |
new Role | 2024-04-15 17:47:24 |
| a1f96423-95ce-4224-ab27-4e3dc72facd4 | Azure RedHat OpenShift Cloud Controller Manager Role | Enables permissions for the operator to manage and update the cloud controller managers deployed on top of OpenShift. | change |
Actions | 2024-04-15 17:47:24 |
| be7a6435-15ae-4171-8f30-4a343eff9e8f | Azure RedHat OpenShift Network Operator Role | Enables permissions to install and upgrade the networking components on an OpenShift cluster. | change |
Actions | 2024-04-15 17:47:24 |
| 5b7237c5-45e1-49d6-bc18-a1f62f400748 | Azure RedHat OpenShift Storage Operator Role | Enables permissions to set OpenShift cluster-wide storage defaults. It ensures a default storageclass exists for clusters. It also installs Container Storage Interface (CSI) drivers which enable your cluster to use various storage backends. | change |
Actions | 2024-04-15 17:47:24 |
| 0336e1d3-7a87-462b-b6db-342b63f7802c | Azure RedHat OpenShift Cluster Ingress Operator Role | Enables permissions for the operator to configure and manage the OpenShift router. | change |
Actions | 2024-04-15 17:47:24 |
| 0d7aedc0-15fd-4a67-a412-efad370c947e | Azure RedHat OpenShift Azure Files Storage Operator Role | Enables permissions to set OpenShift cluster-wide storage defaults. It ensures a default storageclass exists for clusters. It also installs Container Storage Interface (CSI) drivers which enable your cluster to use Azure Files. | change |
Actions | 2024-04-15 17:47:24 |
| 8b32b316-c2f5-4ddf-b05b-83dacd2d08b5 | Azure RedHat OpenShift Image Registry Operator Role | Enables permissions for the operator to manage a singleton instance of the OpenShift image registry. It manages all configuration of the registry, including creating storage. | change |
Actions, DataActions | 2024-04-15 17:47:24 |
| 0e75ca1e-0464-4b4d-8b93-68208a576181 | Cognitive Services Speech Contributor | Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice. | change |
DataActions | 2024-04-15 17:47:24 |
| 5e0bd9bd-7b93-4f28-af87-19fc36ad61bd | Cognitive Services OpenAI User | Ability to view files, models, deployments. Readers can't make any changes They can inference and create images | change |
Description, DataActions | 2024-04-15 17:47:24 |
| 4436bae4-7702-4c84-919b-c4069ff25ee2 | Azure RedHat OpenShift Service Operator | The ARO Operator is responsible for maintaining features, checks, and resources that are specific to an Azure Red Hat OpenShift cluster's continued functionality as a managed service. This includes, but is not limited to, machine management and health, network configuration, and monitoring. | change |
Actions | 2024-04-15 17:47:24 |
| 0358943c-7e01-48ba-8889-02cc51d78637 | Azure RedHat OpenShift Machine API Operator Role | Enables permissions for the operator to manage the lifecycle of specific purpose custom resource definitions (CRD), controllers, and RBAC objects that extend the Kubernetes API. This declares the desired state of machines in a cluster. | change |
Actions | 2024-04-15 17:47:24 |
| f2dc8367-1007-4938-bd23-fe263f013447 | Cognitive Services Speech User | Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models. | change |
DataActions | 2024-04-15 17:47:24 |
| 8bb6f106-b146-4ee6-a3f9-b9c5a96e0ae5 | Defender Kubernetes Agent Operator | Grants Microsoft Defender for Cloud permissions to provision the Kubernetes defender security agent | change |
Actions | 2024-04-09 17:48:20 |
| 0fb8eba5-a2bb-4abe-b1c1-49dfad359bb0 | Azure ContainerApps Session Creator | Create and execute sessions in a sessionPool | add |
new Role | 2024-04-08 17:52:45 |
| 4caf51ec-f9f5-413f-8a94-b9f5fddba66b | Oracle Subscriptions Manager Built-in Role | Grants full access to manage all Oracle Subscriptions resources | change |
Actions | 2024-04-08 17:52:45 |
| e9ce8739-6fa2-4123-a0a2-0ef41a67806f | Oracle.Database VmCluster Administrator Built-in Role | Grants full access to manage all VmCluster resources | change |
Actions | 2024-04-08 17:52:45 |
| 4562aac9-b209-4bd7-a144-6d7f3bb516f4 | Oracle.Database Owner Built-in Role | Grants full access to manage all Oracle.Database resources | change |
Actions | 2024-04-08 17:52:45 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
Actions | 2024-04-05 19:55:31 |
| ad710c24-b039-4e85-a019-deb4a06e8570 | Logic Apps Standard Contributor (Preview) | You can manage all aspects of a Standard logic app and workflows. You can't change access or ownership. | change |
Description, Actions | 2024-04-05 19:55:31 |
| c18f9900-27b8-47c7-a8f0-5b3b3d4c2bc2 | Microsoft Sentinel Business Applications Agent Operator | List and update actions on a business applications system. This role is in preview and subject to change. | add |
new Role | 2024-04-05 19:55:31 |
| b70c96e9-66fe-4c09-b6e7-c98e69c98555 | Logic Apps Standard Operator (Preview) | You can enable and disable the logic app, resubmit workflow runs, as well as create connections. You can't edit workflows or settings. | change |
Description, Actions | 2024-04-05 19:55:31 |
| 523776ba-4eb2-4600-a3c8-f2dc93da4bdb | Logic Apps Standard Developer (Preview) | You can create and edit workflows, connections, and settings for a Standard logic app. You can't make changes outside the workflow scope. | change |
Description, Actions | 2024-04-05 19:55:31 |
| 4accf36b-2c05-432f-91c8-5c532dff4c73 | Logic Apps Standard Reader (Preview) | You have read-only access to all resources in a Standard logic app and workflows, including the workflow runs and their history. | change |
Description, Actions | 2024-04-05 19:55:31 |
| 3e150937-b8fe-4cfb-8069-0eaf05ecd056 | Microsoft Sentinel Responder | Microsoft Sentinel Responder | change |
Actions | 2024-04-04 18:27:29 |
| 5d9c6a55-fc0e-4e21-ae6f-f7b095497342 | Azure Hybrid Database Administrator - Read Only Service Role | Read only access to Azure hybrid database services resources. | add |
new Role | 2024-04-04 18:27:29 |
| b5b192c1-773c-4543-bfb0-6c59254b74a9 | Bayer Ag Powered Services Historical Weather Data Solution User Role | Provide access to Historical Weather Data Solution by Bayer Ag Powered Services | add |
new Role | 2024-04-03 19:06:57 |
| e40ec5ca-96e0-45a2-b4ff-59039f2c2b59 | Managed Identity Contributor | Create, Read, Update, and Delete User Assigned Identity | change |
Actions | 2024-04-01 20:01:14 |
| 4b3fe76c-f777-4d24-a2d7-b027b0f7b273 | Azure Stack HCI VM Reader | Grants permissions to view VMs | change |
Actions | 2024-04-01 20:01:14 |
| 4e9b8407-af2e-495b-ae54-bb60a55b1b5a | Chamber Admin | Lets you manage everything under your Modeling and Simulation Workbench chamber. | change |
NotActions | 2024-04-01 20:01:14 |
| 4dae6930-7baf-46f5-909e-0383bc931c46 | Azure Customer Lockbox Approver for Subscription | Can approve Microsoft support requests to access specific resources contained within a subscription, or the subscription itself, when Customer Lockbox for Microsoft Azure is enabled on the tenant where the subscription resides. - in Public Preview. | change |
Description, Actions | 2024-03-29 18:59:49 |
| 25211fc6-dc78-40b6-b205-e4ac934fd9fd | Azure Spring Apps Application Configuration Service Config File Pattern Reader Role | Read content of config file pattern for Application Configuration Service in Azure Spring Apps | add |
new Role | 2024-03-28 18:44:28 |
| f27b7598-bc64-41f7-8a44-855ff16326c2 | Azure Messaging Catalog Data Owner | Allows for full access to Azure Messaging Catalog resources. | add |
new Role | 2024-03-28 18:44:28 |
| 4cfdd23b-aece-4fd1-b614-ad3a06c53453 | Oracle.Database Exadata Infrastructure Administrator Built-in Role | Grants full access to manage all Exadata Infrastructure resources | remove |
decommissioned Role | 2024-03-27 18:49:34 |
| d623d097-b882-4e1e-a26f-ac60e31065a1 | Oracle.Database Reader Built-in Role | Grants read access to see all Oracle VmCluster resources | remove |
decommissioned Role | 2024-03-27 18:49:34 |
| e6aadb6b-e64f-41c0-9392-d2bba3bc3ebc | Community Reader Role | Community Reader Role to access the resources of Microsoft.Mission stored with RPSAAS. | change |
Actions | 2024-03-26 18:41:13 |
| 4caf51ec-f9f5-413f-8a94-b9f5fddba66b | Oracle Subscriptions Manager Built-in Role | Grants full access to manage all Oracle Subscriptions resources | add |
new Role | 2024-03-26 18:41:13 |
| 5e28a61e-8040-49db-b175-bb5b88af6239 | Community Owner Role | Community Owner Role to access the resources of Microsoft.Mission stored with RPSAAS. | change |
Actions | 2024-03-26 18:41:13 |
| 4cfdd23b-aece-4fd1-b614-ad3a06c53453 | Oracle.Database Exadata Infrastructure Administrator Built-in Role | Grants full access to manage all Exadata Infrastructure resources | add |
new Role | 2024-03-26 18:41:13 |
| fd036e6b-1266-47a0-b0bb-a05d04831731 | HDInsight on AKS Cluster Admin | Grants a user/group the ability to create, delete and manage clusters within a given cluster pool. Cluster Admin can also run workloads, monitor, and manage all user activity on these clusters. | change |
Actions | 2024-03-26 18:41:13 |
| 19feefae-eacc-4106-81fd-ac34c0671f14 | Enclave Contributor Role | Enclave Contributor Role to access the resources of Microsoft.Mission stored with RPSAAS. | change |
Actions | 2024-03-26 18:41:13 |
| d623d097-b882-4e1e-a26f-ac60e31065a1 | Oracle.Database Reader Built-in Role | Grants read access to see all Oracle VmCluster resources | add |
new Role | 2024-03-26 18:41:13 |
| 49435da6-99fe-48a5-a235-fc668b9dc04a | Community Contributor Role | Community Contributor Role to access the resources of Microsoft.Mission stored with RPSAAS. | change |
Actions | 2024-03-26 18:41:13 |
| 7656b436-37d4-490a-a4ab-d39f838f0042 | HDInsight on AKS Cluster Pool Admin | Can read, create, modify and delete HDInsight on AKS cluster pools and create clusters | change |
Actions | 2024-03-26 18:41:13 |
| 4562aac9-b209-4bd7-a144-6d7f3bb516f4 | Oracle.Database Owner Built-in Role | Grants full access to manage all Oracle.Database resources | add |
new Role | 2024-03-26 18:41:13 |
| 86fede04-b259-4277-8c3e-e26b9865abd8 | Enclave Reader Role | Enclave Reader Role to access the resources of Microsoft.Mission stored with RPSAAS. | change |
Actions | 2024-03-26 18:41:13 |
| 3d5f3eff-eb94-473d-91e3-7aac74d6c0bb | Enclave Owner Role | Enclave Owner Role to access the resources of Microsoft.Mission stored with RPSAAS. | change |
Actions | 2024-03-26 18:41:13 |
| e9ce8739-6fa2-4123-a0a2-0ef41a67806f | Oracle.Database VmCluster Administrator Built-in Role | Grants full access to manage all VmCluster resources | add |
new Role | 2024-03-26 18:41:13 |
| 08d4c71a-cc63-4ce4-a9c8-5dd251b4d619 | Azure Container Storage Operator | Role required by a Managed Identity for Azure Container Storage operations | change |
Actions | 2024-03-25 19:17:46 |
| ede9aaa3-4627-494e-be13-4aa7c256148d | Azure API Center Compliance Manager | Allows managing API compliance in Azure API Center service. | add |
new Role | 2024-03-25 19:17:46 |
| 6cba8790-29c5-48e5-bab1-c7541b01cb04 | Azure API Center Service Reader | Allows read-only access to Azure API Center service. | add |
new Role | 2024-03-25 19:17:46 |
| dd24193f-ef65-44e5-8a7e-6fa6e03f7713 | Azure API Center Service Contributor | Allows managing Azure API Center service. | add |
new Role | 2024-03-25 19:17:46 |
| 5e93ba01-8f92-4c7a-b12a-801e3df23824 | Kubernetes Agent Operator | Grants Microsoft Defender for Cloud access to Azure Kubernetes Services | add |
new Role | 2024-03-21 18:46:18 |
| cd570a14-e51a-42ad-bac8-bafd67325302 | Azure Connected Machine Resource Administrator | Can read, write, delete and re-onboard Azure Connected Machines. | change |
Actions | 2024-03-19 19:11:48 |
| b6ee44de-fe58-4ddc-b5c2-ab174eb23f05 | CrossConnectionReader | Allows for read access to ExpressRoute CrossConnections | add |
new Role | 2024-03-19 19:11:48 |
| c20923c5-b089-47a5-bf67-fd89569c4ad9 | Azure Programmable Connectivity Gateway Dataplane User | Allows access to all Gateway dataplane APIs. | add |
new Role | 2024-03-19 19:11:48 |
| 399c3b2b-64c2-4ff1-af34-571db925b068 | CrossConnectionManager | Allows for read, write access to ExpressRoute CrossConnections | add |
new Role | 2024-03-19 19:11:48 |
| 3afb7f49-54cb-416e-8c09-6dc049efa503 | Azure AI Inference Deployment Operator | Can perform all actions required to create a resource deployment within a resource group. | change |
Actions | 2024-03-18 18:48:33 |
| 182a574c-b3c6-4acc-b019-48ae44cd4677 | Savings plan Administrator | Lets one read and manage all the savings plans in a tenant | add |
new Role | 2024-03-18 18:48:33 |
| 3d24a3a0-c154-4f6f-a5ed-adc8e01ddb74 | Savings plan Purchaser | Lets you purchase savings plans | add |
new Role | 2024-03-18 18:48:33 |
| 5a382001-fe36-41ff-bba4-8bf06bd54da9 | Azure Sphere Owner | Allows user read and write access to Azure Sphere resources and RBAC configuration, includes an ABAC condition to constrain role assignments. | change |
Actions | 2024-03-13 20:05:30 |
| d534ad90-4ac5-4815-a178-b2e47397baab | Savings plan Reader | Lets you read all savings plans in a tenant | add |
new Role | 2024-03-12 19:09:41 |
| c2a970b4-16a7-4a51-8c84-8a8ea6ee0bb8 | Backup MUA Admin | Backup MultiUser-Authorization. Can create/delete ResourceGuard | add |
new Role | 2024-03-11 18:32:13 |
| f54b6d04-23c6-443e-b462-9c16ab7b4a52 | Backup MUA Operator | Backup MultiUser-Authorization. Allows user to perform critical operation protected by resourceguard | add |
new Role | 2024-03-11 18:32:13 |
| b29efa5f-7782-4dc3-9537-4d5bc70a5e9f | Azure Kubernetes Service Arc Cluster Admin Role | List cluster admin credential action. | add |
new Role | 2024-03-08 20:25:26 |
| 5d3f1697-4507-4d08-bb4a-477695db5f82 | Azure Kubernetes Service Arc Contributor Role | Grants access to read and write Azure Kubernetes Services hybrid clusters | add |
new Role | 2024-03-08 20:25:26 |
| 233ca253-b031-42ff-9fba-87ef12d6b55f | Azure Kubernetes Service Arc Cluster User Role | List cluster user credential action. | add |
new Role | 2024-03-08 20:25:26 |
| 08d4c71a-cc63-4ce4-a9c8-5dd251b4d619 | Azure Container Storage Operator | Role required by a Managed Identity for Azure Container Storage operations | add |
new Role | 2024-03-07 18:45:56 |
| d24ecba3-c1f4-40fa-a7bb-4588a071e8fd | VM Scanner Operator | Role that provides access to disk snapshot for security analysis. | change |
Actions | 2024-03-05 19:57:52 |
| b556d68e-0be0-4f35-a333-ad7ee1ce17ea | Azure AI Enterprise Network Connection Approver | Can approve private endpoint connections to Azure AI common dependency resources | add |
new Role | 2024-03-04 19:12:43 |
| eb5a76d5-50e7-4c33-a449-070e7c9c4cf2 | Health Bot Reader | Users with reader access can sign in, have read-only access to the bot resources, scenarios and configuration setting except for the bot instance keys & secrets (including Authentication, Data Connection and Channels keys) and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). | add |
new Role | 2024-02-29 19:39:33 |
| af854a69-80ce-4ff7-8447-f1118a2e0ca8 | Health Bot Editor | Users with editor access can sign in, view and edit all the bot resources, scenarios and configuration setting except for the bot instance keys & secrets and the end-user inputs (including Feedback, Unrecognized utterances and Conversation logs). A read-only access to the bot skills and channels. | add |
new Role | 2024-02-29 19:39:33 |
| f1082fec-a70f-419f-9230-885d2550fb38 | Health Bot Admin | Users with admin access can sign in, view and edit all of the bot resources, scenarios and configuration setting including the bot instance keys & secrets. | add |
new Role | 2024-02-29 19:39:33 |
| b7b8f583-43d0-40ae-b147-6b46f53661c1 | GeoCatalog Reader | View GeoCatalogs, but does not allow you to make any changes. | add |
new Role | 2024-02-28 19:10:58 |
| c9c97b9c-105d-4bb5-a2a7-7d15666c2484 | GeoCatalog Administrator | Grants full access to manage GeoCatalogs, but does not allow you to assign roles in Azure RBAC. | add |
new Role | 2024-02-28 19:10:58 |
| 539283cd-c185-4a9a-9503-d35217a1db7b | Bayer Ag Powered Services Smart Boundary Solution User Role | Provide access to Smart Boundary Solution by Bayer Ag Powered Services | add |
new Role | 2024-02-28 19:10:58 |
| 6b534d80-e337-47c4-864f-140f5c7f593d | Advisor Recommendations Contributor | Can update status of Advisor recommendations including postpone and dismiss operations. | add |
new Role | 2024-02-27 19:10:44 |
| 7b1f81f9-4196-4058-8aae-762e593270df | Azure Resource Bridge Deployment Role | Azure Resource Bridge Deployment Role | change |
Actions | 2024-02-27 19:10:44 |
| a959dbd1-f747-45e3-8ba6-dd80f235f97c | Desktop Virtualization Virtual Machine Contributor | This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines. | change |
Actions | 2024-02-19 18:47:31 |
| 7b1f81f9-4196-4058-8aae-762e593270df | Azure Resource Bridge Deployment Role | Azure Resource Bridge Deployment Role | change |
Actions | 2024-02-16 19:45:19 |
| 8bb6f106-b146-4ee6-a3f9-b9c5a96e0ae5 | Defender Kubernetes Agent Operator | Grants Microsoft Defender for Cloud permissions to provision the Kubernetes defender security agent | change |
Actions | 2024-02-15 20:37:45 |
| 489581de-a3bd-480d-9518-53dea7416b33 | Desktop Virtualization Power On Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start virtual machines. | change |
Description, Actions | 2024-02-13 19:27:42 |
| e2217c0e-04bb-4724-9580-91cf9871bc01 | GroupQuota Request Operator | Read and create GroupQuota requests, get GroupQuota request status, and get groupQuotaLimits. | add |
new Role | 2024-02-12 19:44:46 |
| d0f495dc-44ef-4140-aeb0-b89110e6a7c1 | GroupQuota Reader | Read GroupQuota requests, get GroupQuota request status, and get groupQuotaLimits. | add |
new Role | 2024-02-12 19:44:46 |
| 40c5ff49-9181-41f8-ae61-143b0e78555e | Desktop Virtualization Power On Off Contributor | Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. | change |
Description, Actions | 2024-02-09 20:16:20 |
| 5a382001-fe36-41ff-bba4-8bf06bd54da9 | Azure Sphere Owner | Allows user read and write access to Azure Sphere resources and RBAC configuration, includes an ABAC condition to constrain role assignments. | add |
new Role | 2024-02-05 19:34:05 |
| be7a6435-15ae-4171-8f30-4a343eff9e8f | Azure RedHat OpenShift Network Operator Role | Enables permissions to install and upgrade the networking components on an OpenShift cluster. | add |
new Role | 2024-01-31 19:57:40 |
| 4436bae4-7702-4c84-919b-c4069ff25ee2 | Azure RedHat OpenShift Service Operator | The ARO Operator is responsible for maintaining features, checks, and resources that are specific to an Azure Red Hat OpenShift cluster's continued functionality as a managed service. This includes, but is not limited to, machine management and health, network configuration, and monitoring. | add |
new Role | 2024-01-31 19:57:40 |
| 5b7237c5-45e1-49d6-bc18-a1f62f400748 | Azure RedHat OpenShift Storage Operator Role | Enables permissions to set OpenShift cluster-wide storage defaults. It ensures a default storageclass exists for clusters. It also installs Container Storage Interface (CSI) drivers which enable your cluster to use various storage backends. | add |
new Role | 2024-01-31 19:57:40 |
| 8b32b316-c2f5-4ddf-b05b-83dacd2d08b5 | Azure RedHat OpenShift Image Registry Operator Role | Enables permissions for the operator to manage a singleton instance of the OpenShift image registry. It manages all configuration of the registry, including creating storage. | add |
new Role | 2024-01-31 19:57:40 |
| 0336e1d3-7a87-462b-b6db-342b63f7802c | Azure RedHat OpenShift Cluster Ingress Operator Role | Enables permissions for the operator to configure and manage the OpenShift router. | add |
new Role | 2024-01-31 19:57:40 |
| 0358943c-7e01-48ba-8889-02cc51d78637 | Azure RedHat OpenShift Machine API Operator Role | Enables permissions for the operator to manage the lifecycle of specific purpose custom resource definitions (CRD), controllers, and RBAC objects that extend the Kubernetes API. This declares the desired state of machines in a cluster. | add |
new Role | 2024-01-31 19:57:40 |
| a1f96423-95ce-4224-ab27-4e3dc72facd4 | Azure RedHat OpenShift Cloud Controller Manager Role | Enables permissions for the operator to manage and update the cloud controller managers deployed on top of OpenShift. | add |
new Role | 2024-01-31 19:57:40 |
| 0d7aedc0-15fd-4a67-a412-efad370c947e | Azure RedHat OpenShift Azure Files Storage Operator Role | Enables permissions to set OpenShift cluster-wide storage defaults. It ensures a default storageclass exists for clusters. It also installs Container Storage Interface (CSI) drivers which enable your cluster to use Azure Files. | add |
new Role | 2024-01-31 19:57:40 |
| 3e150937-b8fe-4cfb-8069-0eaf05ecd056 | Microsoft Sentinel Responder | Microsoft Sentinel Responder | change |
Actions | 2024-01-30 18:39:38 |
| 8bb6f106-b146-4ee6-a3f9-b9c5a96e0ae5 | Defender Kubernetes Agent Operator | Grants Microsoft Defender for Cloud permissions to provision the Kubernetes defender security agent | add |
new Role | 2024-01-30 18:39:38 |
| 662802e2-50f6-46b0-aed2-e834bacc6d12 | Azure Front Door Profile Reader | Can view AFD standard and premium profiles and their endpoints, but can't make changes. | change |
Actions | 2024-01-29 19:36:00 |
| 6d994134-994b-4a59-9974-f479f0b227fb | Azure Sphere Publisher | Allows user to read and download Azure Sphere resources and upload images. | change |
Actions | 2024-01-29 19:36:00 |
| 8f96442b-4075-438f-813d-ad51ab4019af | CDN Profile Reader | Can view CDN profiles and their endpoints, but can't make changes. | change |
Actions | 2024-01-29 19:36:00 |
| a6333a3e-0164-44c3-b281-7a577aff287f | Windows Admin Center Administrator Login | Let's you manage the OS of your resource via Windows Admin Center as an administrator. | change |
Actions | 2024-01-25 19:32:38 |
| 7b1f81f9-4196-4058-8aae-762e593270df | Azure Resource Bridge Deployment Role | Azure Resource Bridge Deployment Role | change |
Actions | 2024-01-25 19:32:38 |
| dfb2f09d-25f8-4558-8986-497084006d7a | Azure impact-insight reader | built-in role for azure impact-insight read access | add |
new Role | 2024-01-22 17:48:15 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
Actions | 2024-01-17 19:06:08 |
| c7244dfb-f447-457d-b2ba-3999044d1706 | Azure API Center Data Reader | Allows for access to Azure API Center data plane read operations. | add |
new Role | 2024-01-15 18:27:13 |
| 05352d14-a920-4328-a0de-4cbe7430e26b | Azure Center for SAP solutions reader | This role provides read access to all capabilities of Azure Center for SAP solutions. | change |
Actions | 2024-01-15 18:27:13 |
| 52fd16bd-6ed5-46af-9c40-29cbd7952a29 | Azure Spring Apps Managed Components Log Reader Role | Read real-time logs for all managed components in Azure Spring Apps | add |
new Role | 2024-01-12 18:35:30 |
| 6593e776-2a30-40f9-8a32-4fe28b77655d | Azure Spring Apps Application Configuration Service Log Reader Role | Read real-time logs for Application Configuration Service in Azure Spring Apps | add |
new Role | 2024-01-12 18:35:30 |
| d57506d4-4c8d-48b1-8587-93c323f6a5a3 | Azure Digital Twins Data Reader | Read-only role for Digital Twins data-plane properties | change |
DataActions | 2024-01-12 18:35:30 |
| 4301dc2a-25a9-44b0-ae63-3636cf7f2bd2 | Azure Spring Apps Spring Cloud Gateway Log Reader Role | Read real-time logs for Spring Cloud Gateway in Azure Spring Apps | add |
new Role | 2024-01-12 18:35:30 |
| 207bcc4b-86a6-4487-9141-d6c1f4c238aa | Azure Edge On-Site Deployment Engineer | Grants you access to take actions as an on-site person to assist in the provisioning of an edge device | add |
new Role | 2024-01-12 18:35:30 |
| a316ed6d-1efe-48ac-ac08-f7995a9c26fb | Storage Account Encryption Scope Contributor Role | Allows management of Encryption Scopes on a Storage Account | add |
new Role | 2024-01-11 19:44:58 |
| 230815da-be43-4aae-9cb4-875f7bd000aa | Cosmos DB Operator | Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings. | change |
NotActions | 2024-01-11 18:35:40 |
| db79e9a7-68ee-4b58-9aeb-b90e7c24fcba | Key Vault Certificate User | Read certificate contents. Only works for key vaults that use the 'Azure role-based access control' permission model. | add |
new Role | 2024-01-11 18:35:40 |
| f5819b54-e033-4d82-ac66-4fec3cbf3f4c | Azure Connected Machine Resource Manager | Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group | change |
Actions | 2024-01-08 19:16:18 |
| 609c0c20-e0a0-4a71-b99f-e7e755ac493d | Azure Programmable Connectivity Gateway User | Allows access to all Gateway dataplane APIs. | add |
new Role | 2024-01-08 19:16:18 |
| 08bbd89e-9f13-488c-ac41-acfcb10c90ab | Key Vault Crypto Service Release User | Release keys. Only works for key vaults that use the 'Azure role-based access control' permission model. | add |
new Role | 2023-12-18 19:01:56 |
| 0cd9749a-3aaf-4ae5-8803-bd217705bf3b | KubernetesRuntime Storage Class Contributor Role | Read, write, and delete KubernetesRuntime storage classes in an Arc connected Kubernetes cluster | add |
new Role | 2023-12-18 19:01:56 |
| 44f0a1a8-6fea-4b35-980a-8ff50c487c97 | Operator Nexus Key Vault Writer Service Role (Preview) | (Preview) Provides Azure Operator Nexus services the ability to write to a Key Vault. This role is in preview and subject to change. | add |
new Role | 2023-12-12 19:47:54 |
| e6aadb6b-e64f-41c0-9392-d2bba3bc3ebc | Community Reader Role | Community Reader Role to access the resources of Microsoft.Mission stored with RPSAAS. | add |
new Role | 2023-12-11 19:27:11 |
| 19feefae-eacc-4106-81fd-ac34c0671f14 | Enclave Contributor Role | Enclave Contributor Role to access the resources of Microsoft.Mission stored with RPSAAS. | add |
new Role | 2023-12-11 19:27:11 |
| 8f96442b-4075-438f-813d-ad51ab4019af | CDN Profile Reader | Can view CDN profiles and their endpoints, but can't make changes. | change |
Actions | 2023-12-08 20:47:31 |
| 3d5f3eff-eb94-473d-91e3-7aac74d6c0bb | Enclave Owner Role | Enclave Owner Role to access the resources of Microsoft.Mission stored with RPSAAS. | add |
new Role | 2023-12-06 18:52:54 |
| a9b99099-ead7-47db-8fcf-072597a61dfa | Bayer Ag Powered Services CWUM Solution | Provide access to CWUM Solution by Bayer Ag Powered Services | change |
DisplayName, DataActions | 2023-12-05 19:46:52 |
| c4bc862a-3b64-4a35-a021-a380c159b042 | Bayer Ag Powered Services GDU Solution | Provide access to GDU Solution by Bayer Ag Powered Services | change |
DataActions | 2023-12-05 19:46:52 |
| ef29765d-0d37-4119-a4f8-f9f9902c9588 | Bayer Ag Powered Services Imagery Solution | Provide access to Imagery Solution by Bayer Ag Powered Services | change |
DataActions | 2023-12-05 19:46:52 |
| 8508508a-4469-4e45-963b-2518ee0bb728 | AgFood Platform Service Contributor | Provides contribute access to AgFood Platform Service | change |
NotDataActions | 2023-12-04 18:39:01 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
Actions | 2023-12-01 19:16:58 |
| b5092dac-c796-4349-8681-1a322a31c3f9 | Azure Kubernetes Service Hybrid Cluster Admin Role | List cluster admin credential action. | add |
new Role | 2023-12-01 19:16:58 |
| 5e0bd9bd-7b93-4f28-af87-19fc36ad61bd | Cognitive Services OpenAI User | Ability to view files, models, deployments. Readers are able to call inference operations such as chat completions and image generation. | change |
DataActions | 2023-12-01 19:16:58 |
| fc3f91a1-40bf-4439-8c46-45edbd83563a | Azure Kubernetes Service Hybrid Cluster User Role | List cluster user credential action. | add |
new Role | 2023-12-01 19:16:58 |
| e7037d40-443a-4434-a3fb-8cd202011e1d | Azure Kubernetes Service Hybrid Contributor Role | Grants access to read and write Azure Kubernetes Services hybrid clusters | add |
new Role | 2023-12-01 19:16:58 |
| 86fede04-b259-4277-8c3e-e26b9865abd8 | Enclave Reader Role | Enclave Reader Role to access the resources of Microsoft.Mission stored with RPSAAS. | add |
new Role | 2023-11-29 17:00:20 |
| bda0d508-adf1-4af0-9c28-88919fc3ae06 | Azure Stack HCI Administrator | Grants full access to the cluster and its resources, including the ability to register Azure Stack HCI and assign others as Azure Arc HCI VM Contributor and/or Azure Arc HCI VM Reader | change |
Actions | 2023-11-28 19:20:58 |
| 7b1f81f9-4196-4058-8aae-762e593270df | Azure Resource Bridge Deployment Role | Azure Resource Bridge Deployment Role | change |
Actions | 2023-11-28 19:20:58 |
| 662802e2-50f6-46b0-aed2-e834bacc6d12 | Azure Front Door Profile Reader | Can view AFD standard and premium profiles and their endpoints, but can't make changes. | add |
new Role | 2023-11-16 20:21:34 |
| cd570a14-e51a-42ad-bac8-bafd67325302 | Azure Connected Machine Resource Administrator | Can read, write, delete and re-onboard Azure Connected Machines. | change |
Actions | 2023-11-14 18:15:11 |
| 9894cab4-e18a-44aa-828b-cb588cd6f2d7 | Cognitive Services Face Recognizer | Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices. | change |
DataActions | 2023-11-13 16:45:45 |
| 18e40d4e-8d2e-438d-97e1-9528336e149c | Deployment Environments User | Provides access to manage environment resources. | change |
Actions, NotActions, DataActions | 2023-11-13 16:45:45 |
| be1a1ac2-09d3-4261-9e57-a73a6e227f53 | Procurement Contributor | Lets you manage the procurement of products and services. | change |
Actions | 2023-11-13 16:45:45 |
| bda0d508-adf1-4af0-9c28-88919fc3ae06 | Azure Stack HCI Administrator | Grants full access to the cluster and its resources, including the ability to register Azure Stack HCI and assign others as Azure Arc HCI VM Contributor and/or Azure Arc HCI VM Reader | change |
DisplayName, Description, Actions | 2023-11-10 19:40:28 |
| 64702f94-c441-49e6-a78b-ef80e0188fee | Azure AI Developer | Can perform all actions within an Azure AI resource besides managing the resource itself. | change |
Actions | 2023-11-09 19:39:25 |
| 4dae6930-7baf-46f5-909e-0383bc931c46 | Azure Customer Lockbox Approver for Subscription | Can approve Microsoft support requests to access specific resources contained within a subscription, or the subscription itself, when Customer Lockbox for Microsoft Azure is enabled on the tenant where the subscription resides. - in Private Preview, not intended for general use. | change |
Description, Actions | 2023-11-08 19:40:34 |
| a8d4b70f-0fb9-4f72-b267-b87b2f990aec | AgFood Platform Dataset Admin | Provides access to Dataset APIs | add |
new Role | 2023-11-07 19:42:08 |
| 7b3e853f-ad5d-4fb5-a7b8-56a3581c7037 | IPAM Pool Contributor | Read IPAM Pools and child resources. Create and remove associations. This role is in preview and subject to change. | change |
Actions | 2023-11-06 19:41:11 |
| 7b1f81f9-4196-4058-8aae-762e593270df | Azure Resource Bridge Deployment Role | Azure Resource Bridge Deployment Role | change |
Actions | 2023-11-01 19:03:09 |
| ce551c02-7c42-47e0-9deb-e3b6fc3a9a83 | Azure Arc VMware Private Cloud User | Azure Arc VMware Private Cloud User has permissions to use the VMware cloud resources to deploy VMs. | change |
Actions | 2023-11-01 19:03:09 |
| c64499e0-74c3-47ad-921c-13865957895c | Advisor Reviews Reader | View reviews for a workload and recommendations linked to them. | add |
new Role | 2023-10-31 19:02:52 |
| 65a14201-8f6c-4c28-bec4-12619c5a9aaa | Connected Cluster Managed Identity CheckAccess Reader | Built-in role that allows a Connected Cluster managed identity to call the checkAccess API | add |
new Role | 2023-10-31 19:02:52 |
| 8aac15f0-d885-4138-8afa-bfb5872f7d13 | Advisor Reviews Contributor | View reviews for a workload and triage recommendations linked to them. | add |
new Role | 2023-10-31 19:02:52 |
| d5a91429-5739-47e2-a06b-3470a27159e7 | EventGrid Data Sender | Allows send access to event grid events. | change |
Actions | 2023-10-30 19:02:12 |
| 1d8c3fe3-8864-474b-8749-01e3783e8157 | EventGrid Data Contributor | Allows send and receive access to event grid events. | add |
new Role | 2023-10-30 19:02:12 |
| 3afb7f49-54cb-416e-8c09-6dc049efa503 | Azure AI Inference Deployment Operator | Can perform all actions required to create a resource deployment within a resource group. | add |
new Role | 2023-10-30 19:02:12 |
| 78cbd9e7-9798-4e2e-9b5a-547d9ebb31fb | EventGrid Data Receiver | Allows receive access to event grid events. | add |
new Role | 2023-10-30 19:02:12 |
| 865ae368-6a45-4bd1-8fbf-0d5151f56fc1 | Azure Stack HCI Device Management Role | Microsoft.AzureStackHCI Device Management Role | change |
Actions | 2023-10-30 19:02:12 |
| 64702f94-c441-49e6-a78b-ef80e0188fee | Azure AI Developer | Can perform all actions within an Azure AI resource besides managing the resource itself. | change |
Actions, NotActions | 2023-10-30 19:02:12 |
| eb960402-bf75-4cc3-8d68-35b34f960f72 | Deployment Environments Reader | Provides read access to environment resources. | add |
new Role | 2023-10-27 18:02:03 |
| 66f75aeb-eabe-4b70-9f1e-c350c4c9ad04 | Virtual Machine Data Access Administrator (preview) | Add or remove virtual machine data plane role assignments. Includes an ABAC condition to constrain role assignments. | add |
new Role | 2023-10-25 19:09:31 |
| 4dae6930-7baf-46f5-909e-0383bc931c46 | Azure Customer Lockbox Approver for Subscription | Can approve Microsoft support requests to access specific resources contained within a subscription, or the subscription itself, when Customer Lockbox for Microsoft Azure is enabled on the tenant where the subscription resides. | change |
Actions | 2023-10-24 17:35:13 |
| a12b0b94-b317-4dcd-84a8-502ce99884c6 | EventGrid TopicSpaces Publisher | Lets you publish messages on topicspaces. | change |
Actions | 2023-10-23 17:41:36 |
| 64702f94-c441-49e6-a78b-ef80e0188fee | Azure AI Developer | Can perform all actions within an Azure AI resource besides managing the resource itself. | add |
new Role | 2023-10-23 17:41:36 |
| 874d1c73-6003-4e60-a13a-cb31ea190a85 | Azure Stack HCI VM Contributor | Grants permissions to perform all VM actions | add |
new Role | 2023-10-23 17:41:36 |
| 4b0f2fd7-60b4-4eca-896f-4435034f8bf5 | EventGrid TopicSpaces Subscriber | Lets you subscribe messages on topicspaces. | change |
Actions | 2023-10-23 17:41:36 |
| 4b3fe76c-f777-4d24-a2d7-b027b0f7b273 | Azure Stack HCI VM Reader | Grants permissions to view VMs | add |
new Role | 2023-10-20 18:13:02 |
| 45d50f46-0b78-4001-a660-4198cbe8cd05 | DevCenter Dev Box User | Provides access to create and manage dev boxes. | change |
DataActions | 2023-10-20 18:13:02 |
| 865ae368-6a45-4bd1-8fbf-0d5151f56fc1 | Azure Stack HCI Device Management Role | Microsoft.AzureStackHCI Device Management Role | add |
new Role | 2023-10-17 16:35:42 |
| 7b1f81f9-4196-4058-8aae-762e593270df | Azure Resource Bridge Deployment Role | Azure Resource Bridge Deployment Role | add |
new Role | 2023-10-17 16:35:42 |
| 18e40d4e-8d2e-438d-97e1-9528336e149c | Deployment Environments User | Provides access to manage environment resources. | change |
DataActions | 2023-10-17 16:35:42 |
| 331c37c6-af14-46d9-b9f4-e1909e1b95a0 | DevCenter Project Admin | Provides access to manage project resources. | change |
DataActions | 2023-10-17 16:35:42 |
| ea01e6af-a1c1-4350-9563-ad00f8c72ec5 | Azure Machine Learning Workspace Connection Secrets Reader | Can list workspace connection secrets | add |
new Role | 2023-10-16 18:01:31 |
| 4dae6930-7baf-46f5-909e-0383bc931c46 | Azure Customer Lockbox Approver for Subscription | Can approve Microsoft support requests to access specific resources contained within a subscription, or the subscription itself, when Customer Lockbox for Microsoft Azure is enabled on the tenant where the subscription resides. | add |
new Role | 2023-10-16 18:01:31 |
| be1a1ac2-09d3-4261-9e57-a73a6e227f53 | Procurement Contributor | Lets you manage the procurement of products and services. | change |
Actions | 2023-10-11 18:00:02 |
| e582369a-e17b-42a5-b10c-874c387c530b | Azure Arc ScVmm VM Contributor | Arc ScVmm VM Contributor has permissions to perform all VM actions. | change |
Actions | 2023-10-09 18:04:57 |
| 38863829-c2a4-4f8d-b1d2-2e325973ebc7 | Landing Zone Management Owner | Microsoft.Sovereign Landing Zone Management Owner allowing to review and modify Landing Zone Configurations as well as reading and adding Landing Zone Registrations. Also enables read-access to policies and management groups for enabling the full user experience of the Sovereign Services RP in the Azure Portal (as otherwise some elements might not be accessible to end users). | add |
new Role | 2023-10-09 18:04:57 |
| c0781e91-8102-4553-8951-97c6d4243cda | Azure Arc ScVmm Private Cloud User | Azure Arc ScVmm Private Cloud User has permissions to use the ScVmm resources to deploy VMs. | change |
Actions | 2023-10-09 18:04:57 |
| a92dfd61-77f9-4aec-a531-19858b406c87 | Azure Arc ScVmm Administrator role | Arc ScVmm VM Administrator has permissions to perform all ScVmm actions. | change |
Actions | 2023-10-09 18:04:57 |
| 8b54135c-b56d-4d72-a534-26097cfdc8d8 | Key Vault Data Access Administrator (preview) | Manage access to Azure Key Vault by adding or removing role assignments for the Key Vault Administrator, Key Vault Certificates Officer, Key Vault Crypto Officer, Key Vault Crypto Service Encryption User, Key Vault Crypto User, Key Vault Reader, Key Vault Secrets Officer, or Key Vault Secrets User roles. Includes an ABAC condition to constrain role assignments. | change |
Description, Actions | 2023-10-09 18:04:57 |
| 8fe6e843-6d9e-417b-9073-106b048f50bb | Landing Zone Management Reader | Microsoft.Sovereign Landing Zone Management Reader allowing to review Landing Zone Configurations and corresponding Registrations without the ability to modify. Also enables read-access to policies and management groups for enabling the full user experience of the Sovereign Services RP in the Azure Portal (as otherwise some elements might not be accessible to end users). | add |
new Role | 2023-10-09 18:04:57 |
| a12b0b94-b317-4dcd-84a8-502ce99884c6 | EventGrid TopicSpaces Publisher | Lets you publish messages on topicspaces. | change |
Actions | 2023-10-04 17:59:02 |
| 4b0f2fd7-60b4-4eca-896f-4435034f8bf5 | EventGrid TopicSpaces Subscriber | Lets you subscribe messages on topicspaces. | change |
Actions | 2023-10-04 17:59:02 |
| 8a90fa6b-6997-4a07-8a95-30633a7c97b9 | DeID Batch Data Owner | Create and manage DeID batch jobs. This role is in preview and subject to change. | add |
new Role | 2023-10-02 18:00:08 |
| b73a14ee-91f5-41b7-bd81-920e12466be9 | DeID Batch Data Reader | Read DeID batch jobs. This role is in preview and subject to change. | add |
new Role | 2023-10-02 18:00:08 |
| bb6577c4-ea0a-40b2-8962-ea18cb8ecd4e | DeID Realtime Data User | Execute requests against DeID realtime endpoint. This role is in preview and subject to change. | add |
new Role | 2023-10-02 18:00:08 |
| fa0d39e6-28e5-40cf-8521-1eb320653a4c | Carbon Optimization Reader | Allow read access to Azure Carbon Optimization data | add |
new Role | 2023-10-02 18:00:08 |
| ffc6bbe0-e443-4c3b-bf54-26581bb2f78e | App Compliance Automation Reader | Read, download the reports objects and related other resource objects. | change |
Actions | 2023-09-27 18:00:22 |
| a12b0b94-b317-4dcd-84a8-502ce99884c6 | EventGrid TopicSpaces Publisher | Lets you publish messages on topicspaces. | add |
new Role | 2023-09-26 18:00:52 |
| 4b0f2fd7-60b4-4eca-896f-4435034f8bf5 | EventGrid TopicSpaces Subscriber | Lets you subscribe messages on topicspaces. | add |
new Role | 2023-09-26 18:00:52 |
| d1a38570-4b05-4d70-b8e4-1100bcf76d12 | Data Boundary Tenant Administrator | Allows tenant level administration for data boundaries. | add |
new Role | 2023-09-26 18:00:52 |
| 8b54135c-b56d-4d72-a534-26097cfdc8d8 | Key Vault Data Access Administrator (preview) | Add or remove key vault data plane role assignments and read resources of all types, except secrets. Includes an ABAC condition to constrain role assignments. | add |
new Role | 2023-09-20 18:01:08 |
| be1a1ac2-09d3-4261-9e57-a73a6e227f53 | Procurement Contributor | Lets you manage the procurement of products and services. | add |
new Role | 2023-09-20 18:01:08 |
| 49435da6-99fe-48a5-a235-fc668b9dc04a | Community Contributor Role | Community Contributor Role to access the resources of Microsoft.Mission stored with RPSAAS. | add |
new Role | 2023-09-18 18:02:09 |
| 0b962ed2-6d56-471c-bd5f-3477d83a7ba4 | Azure Resource Notifications System Topics Subscriber | Lets you create system topics and event subscriptions on all system topics exposed currently and in the future by Azure Resource Notifications | change |
Actions | 2023-09-12 18:02:26 |
| 1c4770c0-34f7-4110-a1ea-a5855cc7a939 | Elastic SAN Snapshot Exporter | Allows for creating and exporting Snapshot of Elastic San Volume | add |
new Role | 2023-09-07 18:00:07 |
| 90e8b822-3e73-47b5-868a-787dc80c008f | Elastic SAN Volume Importer | Allows for Importing Elastic San Volume | add |
new Role | 2023-09-07 18:00:07 |
| fd036e6b-1266-47a0-b0bb-a05d04831731 | HDInsight on AKS Cluster Admin | Grants a user/group the ability to create, delete and manage clusters within a given cluster pool. Cluster Admin can also run workloads, monitor, and manage all user activity on these clusters. | change |
Actions | 2023-09-05 17:58:04 |
| 0b962ed2-6d56-471c-bd5f-3477d83a7ba4 | Azure Resource Notifications System Topics Subscriber | Lets you create system topics and event subscriptions on all system topics exposed currently and in the future by Azure Resource Notifications | add |
new Role | 2023-09-04 17:59:09 |
| b748a06d-6150-4f8a-aaa9-ce3940cd96cb | Azure Arc VMware VM Contributor | Arc VMware VM Contributor has permissions to perform all VM actions. | change |
Actions | 2023-09-01 18:00:14 |
| 7656b436-37d4-490a-a4ab-d39f838f0042 | HDInsight on AKS Cluster Pool Admin | Can read, create, modify and delete HDInsight on AKS cluster pools and create clusters | add |
new Role | 2023-09-01 18:00:14 |
| ddc140ed-e463-4246-9145-7c664192013f | Azure Arc VMware Administrator role | Arc VMware VM Contributor has permissions to perform all connected VMwarevSphere actions. | change |
Actions | 2023-09-01 18:00:14 |
| a001fd3d-188f-4b5d-821b-7da978bf7442 | Cognitive Services OpenAI Contributor | Full access including the ability to fine-tune, deploy and generate text | change |
Actions | 2023-08-28 18:01:04 |
| e9c9ed2b-2a99-4071-b2ff-5b113ebf73a1 | SpatialMapsAccounts Account Owner | Lets you manage data in your account, including deleting them | add |
new Role | 2023-08-25 17:59:51 |
| fd036e6b-1266-47a0-b0bb-a05d04831731 | HDInsight on AKS Cluster Admin | Grants a user/group the ability to create, delete and manage clusters within a given cluster pool. Cluster Admin can also run workloads, monitor, and manage all user activity on these clusters. | add |
new Role | 2023-08-25 17:59:51 |
| d5a2ae44-610b-4500-93be-660a0c5f5ca6 | Kubernetes Agentless Operator | Grants Microsoft Defender for Cloud access to Azure Kubernetes Services | change |
Actions | 2023-08-25 17:59:51 |
| fd53cd77-2268-407a-8f46-7e7863d0f521 | SignalR REST API Owner | Full access to Azure SignalR Service REST APIs | change |
DataActions | 2023-08-24 18:00:23 |
| 7e4f1700-ea5a-4f59-8f37-079cfe29dce3 | SignalR Service Owner | Full access to Azure SignalR Service REST APIs | change |
DataActions | 2023-08-24 18:00:23 |
| 7b3e853f-ad5d-4fb5-a7b8-56a3581c7037 | IPAM Pool Contributor | Read IPAM Pools and child resources. Create and remove associations. This role is in preview and subject to change. | add |
new Role | 2023-08-23 18:03:21 |
| df2711a6-406d-41cf-b366-b0250bff9ad1 | Compute Diagnostics Role | Grants permissions to execute diagnostics provided by Compute Diagnostic Service for Compute Resources. | change |
Actions | 2023-08-23 18:03:21 |
| 67d33e57-3129-45e6-bb0b-7cc522f762fa | Azure Arc VMware Private Clouds Onboarding | Azure Arc VMware Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vCenter instances to Azure. | change |
Actions | 2023-08-21 17:58:08 |
| b748a06d-6150-4f8a-aaa9-ce3940cd96cb | Azure Arc VMware VM Contributor | Arc VMware VM Contributor has permissions to perform all VM actions. | change |
Actions | 2023-08-21 17:58:08 |
| 5a1fc7df-4bf1-4951-a576-89034ee01acd | FHIR Data Contributor | Role allows user or principal full access to FHIR Data | change |
NotDataActions | 2023-08-21 17:58:08 |
| f2dc8367-1007-4938-bd23-fe263f013447 | Cognitive Services Speech User | Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models. | change |
DataActions | 2023-08-14 17:58:07 |
| 4accf36b-2c05-432f-91c8-5c532dff4c73 | Logic Apps Standard Reader (Preview) | View Only Access to all resources including workflow history and workflow run. | add |
new Role | 2023-08-14 17:58:07 |
| 0e75ca1e-0464-4b4d-8b93-68208a576181 | Cognitive Services Speech Contributor | Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice. | change |
DataActions | 2023-08-14 17:58:07 |
| 5e0bd9bd-7b93-4f28-af87-19fc36ad61bd | Cognitive Services OpenAI User | Ability to view files, models, deployments. Readers are able to call inference operations such as chat completions and image generation. | change |
Description, DataActions | 2023-08-14 17:58:07 |
| d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da | API Management Service Workspace API Product Manager | Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope. | change |
Actions | 2023-08-14 17:58:07 |
| 523776ba-4eb2-4600-a3c8-f2dc93da4bdb | Logic Apps Standard Developer (Preview) | Allows developers to create and update workflows, API connections in a logic app standard app. | add |
new Role | 2023-08-14 17:58:07 |
| ad710c24-b039-4e85-a019-deb4a06e8570 | Logic Apps Standard Contributor (Preview) | Let you manage all aspects of logic app standard app, but no change of ownership | add |
new Role | 2023-08-14 17:58:07 |
| b70c96e9-66fe-4c09-b6e7-c98e69c98555 | Logic Apps Standard Operator (Preview) | Access a logic app standard and all workflows and resubmit/enable/disable workflow/configure api connections and network. But no changes in the workflow. | add |
new Role | 2023-08-14 17:58:07 |
| c088a766-074b-43ba-90d4-1fb21feae531 | PostgreSQL Flexible Server Long Term Retention Backup Role | Role to allow backup vault to access PostgreSQL Flexible Server Resource APIs for Long Term Retention Backup. | add |
new Role | 2023-08-04 18:00:07 |
| a959dbd1-f747-45e3-8ba6-dd80f235f97c | Desktop Virtualization Virtual Machine Contributor | This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines. | change |
Actions | 2023-08-01 17:56:13 |
| a02f7c31-354d-4106-865a-deedf37fa038 | Search Parameter Manager | Role allows user or principal access to $status and $reindex to update search parameters | add |
new Role | 2023-07-31 17:57:12 |
| 3f88fce4-5892-4214-ae73-ba5294559913 | FHIR Data Writer | Role allows user or principal to read and write FHIR Data | change |
DataActions, NotDataActions | 2023-07-26 17:56:11 |
| fa6cecf6-5db3-4c43-8470-c540bcb4eafa | Elastic SAN Network Admin | Allows access to create Private Endpoints on SAN resources, and to read SAN resources | change |
Actions | 2023-07-25 17:56:05 |
| ffc6bbe0-e443-4c3b-bf54-26581bb2f78e | App Compliance Automation Reader | Read, download the reports objects and related other resource objects. | change |
Actions | 2023-07-19 17:56:20 |
| 00c29273-979b-4161-815c-10b084fb9324 | Backup Operator | Lets you manage backup services, except removal of backup, vault creation and giving access to others | change |
Actions | 2023-07-18 17:56:23 |
| bba48692-92b0-4667-a9ad-c31c7b334ac2 | Cognitive Services Usages Reader | Minimal permission to view Cognitive Services usages. | add |
new Role | 2023-07-18 17:56:23 |
| a795c7a0-d4a2-40c1-ae25-d81f01202912 | Backup Reader | Can view backup services, but can't make changes | change |
Actions | 2023-07-18 17:56:23 |
| df2711a6-406d-41cf-b366-b0250bff9ad1 | Compute Diagnostics Role | Grants permissions to execute diagnostics provided by Compute Diagnostic Service for Compute Resources. | add |
new Role | 2023-07-17 17:56:11 |
| fa6cecf6-5db3-4c43-8470-c540bcb4eafa | Elastic SAN Network Admin | Allows access to create Private Endpoints on SAN resources, and to read SAN resources | add |
new Role | 2023-07-12 18:02:00 |
| 1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40 | Defender for Storage Data Scanner | Grants access to read blobs and update index tags. This role is used by the data scanner of Defender for Storage. | change |
DisplayName, Description, Actions, DataActions | 2023-07-11 17:57:31 |
| b24988ac-6180-42a0-ab88-20f7382dd24c | Contributor | Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. | change |
Description, NotActions | 2023-07-10 18:02:27 |
| fb1c8493-542b-48eb-b624-b4c8fea62acd | Security Admin | Security Admin Role | change |
Actions | 2023-06-28 17:49:18 |
| 331c37c6-af14-46d9-b9f4-e1909e1b95a0 | DevCenter Project Admin | Provides access to manage project resources. | change |
DataActions | 2023-06-26 17:52:14 |
| 7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 | Azure Center for SAP solutions administrator | This role provides read and write access to all capabilities of Azure Center for SAP solutions. | change |
Actions | 2023-06-22 17:48:48 |
| 1e7ca9b1-60d1-4db8-a914-f2ca1ff27c40 | Storage Data Scanner | Grants all permissions needed for a storage data scanner. | add |
new Role | 2023-06-22 17:48:48 |
| 331c37c6-af14-46d9-b9f4-e1909e1b95a0 | DevCenter Project Admin | Provides access to manage project resources. | change |
DataActions | 2023-06-19 17:44:59 |
| a959dbd1-f747-45e3-8ba6-dd80f235f97c | Desktop Virtualization Virtual Machine Contributor | This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines. | change |
Actions | 2023-06-19 17:44:59 |
| 1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63 | Desktop Virtualization User | Allows user to use the applications in an application group. | change |
DataActions | 2023-06-19 17:44:59 |
| 9c1607d1-791d-4c68-885d-c7b7aaff7c8a | Firmware Analysis Admin | Upload and analyze firmware images in Defender for IoT | add |
new Role | 2023-06-13 17:47:24 |
| a4417e6f-fecd-4de8-b567-7b0420556985 | Key Vault Certificates Officer | Perform any action on the certificates of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. | change |
DisplayName, DataActions | 2023-06-12 17:45:13 |
| 331c37c6-af14-46d9-b9f4-e1909e1b95a0 | DevCenter Project Admin | Provides access to manage project resources. | change |
Actions, NotActions, DataActions | 2023-06-09 17:46:24 |
| 7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 | Azure Center for SAP solutions administrator | This role provides read and write access to all capabilities of Azure Center for SAP solutions. | change |
Actions | 2023-06-06 18:29:25 |
| 1f135831-5bbe-4924-9016-264044c00788 | Windows365NetworkInterfaceContributor | Create NICs and join it to virtual machine in another tenant. This role is used in Windows365 scenarios. | change |
Actions | 2023-06-06 18:29:25 |
| 05352d14-a920-4328-a0de-4cbe7430e26b | Azure Center for SAP solutions reader | This role provides read access to all capabilities of Azure Center for SAP solutions. | change |
Actions | 2023-06-06 18:29:25 |
| 5e0bd9bd-7b93-4f28-af87-19fc36ad61bd | Cognitive Services OpenAI User | Ability to view files, models, deployments. Readers can't make any changes They can inference | change |
DataActions | 2023-05-31 17:45:21 |
| f6c7c914-8db3-469d-8ca1-694a8f32e121 | AzureML Data Scientist | Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself. | change |
Actions, NotActions | 2023-05-31 17:45:21 |
| ffc6bbe0-e443-4c3b-bf54-26581bb2f78e | App Compliance Automation Reader | Read, download the reports objects and related other resource objects. | change |
Description, Actions | 2023-05-30 17:42:57 |
| 5e28a61e-8040-49db-b175-bb5b88af6239 | Community Owner Role | Community Owner Role to access the resources of Microsoft.Mission stored with RPSAAS. | add |
new Role | 2023-05-29 17:43:01 |
| 0f37683f-2463-46b6-9ce7-9b788b988ba2 | App Compliance Automation Administrator | Create, read, download, modify and delete reports objects and related other resource objects. | change |
Actions | 2023-05-26 17:43:10 |
| 00c29273-979b-4161-815c-10b084fb9324 | Backup Operator | Lets you manage backup services, except removal of backup, vault creation and giving access to others | change |
Actions | 2023-05-22 17:42:39 |
| a92dfd61-77f9-4aec-a531-19858b406c87 | Azure Arc ScVmm Administrator role | Arc ScVmm VM Administrator has permissions to perform all ScVmm actions. | change |
Actions | 2023-05-22 17:42:39 |
| c0781e91-8102-4553-8951-97c6d4243cda | Azure Arc ScVmm Private Cloud User | Azure Arc ScVmm Private Cloud User has permissions to use the ScVmm resources to deploy VMs. | change |
Actions | 2023-05-22 17:42:39 |
| 6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9 | Azure Arc ScVmm Private Clouds Onboarding | Azure Arc ScVmm Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vmm server instances to Azure. | change |
Actions | 2023-05-22 17:42:39 |
| e582369a-e17b-42a5-b10c-874c387c530b | Azure Arc ScVmm VM Contributor | Arc ScVmm VM Contributor has permissions to perform all VM actions. | change |
Actions | 2023-05-22 17:42:39 |
| 5e467623-bb1f-42f4-a55d-6e525e11384b | Backup Contributor | Lets you manage backup service,but can't create vaults and give access to others | change |
Actions | 2023-05-19 17:43:13 |
| a795c7a0-d4a2-40c1-ae25-d81f01202912 | Backup Reader | Can view backup services, but can't make changes | change |
Actions | 2023-05-19 17:43:13 |
| 36243c78-bf99-498c-9df9-86d9f8d28608 | Resource Policy Contributor | Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. | change |
Actions | 2023-05-17 17:42:19 |
| 0f37683f-2463-46b6-9ce7-9b788b988ba2 | App Compliance Automation Administrator | Create, read, download, modify and delete reports objects and related other resource objects. | change |
Description, Actions | 2023-05-17 17:42:19 |
| 7ac06ca7-21ca-47e3-a67b-cbd6e6223baf | Cognitive Search Serverless Data Contributor | Create, read, modify and delete Cognitive Search serverless index schema and documents. This role is in preview and subject to change. | add |
new Role | 2023-05-16 17:42:34 |
| 79b01272-bf9f-4f4c-9517-5506269cf524 | Cognitive Search Serverless Data Reader | Read Cognitive Search serverless index schema and documents. This role is in preview and subject to change. | add |
new Role | 2023-05-16 17:42:34 |
| c8ae6279-5a0b-4cb2-b3f0-d4d62845742c | Azure Sphere Reader | Allows user to read Azure Sphere resources. | change |
Actions | 2023-05-15 17:41:20 |
| d18ad5f3-1baf-4119-b49b-d944edb1f9d0 | MySQL Backup And Export Operator | Grants full access to manage backup and export resources | change |
Actions | 2023-05-15 17:41:20 |
| 6d994134-994b-4a59-9974-f479f0b227fb | Azure Sphere Publisher | Allows user to read and download Azure Sphere resources and upload images. | change |
Actions | 2023-05-15 17:41:20 |
| e9b8712a-cbcf-4ea7-b0f7-e71b803401e6 | SaaS Hub Contributor | SaaS Hub contributor can manage SaaS Hub resource | add |
new Role | 2023-05-15 17:41:20 |
| f5819b54-e033-4d82-ac66-4fec3cbf3f4c | Azure Connected Machine Resource Manager | Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group | change |
Actions | 2023-05-12 17:41:49 |
| 3498e952-d568-435e-9b2c-8d77e338d7f7 | Azure Kubernetes Service RBAC Admin | Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. | change |
DataActions, NotDataActions | 2023-05-10 17:43:09 |
| 0f37683f-2463-46b6-9ce7-9b788b988ba2 | App Compliance Automation Administrator | App Compliance Automation Administrator Role | change |
Actions | 2023-05-09 17:44:18 |
| 6d994134-994b-4a59-9974-f479f0b227fb | Azure Sphere Publisher | Allows user to read and download Azure Sphere resources and upload images. | add |
new Role | 2023-05-08 17:44:42 |
| 3498e952-d568-435e-9b2c-8d77e338d7f7 | Azure Kubernetes Service RBAC Admin | Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. | change |
DataActions, NotDataActions | 2023-05-08 17:44:42 |
| 8b9dfcab-4b77-4632-a6df-94bd07820648 | Azure Sphere Contributor | Allows user read and write access to Azure Sphere resources. | change |
Actions | 2023-05-08 17:44:42 |
| c8ae6279-5a0b-4cb2-b3f0-d4d62845742c | Azure Sphere Reader | Allows user to read Azure Sphere resources. | add |
new Role | 2023-05-08 17:44:42 |
| 8b9dfcab-4b77-4632-a6df-94bd07820648 | Azure Sphere Contributor | Allows user read and write access to Azure Sphere resources. | add |
new Role | 2023-05-02 17:41:10 |
| 7f6c6a51-bcf8-42ba-9220-52d62157d7db | Azure Kubernetes Service RBAC Reader | Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. | change |
DataActions | 2023-04-25 17:42:26 |
| a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb | Azure Kubernetes Service RBAC Writer | Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces. | change |
DataActions | 2023-04-25 17:42:26 |
| 0f37683f-2463-46b6-9ce7-9b788b988ba2 | App Compliance Automation Administrator | App Compliance Automation Administrator Role | change |
Actions | 2023-04-24 17:40:59 |
| 7eabc9a4-85f7-4f71-b8ab-75daaccc1033 | Windows365NetworkUser | Read the virtual network informations, and join the virtual network to virtual machine in another tenant. This role is used in Windows365 scenarios. | change |
Actions | 2023-04-18 17:44:30 |
| d5a2ae44-610b-4500-93be-660a0c5f5ca6 | Kubernetes Agentless Operator | Grants Microsoft Defender for Cloud access to Azure Kubernetes Services | change |
Actions | 2023-04-17 17:43:03 |
| 0f37683f-2463-46b6-9ce7-9b788b988ba2 | App Compliance Automation Administrator | App Compliance Automation Administrator Role | add |
new Role | 2023-04-14 17:43:17 |
| ffc6bbe0-e443-4c3b-bf54-26581bb2f78e | App Compliance Automation Reader | App Compliance Automation Reader Role | add |
new Role | 2023-04-14 17:43:17 |
| 5e0bd9bd-7b93-4f28-af87-19fc36ad61bd | Cognitive Services OpenAI User | Ability to view files, models, deployments. Readers can't make any changes They can inference | change |
DataActions | 2023-04-12 17:42:01 |
| b8eda974-7b85-4f76-af95-65846b26df6d | Storage File Data Privileged Reader | Customer has read access on Azure Storage file shares. | change |
DataActions | 2023-04-10 17:41:51 |
| 69566ab7-960f-475b-8e7c-b3118f30c6bd | Storage File Data Privileged Contributor | Customer has read, write, delete and modify NTFS permission access on Azure Storage file shares. | change |
DataActions | 2023-04-10 17:41:51 |
| d5a2ae44-610b-4500-93be-660a0c5f5ca6 | Kubernetes Agentless Operator | Grants Microsoft Defender for Cloud access to Azure Kubernetes Services | change |
Actions | 2023-04-07 17:41:18 |
| d6470a16-71bd-43ab-86b3-6f3a73f4e787 | Azure Maps Power BI Service Role | This role can be used to assign read and batch actions on Azure Maps. | add |
new Role | 2023-04-04 17:42:37 |
| 69566ab7-960f-475b-8e7c-b3118f30c6bd | Storage File Data Privileged Contributor | Customer has read, write, delete and modify NTFS permission access on Azure Storage file shares. | add |
new Role | 2023-04-03 17:54:29 |
| b8eda974-7b85-4f76-af95-65846b26df6d | Storage File Data Privileged Reader | Customer has read access on Azure Storage file shares. | add |
new Role | 2023-04-03 17:54:29 |
| bda0d508-adf1-4af0-9c28-88919fc3ae06 | Azure Stack HCI registration role | Custom Azure role to allow subscription-level access to register Azure Stack HCI | change |
Actions | 2023-03-29 17:43:30 |
| 45d50f46-0b78-4001-a660-4198cbe8cd05 | DevCenter Dev Box User | Provides access to create and manage dev boxes. | change |
Actions, DataActions | 2023-03-27 17:43:06 |
| 3d55a8f6-4133-418d-8051-facdb1735758 | Windows365SubscriptionReader | Read subscriptions, images, azure firewalls. This role is used in Windows365 scenarios. | add |
new Role | 2023-03-27 17:43:06 |
| 1f135831-5bbe-4924-9016-264044c00788 | Windows365NetworkInterfaceContributor | Create NICs and join it to virtual machine in another tenant. This role is used in Windows365 scenarios. | add |
new Role | 2023-03-27 17:43:06 |
| 7eabc9a4-85f7-4f71-b8ab-75daaccc1033 | Windows365NetworkUser | Read the virtual network informations, and join the virtual network to virtual machine in another tenant. This role is used in Windows365 scenarios. | add |
new Role | 2023-03-27 17:43:06 |
| 9894cab4-e18a-44aa-828b-cb588cd6f2d7 | Cognitive Services Face Recognizer | Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices. | change |
DataActions | 2023-03-24 19:17:30 |
| d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da | API Management Service Workspace API Product Manager | Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope. | add |
new Role | 2023-03-22 18:43:07 |
| 56328988-075d-4c6a-8766-d93edd6725b6 | API Management Workspace API Developer | Has read access to entities in the workspace and read and write access to entities for editing APIs. This role should be assigned on the workspace scope. | add |
new Role | 2023-03-22 18:43:07 |
| ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2 | API Management Workspace Reader | Has read-only access to entities in the workspace. This role should be assigned on the workspace scope. | add |
new Role | 2023-03-22 18:43:07 |
| 73c2c328-d004-4c5e-938c-35c6f5679a1f | API Management Workspace API Product Manager | Has read access to entities in the workspace and read and write access to entities for publishing APIs. This role should be assigned on the workspace scope. | add |
new Role | 2023-03-22 18:43:07 |
| 9565a273-41b9-4368-97d2-aeb0c976a9b3 | API Management Service Workspace API Developer | Has read access to tags and products and write access to allow: assigning APIs to products, assigning tags to products and APIs. This role should be assigned on the service scope. | add |
new Role | 2023-03-22 18:43:07 |
| 0c34c906-8d99-4cb7-8bb7-33f5b0a1a799 | API Management Workspace Contributor | Can manage the workspace and view, but not modify its members. This role should be assigned on the workspace scope. | add |
new Role | 2023-03-22 18:43:07 |
| c4bc862a-3b64-4a35-a021-a380c159b042 | Bayer Ag Powered Services GDU Solution | Provide access to GDU Solution by Bayer Ag Powered Services | change |
DisplayName, DataActions | 2023-03-20 18:43:03 |
| ef29765d-0d37-4119-a4f8-f9f9902c9588 | Bayer Ag Powered Services Imagery Solution | Provide access to Imagery Solution by Bayer Ag Powered Services | change |
DisplayName, DataActions | 2023-03-20 18:43:03 |
| 7392c568-9289-4bde-aaaa-b7131215889d | Azure Extension for SQL Server Deployment | Microsoft.AzureArcData service role to enable deployment of Azure Extension for SQL Server | change |
Actions | 2023-03-17 18:44:06 |
| bda0d508-adf1-4af0-9c28-88919fc3ae06 | Azure Stack HCI registration role | Custom Azure role to allow subscription-level access to register Azure Stack HCI | change |
Actions | 2023-03-16 18:42:42 |
| a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2 | LocalNGFirewallAdministrator role | Allows user to create, modify, describe, or delete NGFirewalls. | change |
Actions | 2023-03-14 18:45:47 |
| f6c7c914-8db3-469d-8ca1-694a8f32e121 | AzureML Data Scientist | Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself. | change |
Actions | 2023-03-14 18:45:47 |
| 7392c568-9289-4bde-aaaa-b7131215889d | Azure Extension for SQL Server Deployment | Microsoft.AzureArcData service role to enable deployment of Azure Extension for SQL Server | add |
new Role | 2023-03-10 20:21:10 |
| 056cd41c-7e88-42e1-933e-88ba6a50c9c3 | SQL Security Manager | Lets you manage the security-related policies of SQL servers and databases, but not access to them. | change |
Actions | 2023-03-03 18:43:27 |
| 7628b7b8-a8b2-4cdc-b46f-e9b35248918e | Cognitive Services Language Reader | Has access to Read and Test functions under Language portal | change |
DataActions | 2023-03-01 18:49:20 |
| 5e467623-bb1f-42f4-a55d-6e525e11384b | Backup Contributor | Lets you manage backup service,but can't create vaults and give access to others | change |
Actions | 2023-02-27 18:48:02 |
| d5a2ae44-610b-4500-93be-660a0c5f5ca6 | Kubernetes Agentless Operator | Grants Microsoft Defender for Cloud access to Azure Kubernetes Services | add |
new Role | 2023-02-24 18:48:53 |
| ae8036db-e102-405b-a1b9-bae082ea436d | SqlVM Migration Role | Role for SqlVM migration | add |
new Role | 2023-02-22 18:54:52 |
| 1d335eef-eee1-47fe-a9e0-53214eba8872 | SqlMI Migration Role | Role for SqlMI migration | add |
new Role | 2023-02-22 18:54:52 |
| bfc3b73d-c6ff-45eb-9a5f-40298295bf20 | LocalRulestacksAdministrator role | Allows users to create, modify, describe, or delete Rulestacks. | change |
Actions | 2023-02-22 18:54:52 |
| 189207d4-bb67-4208-a635-b06afe8b2c57 | SqlDb Migration Role | Role for SqlDb migration | add |
new Role | 2023-02-22 18:54:52 |
| a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2 | LocalNGFirewallAdministrator role | Allows user to create, modify, describe, or delete NGFirewalls. | change |
Actions | 2023-02-22 18:54:52 |
| 5e467623-bb1f-42f4-a55d-6e525e11384b | Backup Contributor | Lets you manage backup service,but can't create vaults and give access to others | change |
Actions | 2023-02-17 18:39:13 |
| a9b99099-ead7-47db-8fcf-072597a61dfa | Bayer Ag Powered Services CWUM Solution Service Role | Provide access to CWUM Solution by Bayer Ag Powered Services | add |
new Role | 2023-02-16 18:41:08 |
| d18ad5f3-1baf-4119-b49b-d944edb1f9d0 | MySQL Backup And Export Operator | Grants full access to manage backup and export resources | add |
new Role | 2023-02-15 18:39:56 |
| 4447db05-44ed-4da3-ae60-6cbece780e32 | Chamber User | Lets you view everything under your Modeling and Simulation Workbench chamber, but not make any changes. | change |
Actions, DataActions | 2023-02-13 18:41:36 |
| a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2 | LocalNGFirewallAdministrator role | Allows user to create, modify, describe, or delete NGFirewalls. | add |
new Role | 2023-02-13 18:41:36 |
| 4e9b8407-af2e-495b-ae54-bb60a55b1b5a | Chamber Admin | Lets you manage everything under your Modeling and Simulation Workbench chamber. | change |
Actions, NotActions, DataActions | 2023-02-13 18:41:36 |
| bfc3b73d-c6ff-45eb-9a5f-40298295bf20 | LocalRulestacksAdministrator role | Allows users to create, modify, describe, or delete Rulestacks. | add |
new Role | 2023-02-13 18:41:36 |
| 1afdec4b-e479-420e-99e7-f82237c7c5e6 | Azure Kubernetes Service Cluster Monitoring User | List cluster monitoring user credential action. | change |
Actions | 2023-02-07 18:38:52 |
| bda0d508-adf1-4af0-9c28-88919fc3ae06 | Azure Stack HCI registration role | Custom Azure role to allow subscription-level access to register Azure Stack HCI | add |
new Role | 2023-02-06 18:40:05 |
| 7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 | Azure Center for SAP solutions administrator | This role provides read and write access to all capabilities of Azure Center for SAP solutions. | change |
Actions, DataActions | 2023-02-06 18:40:05 |
| 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b | App Configuration Data Owner | Allows full access to App Configuration data. | change |
DataActions | 2023-02-06 18:40:05 |
| aabbc5dd-1af0-458b-a942-81af88f9c138 | Azure Center for SAP solutions service role | Azure Center for SAP solutions service role - This role is intended to be used for providing the permissions to user assigned managed identity. Azure Center for SAP solutions will use this identity to deploy and manage SAP systems. | change |
Actions | 2023-02-03 18:39:00 |
| 3f2eb865-5811-4578-b90a-6fc6fa0df8e5 | Azure Front Door Secret Contributor | Can manage Azure Front Door secrets, but can't grant access to other users. | add |
new Role | 2023-02-03 18:39:00 |
| 05352d14-a920-4328-a0de-4cbe7430e26b | Azure Center for SAP solutions reader | This role provides read access to all capabilities of Azure Center for SAP solutions. | change |
Actions | 2023-02-03 18:39:00 |
| 0105a6b0-4bb9-43d2-982a-12806f9faddb | Azure Center for SAP solutions Service role for management | This role has permissions that the user assigned managed identity must have to enable registration for the existing systems. | add |
new Role | 2023-02-03 18:39:00 |
| 0ab34830-df19-4f8c-b84e-aa85b8afa6e8 | Azure Front Door Domain Contributor | Can manage Azure Front Door domains, but can't grant access to other users. | add |
new Role | 2023-02-03 18:39:00 |
| 6d949e1d-41e2-46e3-8920-c6e4f31a8310 | Azure Center for SAP solutions Management role | This role has permissions which allow users to register existing systems, view and manage systems. | add |
new Role | 2023-02-03 18:39:00 |
| 0db238c4-885e-4c4f-a933-aa2cef684fca | Azure Front Door Secret Reader | Can view Azure Front Door secrets, but can't make changes. | add |
new Role | 2023-02-03 18:39:00 |
| 0f99d363-226e-4dca-9920-b807cf8e1a5f | Azure Front Door Domain Reader | Can view Azure Front Door domains, but can't make changes. | add |
new Role | 2023-02-03 18:39:00 |
| f0310ce6-e953-4cf8-b892-fb1c87eaf7f6 | Azure Usage Billing Data Sender | Azure Usage Billing shared BuiltIn role to be used for all Customer Account Authentication | add |
new Role | 2023-01-30 18:40:55 |
| 8508508a-4469-4e45-963b-2518ee0bb728 | AgFood Platform Service Contributor | Provides contribute access to AgFood Platform Service | change |
NotDataActions | 2023-01-24 18:06:32 |
| ef29765d-0d37-4119-a4f8-f9f9902c9588 | Bayer Ag Powered Services Imagery Solution Service Role | Provide access to Imagery Solution by Bayer Ag Powered Services | add |
new Role | 2023-01-19 18:07:47 |
| c4bc862a-3b64-4a35-a021-a380c159b042 | Bayer Ag Powered Services GDU Solution Service Role | Provide access to GDU Solution by Bayer Ag Powered Services | add |
new Role | 2023-01-19 18:07:47 |
| aabbc5dd-1af0-458b-a942-81af88f9c138 | Azure Center for SAP solutions service role | Azure Center for SAP solutions service role - This role is intended to be used for providing the permissions to user assigned managed identity. Azure Center for SAP solutions will use this identity to deploy and manage SAP systems. | change |
Actions | 2023-01-18 18:07:15 |
| 7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 | Azure Center for SAP solutions administrator | This role provides read and write access to all capabilities of Azure Center for SAP solutions. | change |
Actions | 2023-01-18 18:07:15 |
| 05352d14-a920-4328-a0de-4cbe7430e26b | Azure Center for SAP solutions reader | This role provides read access to all capabilities of Azure Center for SAP solutions. | change |
Actions | 2023-01-18 18:07:15 |
| 4447db05-44ed-4da3-ae60-6cbece780e32 | Chamber User | Lets you view everything under your Modeling and Simulation Workbench chamber, but not make any changes. | change |
Description, Actions, DataActions | 2023-01-16 18:05:52 |
| 4e9b8407-af2e-495b-ae54-bb60a55b1b5a | Chamber Admin | Lets you manage everything under your Modeling and Simulation Workbench chamber. | change |
Description, Actions, NotActions, DataActions | 2023-01-16 18:05:52 |
| 230815da-be43-4aae-9cb4-875f7bd000aa | Cosmos DB Operator | Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings. | change |
NotActions | 2023-01-16 18:05:52 |
| 45d50f46-0b78-4001-a660-4198cbe8cd05 | DevCenter Dev Box User | Provides access to create and manage dev boxes. | change |
DataActions | 2023-01-12 18:29:24 |
| ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b | ContainerApp Reader | View all containerapp resources, but does not allow you to make any changes. | add |
new Role | 2023-01-02 18:09:36 |
| 8508508a-4469-4e45-963b-2518ee0bb728 | AgFood Platform Service Contributor | Provides contribute access to AgFood Platform Service | change |
NotDataActions | 2022-12-13 17:44:15 |
| 7ec7ccdc-f61e-41fe-9aaf-980df0a44eba | AgFood Platform Service Reader | Provides read access to AgFood Platform Service | change |
DataActions | 2022-12-13 17:44:15 |
| b279062a-9be3-42a0-92ae-8b3cf002ec4d | Workbook Reader | Can read workbooks. | change |
Actions | 2022-12-12 17:45:20 |
| 056cd41c-7e88-42e1-933e-88ba6a50c9c3 | SQL Security Manager | Lets you manage the security-related policies of SQL servers and databases, but not access to them. | change |
Actions | 2022-12-12 17:45:20 |
| e8ddcd69-c73f-4f9f-9844-4100522f16ad | Workbook Contributor | Can save shared workbooks. | change |
Actions | 2022-12-12 17:45:20 |
| 51d6186e-6489-4900-b93f-92e23144cca5 | Microsoft Sentinel Playbook Operator | Microsoft Sentinel Playbook Operator | change |
Actions | 2022-12-08 17:44:50 |
| a6333a3e-0164-44c3-b281-7a577aff287f | Windows Admin Center Administrator Login | Let's you manage the OS of your resource via Windows Admin Center as an administrator. | change |
Actions, DataActions | 2022-12-08 17:44:50 |
| 0e5f05e5-9ab9-446b-b98d-1e2157c94125 | Quota Request Operator | Read and create quota requests, get quota request status, and create support tickets. | change |
DisplayName, Description, Actions | 2022-12-08 17:44:50 |
| 4ba50f17-9666-485c-a643-ff00808643f0 | FHIR SMART User | Role allows user to access FHIR Service according to SMART on FHIR specification | change |
DataActions | 2022-12-08 17:44:50 |
| 1afdec4b-e479-420e-99e7-f82237c7c5e6 | Azure Kubernetes Service Cluster Monitoring User | List cluster monitoring user credential action. | add |
new Role | 2022-11-16 17:42:38 |
| 056cd41c-7e88-42e1-933e-88ba6a50c9c3 | SQL Security Manager | Lets you manage the security-related policies of SQL servers and databases, but not access to them. | change |
Actions | 2022-11-16 17:42:38 |
| f5819b54-e033-4d82-ac66-4fec3cbf3f4c | Azure Connected Machine Resource Manager | Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group | change |
Actions | 2022-11-16 17:42:38 |
| f5819b54-e033-4d82-ac66-4fec3cbf3f4c | Azure Connected Machine Resource Manager | Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group | add |
new Role | 2022-11-15 17:42:13 |
| 36e80216-a7e8-4f42-a7e1-f12c98cbaf8a | Impact Reporter | Allows access to create/report, read and delete impacts | add |
new Role | 2022-11-14 17:43:02 |
| ce551c02-7c42-47e0-9deb-e3b6fc3a9a83 | Azure Arc VMware Private Cloud User | Azure Arc VMware Private Cloud User has permissions to use the VMware cloud resources to deploy VMs. | change |
Actions | 2022-11-14 17:43:02 |
| 05352d14-a920-4328-a0de-4cbe7430e26b | Azure Center for SAP solutions reader | This role provides read access to all capabilities of Azure Center for SAP solutions. | add |
new Role | 2022-11-14 17:43:02 |
| aabbc5dd-1af0-458b-a942-81af88f9c138 | Azure Center for SAP solutions service role | Azure Center for SAP solutions service role - This role is intended to be used for providing the permissions to user assigned managed identity. Azure Center for SAP solutions will use this identity to deploy and manage SAP systems. | add |
new Role | 2022-11-14 17:43:02 |
| 7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 | Azure Center for SAP solutions administrator | This role provides read and write access to all capabilities of Azure Center for SAP solutions. | add |
new Role | 2022-11-14 17:43:02 |
| 68ff5d27-c7f5-4fa9-a21c-785d0df7bd9e | Impact Reader | Allows read-only access to reported impacts and impact categories | add |
new Role | 2022-11-14 17:43:02 |
| 2837e146-70d7-4cfd-ad55-7efa6464f958 | CodeSigning Certificate Profile Signer | Sign files with a certificate profile. This role is in preview and subject to change. | change |
Actions | 2022-11-03 17:41:51 |
| 4339b7cf-9826-4e41-b4ed-c7f4505dac08 | Code Signing Identity Verifier | Manage identity or business verification requests. This role is in preview and subject to change. | change |
Actions | 2022-11-02 17:41:52 |
| fbc52c3f-28ad-4303-a892-8a056630b8f1 | Azure Traffic Controller Configuration Manager | Allows access to traffic controller resource. Also allows all confiuration Updates on traffic controller | add |
new Role | 2022-10-28 16:42:56 |
| 5e0bd9bd-7b93-4f28-af87-19fc36ad61bd | Cognitive Services OpenAI User | Ability to view files, models, deployments. Readers can't make any changes They can inference | add |
new Role | 2022-10-27 16:42:48 |
| 4447db05-44ed-4da3-ae60-6cbece780e32 | Chamber User | Lets you view everything under your HPC Workbench chamber, but not make any changes. | change |
Actions | 2022-10-27 16:42:48 |
| a001fd3d-188f-4b5d-821b-7da978bf7442 | Cognitive Services OpenAI Contributor | Full access including the ability to fine-tune, deploy and generate text | add |
new Role | 2022-10-27 16:42:48 |
| 6b77f0a0-0d89-41cc-acd1-579c22c17a67 | AgFood Platform Sensor Partner Contributor | Provides contribute access to manage sensor related entities in AgFood Platform Service | change |
DataActions, NotDataActions | 2022-10-27 16:42:48 |
| 4ba50f17-9666-485c-a643-ff00808643f0 | FHIR SMART User | Role allows user to access FHIR Service according to SMART on FHIR specification | add |
new Role | 2022-10-26 16:44:05 |
| 51d6186e-6489-4900-b93f-92e23144cca5 | Microsoft Sentinel Playbook Operator | Microsoft Sentinel Playbook Operator | change |
Actions | 2022-10-24 16:44:14 |
| 00c29273-979b-4161-815c-10b084fb9324 | Backup Operator | Lets you manage backup services, except removal of backup, vault creation and giving access to others | change |
Actions | 2022-10-14 16:34:33 |
| 5e467623-bb1f-42f4-a55d-6e525e11384b | Backup Contributor | Lets you manage backup service,but can't create vaults and give access to others | change |
Actions | 2022-10-14 16:34:33 |
| a795c7a0-d4a2-40c1-ae25-d81f01202912 | Backup Reader | Can view backup services, but can't make changes | change |
Actions | 2022-10-14 16:34:33 |
| a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb | Azure Kubernetes Service RBAC Writer | Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces. | change |
Actions | 2022-10-13 16:34:55 |
| 7f6c6a51-bcf8-42ba-9220-52d62157d7db | Azure Kubernetes Service RBAC Reader | Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. | change |
Actions | 2022-10-13 16:34:55 |
| 3498e952-d568-435e-9b2c-8d77e338d7f7 | Azure Kubernetes Service RBAC Admin | Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. | change |
Actions | 2022-10-13 16:34:55 |
| b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b | Azure Kubernetes Service RBAC Cluster Admin | Lets you manage all resources in the cluster. | change |
Actions | 2022-10-13 16:34:55 |
| 331c37c6-af14-46d9-b9f4-e1909e1b95a0 | DevCenter Project Admin | Provides access to manage project resources. | change |
DataActions | 2022-10-12 16:34:55 |
| 18e40d4e-8d2e-438d-97e1-9528336e149c | Deployment Environments User | Provides access to manage environment resources. | change |
DisplayName, Description, Actions | 2022-10-12 16:34:55 |
| a795c7a0-d4a2-40c1-ae25-d81f01202912 | Backup Reader | Can view backup services, but can't make changes | change |
Actions | 2022-09-28 16:34:30 |
| 5e467623-bb1f-42f4-a55d-6e525e11384b | Backup Contributor | Lets you manage backup service,but can't create vaults and give access to others | change |
Actions | 2022-09-28 16:34:30 |
| 67d33e57-3129-45e6-bb0b-7cc522f762fa | Azure Arc VMware Private Clouds Onboarding | Azure Arc VMware Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vCenter instances to Azure. | change |
Actions | 2022-09-27 16:35:31 |
| e503ece1-11d0-4e8e-8e2c-7a6c3bf38815 | AzureML Compute Operator | Can access and perform CRUD operations on Machine Learning Services managed compute resources (including Notebook VMs). | add |
new Role | 2022-09-27 16:35:31 |
| 1823dd4f-9b8c-4ab6-ab4e-7397a3684615 | AzureML Registry User | Can perform all actions on Machine Learning Services Registry assets as well as get Registry resources. | add |
new Role | 2022-09-27 16:35:31 |
| 331c37c6-af14-46d9-b9f4-e1909e1b95a0 | DevCenter Project Admin | Provides access to manage project resources. | change |
DataActions | 2022-09-27 16:35:31 |
| 51d6186e-6489-4900-b93f-92e23144cca5 | Microsoft Sentinel Playbook Operator | Microsoft Sentinel Playbook Operator | change |
Actions | 2022-09-26 16:35:37 |
| 18e40d4e-8d2e-438d-97e1-9528336e149c | Microsoft.DevCenter Deployment Environments User | Microsoft.DevCenter Deployment Environments User. | add |
new Role | 2022-09-26 16:35:37 |
| 00c29273-979b-4161-815c-10b084fb9324 | Backup Operator | Lets you manage backup services, except removal of backup, vault creation and giving access to others | change |
Actions | 2022-09-26 16:35:37 |
| 80558df3-64f9-4c0f-b32d-e5094b036b0b | Azure Spring Apps Connect Role | Azure Spring Apps Connect Role | add |
new Role | 2022-09-23 16:35:48 |
| a99b0159-1064-4c22-a57b-c9b3caa1c054 | Azure Spring Apps Remote Debugging Role | Azure Spring Apps Remote Debugging Role | add |
new Role | 2022-09-23 16:35:48 |
| 51d6186e-6489-4900-b93f-92e23144cca5 | Microsoft Sentinel Playbook Operator | Microsoft Sentinel Playbook Operator | add |
new Role | 2022-09-20 16:36:14 |
| 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c | Management Group Contributor | Management Group Contributor Role | change |
Actions | 2022-09-19 16:35:35 |
| ac63b705-f282-497d-ac71-919bf39d939d | Management Group Reader | Management Group Reader Role | change |
Actions | 2022-09-19 16:35:35 |
| b8b15564-4fa6-4a59-ab12-03e1d9594795 | Autonomous Development Platform Data Contributor (Preview) | Grants permissions to upload and manage new Autonomous Development Platform measurements. | change |
DataActions | 2022-09-15 16:34:33 |
| 7e4f1700-ea5a-4f59-8f37-079cfe29dce3 | SignalR Service Owner | Full access to Azure SignalR Service REST APIs | change |
DataActions | 2022-09-15 16:34:33 |
| c6decf44-fd0a-444c-a844-d653c394e7ab | Data Labeling - Labeler | Can label data in Labeling. | add |
new Role | 2022-09-09 16:35:25 |
| 392ae280-861d-42bd-9ea5-08ee6d83b80e | Template Spec Reader | Allows read access to Template Specs at the assigned scope. | add |
new Role | 2022-09-08 16:34:42 |
| d57506d4-4c8d-48b1-8587-93c323f6a5a3 | Azure Digital Twins Data Reader | Read-only role for Digital Twins data-plane properties | change |
DisplayName, DataActions | 2022-09-08 16:34:42 |
| bcd981a7-7f74-457b-83e1-cceb9e632ffe | Azure Digital Twins Data Owner | Full access role for Digital Twins data-plane | change |
DisplayName, DataActions | 2022-09-08 16:34:42 |
| 1c9b6475-caf0-4164-b5a1-2142a7116f4b | Template Spec Contributor | Allows full access to Template Spec operations at the assigned scope. | add |
new Role | 2022-09-08 16:34:42 |
| f58310d9-a9f6-439a-9e8d-f62e7b41a168 | Role Based Access Control Administrator (Preview) | Manage access to Azure resources by assigning roles using Azure RBAC. This role does not allow you to manage access using other ways, such as Azure Policy. | add |
new Role | 2022-09-07 16:35:18 |
| 43d0d8ad-25c7-4714-9337-8ba259a9fe05 | Monitoring Reader | Can read all monitoring data. | change |
DataActions | 2022-09-06 17:33:15 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
DataActions | 2022-09-06 17:33:15 |
| 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b | Web Plan Contributor | Lets you manage the web plans for websites, but not access to them. | change |
Actions | 2022-09-05 16:34:39 |
| 5af6afb3-c06c-4fa4-8848-71a8aee05683 | Azure Kubernetes Fleet Manager RBAC Writer | Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces. | change |
Description, DataActions | 2022-08-29 16:36:36 |
| 30b27cfc-9c84-438e-b0ce-70e35255df80 | Azure Kubernetes Fleet Manager RBAC Reader | Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. | change |
DataActions | 2022-08-29 16:36:36 |
| 434fb43a-c01c-447e-9f67-c3ad923cfaba | Azure Kubernetes Fleet Manager RBAC Admin | This role grants admin access - provides write permissions on most objects within a a namespace, with the exception of ResourceQuota object and the namespace object itself. Applying this role at cluster scope will give access across all namespaces. | change |
DataActions | 2022-08-29 16:36:36 |
| ba79058c-0414-4a34-9e42-c3399d80cd5a | Kubernetes Namespace User | Allows a user to read namespace resources and retrieve kubeconfig for the cluster | add |
new Role | 2022-08-24 16:35:21 |
| 30b27cfc-9c84-438e-b0ce-70e35255df80 | Azure Kubernetes Fleet Manager RBAC Reader | Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. | add |
new Role | 2022-08-22 16:34:26 |
| b0d8363b-8ddd-447d-831f-62ca05bff136 | Monitoring Data Reader | Can read all monitoring data. | add |
new Role | 2022-08-22 16:34:26 |
| 5af6afb3-c06c-4fa4-8848-71a8aee05683 | Azure Kubernetes Fleet Manager RBAC Writer | Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces. | add |
new Role | 2022-08-22 16:34:26 |
| 434fb43a-c01c-447e-9f67-c3ad923cfaba | Azure Kubernetes Fleet Manager RBAC Admin | This role grants admin access - provides write permissions on most objects within a a namespace, with the exception of ResourceQuota object and the namespace object itself. Applying this role at cluster scope will give access across all namespaces. | add |
new Role | 2022-08-22 16:34:26 |
| 18ab4d3d-a1bf-4477-8ad9-8359bc988f69 | Azure Kubernetes Fleet Manager RBAC Cluster Admin | Lets you manage all resources in the fleet manager cluster. | add |
new Role | 2022-08-22 16:34:26 |
| 63bb64ad-9799-4770-b5c3-24ed299a07bf | Azure Kubernetes Fleet Manager Contributor Role | Grants access to read and write Azure Kubernetes Fleet Manager clusters | add |
new Role | 2022-08-22 16:34:26 |
| a2c4a527-7dc0-4ee3-897b-403ade70fafb | Video Indexer Restricted Viewer | Has access to view and search through all video's insights and transcription in the Video Indexer portal. No access to model customization, embedding of widget, downloading videos, or sharing the account. | add |
new Role | 2022-08-10 16:33:37 |
| ab8e14d6-4a74-4a29-9ba8-549422addade | Microsoft Sentinel Contributor | Microsoft Sentinel Contributor | change |
DisplayName, Description, NotActions | 2022-08-02 16:33:17 |
| 3e150937-b8fe-4cfb-8069-0eaf05ecd056 | Microsoft Sentinel Responder | Microsoft Sentinel Responder | change |
DisplayName, Description, NotActions | 2022-08-02 16:33:17 |
| 8d289c81-5878-46d4-8554-54e1e3d8b5cb | Microsoft Sentinel Reader | Microsoft Sentinel Reader | change |
NotActions | 2022-08-02 16:33:17 |
| 4339b7cf-9826-4e41-b4ed-c7f4505dac08 | Code Signing Identity Verifier | Manage identity or business verification requests. This role is in preview and subject to change. | add |
new Role | 2022-07-29 16:32:42 |
| 5e467623-bb1f-42f4-a55d-6e525e11384b | Backup Contributor | Lets you manage backup service,but can't create vaults and give access to others | change |
Actions | 2022-07-25 16:32:45 |
| 45d50f46-0b78-4001-a660-4198cbe8cd05 | DevCenter Dev Box User | Provides access to create and manage dev boxes. | change |
Actions, DataActions | 2022-07-25 16:32:45 |
| 331c37c6-af14-46d9-b9f4-e1909e1b95a0 | DevCenter Project Admin | Provides access to manage project resources. | change |
Actions, NotActions, DataActions | 2022-07-25 16:32:45 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
DataActions | 2022-07-25 16:32:45 |
| af6a70f8-3c9f-4105-acf1-d719e9fca4ca | Elastic San Reader | Read Azure Elastic SAN and all sub-resources | change |
Actions | 2022-07-21 16:31:45 |
| a8281131-f312-4f34-8d98-ae12be9f0d23 | Elastic San Volume Group Owner | Lets you manage a volume group in elastic san account | change |
Actions | 2022-07-21 16:31:45 |
| 489581de-a3bd-480d-9518-53dea7416b33 | Desktop Virtualization Power On Contributor | This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to start virtual machines. | add |
new Role | 2022-07-18 16:33:50 |
| a959dbd1-f747-45e3-8ba6-dd80f235f97c | Desktop Virtualization Virtual Machine Contributor | This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines. | add |
new Role | 2022-07-18 16:33:50 |
| 40c5ff49-9181-41f8-ae61-143b0e78555e | Desktop Virtualization Power On Off Contributor | This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. | add |
new Role | 2022-07-18 16:33:50 |
| a6333a3e-0164-44c3-b281-7a577aff287f | Windows Admin Center Administrator Login | Let's you manage the OS of your resource via Windows Admin Center as an administrator. | change |
Actions, DataActions | 2022-07-13 16:33:16 |
| 43d0d8ad-25c7-4714-9337-8ba259a9fe05 | Monitoring Reader | Can read all monitoring data. | change |
DataActions | 2022-07-07 16:32:17 |
| 76cc9ee4-d5d3-4a45-a930-26add3d73475 | Access Review Operator Service Role | Lets you grant Access Review System app permissions to discover and revoke access as needed by the access review process. | add |
new Role | 2022-07-04 16:35:09 |
| a8281131-f312-4f34-8d98-ae12be9f0d23 | Elastic San Volume Group Owner | Lets you manage a volume group in elastic san account | add |
new Role | 2022-07-04 16:35:09 |
| 80dcbedb-47ef-405d-95bd-188a1b4ac406 | Elastic San Contributor | Lets you manage elastic san accounts | change |
Actions | 2022-06-29 16:32:23 |
| eeaeda52-9324-47f6-8069-5d5bade478b2 | Domain Services Contributor | Can manage Azure AD Domain Services and related network configurations | change |
Actions | 2022-06-27 16:32:39 |
| 361898ef-9ed1-48c2-849c-a832951106bb | Domain Services Reader | Can view Azure AD Domain Services and related network configurations | change |
Actions | 2022-06-27 16:32:39 |
| 361898ef-9ed1-48c2-849c-a832951106bb | Domain Services Reader | Can view Azure AD Domain Services and related network configurations | change |
Actions | 2022-06-22 16:32:37 |
| eeaeda52-9324-47f6-8069-5d5bade478b2 | Domain Services Contributor | Can manage Azure AD Domain Services and related network configurations | change |
Actions | 2022-06-22 16:32:37 |
| 7628b7b8-a8b2-4cdc-b46f-e9b35248918e | Cognitive Services Language Reader | Has access to Read and Test functions under Language portal | change |
DataActions | 2022-06-17 16:31:04 |
| d24ecba3-c1f4-40fa-a7bb-4588a071e8fd | VM Scanner Operator | Role that provides access to disk snapshot for security analysis. | add |
new Role | 2022-06-08 16:32:24 |
| af6a70f8-3c9f-4105-acf1-d719e9fca4ca | Elastic San Reader | Read Azure Elastic SAN and all sub-resources | add |
new Role | 2022-06-01 16:31:39 |
| b8b15564-4fa6-4a59-ab12-03e1d9594795 | Autonomous Development Platform Data Contributor (Preview) | Grants permissions to upload and manage new Autonomous Development Platform measurements. | change |
DataActions | 2022-05-31 16:32:29 |
| a6333a3e-0164-44c3-b281-7a577aff287f | Windows Admin Center Administrator Login | Let's you manage the OS of your resource via Windows Admin Center as an administrator. | change |
Actions, DataActions | 2022-05-30 16:30:40 |
| 80dcbedb-47ef-405d-95bd-188a1b4ac406 | Elastic San Contributor | Lets you manage elastic san accounts | add |
new Role | 2022-05-26 16:30:22 |
| f2dc8367-1007-4938-bd23-fe263f013447 | Cognitive Services Speech User | Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models. | change |
Actions | 2022-05-20 16:30:38 |
| 0e75ca1e-0464-4b4d-8b93-68208a576181 | Cognitive Services Speech Contributor | Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice. | change |
Actions | 2022-05-20 16:30:38 |
| 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8 | Azure Kubernetes Service Cluster Admin Role | List cluster admin credential action. | change |
Actions | 2022-05-17 16:30:38 |
| c031e6a8-4391-4de0-8d69-4706a7ed3729 | API Management Developer Portal Content Editor | Can customize the developer portal, edit its content, and publish it. | add |
new Role | 2022-05-11 16:32:15 |
| 8d289c81-5878-46d4-8554-54e1e3d8b5cb | Microsoft Sentinel Reader | Microsoft Sentinel Reader | change |
DisplayName, Description, Actions | 2022-05-09 16:29:26 |
| a92dfd61-77f9-4aec-a531-19858b406c87 | Azure Arc ScVmm Administrator role | Arc ScVmm VM Administrator has permissions to perform all ScVmm actions. | add |
new Role | 2022-05-05 21:31:23 |
| 6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9 | Azure Arc ScVmm Private Clouds Onboarding | Azure Arc ScVmm Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vmm server instances to Azure. | add |
new Role | 2022-05-05 21:31:23 |
| c0781e91-8102-4553-8951-97c6d4243cda | Azure Arc ScVmm Private Cloud User | Azure Arc ScVmm Private Cloud User has permissions to use the ScVmm resources to deploy VMs. | add |
new Role | 2022-05-05 21:31:23 |
| e582369a-e17b-42a5-b10c-874c387c530b | Azure Arc ScVmm VM Contributor | Arc ScVmm VM Contributor has permissions to perform all VM actions. | add |
new Role | 2022-05-05 21:31:23 |
| a6333a3e-0164-44c3-b281-7a577aff287f | Windows Admin Center Administrator Login | Let's you manage the OS of your resource via Windows Admin Center as an administrator. | change |
Actions | 2022-05-04 16:30:32 |
| a6333a3e-0164-44c3-b281-7a577aff287f | Windows Admin Center Administrator Login | Let's you manage the OS of your resource via Windows Admin Center as an administrator. | change |
Actions | 2022-05-03 16:57:51 |
| 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 | SQL Server Contributor | Lets you manage SQL servers and databases, but not access to them, and not their security -related policies. | change |
NotActions | 2022-04-29 18:06:01 |
| 056cd41c-7e88-42e1-933e-88ba6a50c9c3 | SQL Security Manager | Lets you manage the security-related policies of SQL servers and databases, but not access to them. | change |
Actions | 2022-04-28 17:39:09 |
| 4465e953-8ced-4406-a58e-0f6e3f3b530b | FHIR Data Importer | Role allows user or principal to read and import FHIR Data | add |
new Role | 2022-04-21 16:39:45 |
| e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1 | Storage Account Backup Contributor | Lets you perform backup and restore operations using Azure Backup on the storage account. | change |
DisplayName, Description, Actions | 2022-04-20 16:54:13 |
| 602da2ba-a5c2-41da-b01d-5360126ab525 | Virtual Machine Local User Login | View Virtual Machines in the portal and login as a local user configured on the arc server | change |
Actions | 2022-04-18 16:32:42 |
| f7b75c60-3036-4b75-91c3-6b41c27c1689 | Reservation Purchaser | Lets you purchase reservations | change |
Actions | 2022-04-14 16:55:58 |
| cd08ab90-6b14-449c-ad9a-8f8e549482c6 | Scheduled Patching Contributor | Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments | change |
Actions | 2022-04-13 16:45:15 |
| cd08ab90-6b14-449c-ad9a-8f8e549482c6 | Scheduled Patching Contributor | Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments | add |
new Role | 2022-04-11 16:38:49 |
| a8889054-8d42-49c9-bc1c-52486c10e7cd | Reservations Administrator | Lets one read and manage all the reservations in a tenant | add |
new Role | 2022-04-09 02:54:25 |
| 602da2ba-a5c2-41da-b01d-5360126ab525 | Virtual Machine Local User Login | View Virtual Machines in the portal and login as a local user configured on the arc server | add |
new Role | 2022-04-07 17:18:35 |
| a6333a3e-0164-44c3-b281-7a577aff287f | Windows Admin Center Administrator Login | Let's you manage the OS of your resource via Windows Admin Center as an administrator. | change |
Actions | 2022-04-05 17:06:52 |
| 331c37c6-af14-46d9-b9f4-e1909e1b95a0 | DevCenter Project Admin | Provides access to manage project resources. | add |
new Role | 2022-04-01 20:29:16 |
| 45d50f46-0b78-4001-a660-4198cbe8cd05 | DevCenter Dev Box User | Provides access to create and manage dev boxes. | add |
new Role | 2022-03-31 18:06:31 |
| 7628b7b8-a8b2-4cdc-b46f-e9b35248918e | Cognitive Services Language Reader | Has access to Read and Test functions under Language portal | change |
DataActions, NotDataActions | 2022-03-30 16:45:33 |
| f2310ca1-dc64-4889-bb49-c8e0fa3d47a8 | Cognitive Services Language Writer | Has access to all Read, Test, and Write functions under Language Portal | change |
DataActions, NotDataActions | 2022-03-30 16:45:33 |
| f07febfe-79bc-46b1-8b37-790e26e6e498 | Cognitive Services Language Owner | Has access to all Read, Test, Write, Deploy and Delete functions under Language portal | change |
DataActions, NotDataActions | 2022-03-30 16:45:33 |
| 1ef6a3be-d0ac-425d-8c01-acb62866290b | Compute Gallery Sharing Admin | This role allows user to share gallery to another subscription/tenant or share it to the public. | add |
new Role | 2022-03-28 17:59:08 |
| a6333a3e-0164-44c3-b281-7a577aff287f | Windows Admin Center Administrator Login | Let's you manage the OS of your resource via Windows Admin Center as an administrator. | change |
Actions | 2022-03-16 17:58:57 |
| 18ed5180-3e48-46fd-8541-4ea054d57064 | Azure Kubernetes Service Policy Add-on Deployment | Deploy the Azure Policy add-on on Azure Kubernetes Service clusters | change |
Actions | 2022-03-16 17:58:57 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
Actions | 2022-03-11 18:17:07 |
| 0e75ca1e-0464-4b4d-8b93-68208a576181 | Cognitive Services Speech Contributor | Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice. | change |
DataActions | 2022-03-10 18:07:12 |
| 6b77f0a0-0d89-41cc-acd1-579c22c17a67 | AgFood Platform Sensor Partner Contributor | Provides contribute access to manage sensor related entities in AgFood Platform Service | add |
new Role | 2022-03-09 19:15:11 |
| 18500a29-7fe2-46b2-a342-b16a415e101d | Managed HSM contributor | Lets you manage managed HSM pools, but not access to them. | change |
Actions | 2022-03-08 17:46:41 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
Actions | 2022-03-08 17:46:41 |
| 0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d | DNS Resolver Contributor | Lets you manage DNS resolver resources | change |
Actions | 2022-03-01 18:03:34 |
| 959f8984-c045-4866-89c7-12bf9737be2e | Data Operator for Managed Disks | Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication. | add |
new Role | 2022-03-01 18:03:34 |
| 0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d | DNS Resolver Contributor | Lets you manage DNS resolver resources | add |
new Role | 2022-02-28 17:26:57 |
| eeaeda52-9324-47f6-8069-5d5bade478b2 | Domain Services Contributor | Can manage Azure AD Domain Services and related network configurations | add |
new Role | 2022-02-23 18:03:00 |
| 361898ef-9ed1-48c2-849c-a832951106bb | Domain Services Reader | Can view Azure AD Domain Services and related network configurations | add |
new Role | 2022-02-23 18:03:00 |
| 088ab73d-1256-47ae-bea9-9de8e7131f31 | Guest Configuration Resource Contributor | Lets you read, write Guest Configuration Resource. | change |
Description, Actions | 2022-02-11 18:30:29 |
| 18ed5180-3e48-46fd-8541-4ea054d57064 | Azure Kubernetes Service Policy Add-on Deployment | Deploy the Azure Policy add-on on Azure Kubernetes Service clusters | change |
Actions | 2022-02-10 17:19:06 |
| 18ed5180-3e48-46fd-8541-4ea054d57064 | Azure Kubernetes Service Policy Add-on Deployment | Deploy the Azure Policy add-on on Azure Kubernetes Service clusters | add |
new Role | 2022-02-08 18:24:32 |
| a6333a3e-0164-44c3-b281-7a577aff287f | Windows Admin Center Administrator Login | Let's you manage the OS of your resource via Windows Admin Center as an administrator. | add |
new Role | 2022-02-07 17:17:23 |
| 00493d72-78f6-4148-b6c5-d3ce8e4799dd | Azure Arc Enabled Kubernetes Cluster User Role | List cluster user credentials action. | change |
Actions | 2022-02-02 17:45:29 |
| f2dc8367-1007-4938-bd23-fe263f013447 | Cognitive Services Speech User | Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models. | change |
DataActions, NotDataActions | 2022-01-28 19:51:28 |
| 4447db05-44ed-4da3-ae60-6cbece780e32 | Chamber User | Lets you view everything under your HPC Workbench chamber, but not make any changes. | change |
Actions | 2022-01-27 17:51:50 |
| 871e35f6-b5c1-49cc-a043-bde969a0f2cd | CDN Endpoint Reader | Can view CDN endpoints, but can't make changes. | change |
Actions | 2022-01-27 17:51:50 |
| f4c81013-99ee-4d62-a7ee-b3f1f648599a | Microsoft Sentinel Automation Contributor | Microsoft Sentinel Automation Contributor | change |
DisplayName, Description, Actions | 2022-01-26 17:48:32 |
| 56be40e2-4db1-4ccf-93c3-7e44c597135b | Monitored Objects Contributor | Can read and update Monitored Objects and associated Data Collection Rules. | add |
new Role | 2022-01-21 18:03:29 |
| 4447db05-44ed-4da3-ae60-6cbece780e32 | Chamber User | Lets you view everything under your HPC Workbench chamber, but not make any changes. | add |
new Role | 2022-01-20 18:36:47 |
| 4e9b8407-af2e-495b-ae54-bb60a55b1b5a | Chamber Admin | Lets you manage everything under your HPC Workbench chamber. | add |
new Role | 2022-01-20 18:36:47 |
| 088ab73d-1256-47ae-bea9-9de8e7131f31 | Guest Configuration Resource Contributor | Grants access to read or write to Guest Configuration resources. | add |
new Role | 2022-01-14 17:44:10 |
| 67d33e57-3129-45e6-bb0b-7cc522f762fa | Azure Arc VMware Private Clouds Onboarding | Azure Arc VMware Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vCenter instances to Azure. | add |
new Role | 2022-01-14 17:44:10 |
| 49e2f5d2-7741-4835-8efa-19e1fe35e47f | Device Update Deployments Reader | Gives you read access to management operations, but does not allow making changes | change |
DataActions | 2022-01-13 19:18:33 |
| e4237640-0e3d-4a46-8fda-70bc94856432 | Device Update Deployments Administrator | Gives you full access to management operations | change |
DataActions | 2022-01-13 19:18:33 |
| 14b46e9e-c2b7-41b4-b07b-48a6ebf60603 | Key Vault Crypto Officer | Perform any action on the keys of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. | change |
DisplayName, DataActions | 2022-01-07 18:14:37 |
| d63b75f7-47ea-4f27-92ac-e0d173aaf093 | Autonomous Development Platform Data Reader (Preview) | Grants read access to Autonomous Development Platform data. | change |
Actions, DataActions | 2022-01-04 13:44:22 |
| b8b15564-4fa6-4a59-ab12-03e1d9594795 | Autonomous Development Platform Data Contributor (Preview) | Grants permissions to upload and manage new Autonomous Development Platform measurements. | change |
Actions, DataActions, NotDataActions | 2022-01-04 13:44:22 |
| 27f8b550-c507-4db9-86f2-f4b8e816d59d | Autonomous Development Platform Data Owner (Preview) | Grants full access to Autonomous Development Platform data. | change |
Actions, DataActions | 2022-01-04 13:44:22 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
Actions | 2022-01-04 11:26:52 |
| b279062a-9be3-42a0-92ae-8b3cf002ec4d | Workbook Reader | Can read workbooks. | change |
Actions | 2022-01-04 11:26:52 |
| e8ddcd69-c73f-4f9f-9844-4100522f16ad | Workbook Contributor | Can save shared workbooks. | change |
Actions | 2022-01-04 11:26:52 |
| 3913510d-42f4-4e42-8a64-420c390055eb | Monitoring Metrics Publisher | Enables publishing metrics against Azure resources | change |
DataActions | 2022-01-04 11:26:52 |
| 00c29273-979b-4161-815c-10b084fb9324 | Backup Operator | Lets you manage backup services, except removal of backup, vault creation and giving access to others | change |
Actions | 2021-12-16 17:24:54 |
| cd570a14-e51a-42ad-bac8-bafd67325302 | Azure Connected Machine Resource Administrator | Can read, write, delete and re-onboard Azure Connected Machines. | change |
Actions | 2021-12-15 17:18:05 |
| fb879df8-f326-4884-b1cf-06f3ad86be52 | Virtual Machine User Login | View Virtual Machines in the portal and login as a regular user. | change |
Actions | 2021-11-18 17:19:50 |
| 1c0163c0-47e6-4577-8991-ea5c82e286e4 | Virtual Machine Administrator Login | View Virtual Machines in the portal and login as administrator | change |
Actions | 2021-11-18 17:19:50 |
| 12cf5a90-567b-43ae-8102-96cf46c7d9b4 | Web PubSub Service Owner (Preview) | Full access to Azure Web PubSub Service REST APIs | change |
DataActions | 2021-11-16 16:27:38 |
| 420fcaa2-552c-430f-98ca-3264be4806c7 | SignalR App Server | Lets your app server access SignalR Service with AAD auth options. | change |
DisplayName, DataActions | 2021-11-16 16:27:38 |
| bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf | Web PubSub Service Reader (Preview) | Read-only access to Azure Web PubSub Service REST APIs | change |
DataActions | 2021-11-16 16:27:38 |
| fb1c8493-542b-48eb-b624-b4c8fea62acd | Security Admin | Security Admin Role | change |
NotActions | 2021-11-15 17:00:51 |
| 582fc458-8989-419f-a480-75249bc5db7e | Reservations Reader | Lets one read all the reservations in a tenant | add |
new Role | 2021-11-11 20:15:16 |
| dd920d6d-f481-47f1-b461-f338c46b2d9f | Marketplace Admin | Marketplace Admin grants full access to manage Private Azure Marketplace, including read and take action for private marketplace notifications, but does not allow to assign Marketplace Admin role to others | change |
Description, Actions | 2021-11-11 20:14:21 |
| 53be45b2-ad40-43ab-bc1f-2c962ac99ded | PowerApps Administrator | The user has access to perform administrative actions on all PowerApps resources within the tenant. | add |
new Role | 2021-11-11 20:13:47 |
| 6877c72c-edd3-4048-9b4b-cf8e514477b0 | PowerAppsReaderWithReshare | PowerAppsReadersWithReshare can use the resource and re-share it with other users, but cannot edit the resource or re-share it with edit permissions. | add |
new Role | 2021-11-11 20:13:46 |
| ed2561a6-b260-4d25-9d88-54ee1b8e8b37 | Guest configuration deploy policy role | Lets you deploy guest configuration policy on to machines under a subscription or resource group. | add |
new Role | 2021-11-11 20:13:34 |
| 2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc | Lab Services Reader | The lab services reader role | add |
new Role | 2021-11-11 17:21:27 |
| ce40b423-cede-4313-a93f-9b28290b72e1 | Lab Assistant | The lab assistant role | add |
new Role | 2021-11-11 17:21:27 |
| 5daaa2af-1fe8-407c-9122-bba179798270 | Lab Contributor | The lab contributor role | add |
new Role | 2021-11-11 17:21:27 |
| b2de6794-95db-4659-8781-7e080d3f2b9d | Cognitive Services Immersive Reader User | Provides access to create Immersive Reader sessions and call APIs | add |
new Role | 2021-11-11 17:21:27 |
| a36e6959-b6be-4b12-8e9f-ef4b474d304d | Lab Operator | The lab operator role | add |
new Role | 2021-11-11 17:21:27 |
| b97fb8bc-a8b2-4522-a38b-dd33c7e65ead | Lab Creator | Lets you create new labs under your Azure Lab Accounts. | change |
Actions, DataActions | 2021-11-11 17:21:27 |
| f69b8690-cc87-41d6-b77a-a4bc3c0a966f | Lab Services Contributor | The lab services contributor role | add |
new Role | 2021-11-11 17:21:27 |
| 3ae3fb29-0000-4ccd-bf80-542e7b26e081 | Load Test Reader | View and list all load tests and load test resources but can not make any changes | add |
new Role | 2021-11-10 17:42:24 |
| 0c8b84dc-067c-4039-9615-fa1a4b77c726 | PlayFab Contributor | Provides contributor access to PlayFab resources | add |
new Role | 2021-11-10 17:42:24 |
| 749a398d-560b-491b-bb21-08924219302e | Load Test Contributor | View, create, update, delete and execute load tests. View and list load test resources but can not make any changes. | add |
new Role | 2021-11-09 16:56:00 |
| 45bb0b16-2f0c-4e78-afaa-a07599b003f6 | Load Test Owner | Execute all operations on load test resources and load tests | add |
new Role | 2021-11-09 16:56:00 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
Actions | 2021-11-08 16:50:39 |
| a9a19cc5-31f4-447c-901f-56c0bb18fcaf | PlayFab Reader | Provides read access to PlayFab resources | add |
new Role | 2021-11-08 16:50:39 |
| ddc140ed-e463-4246-9145-7c664192013f | Azure Arc VMware Administrator role | Arc VMware VM Contributor has permissions to perform all connected VMwarevSphere actions. | add |
new Role | 2021-11-05 17:28:15 |
| f72c8140-2111-481c-87ff-72b910f6e3f8 | Cognitive Services LUIS Owner | Has access to all Read, Test, Write, Deploy and Delete functions under LUIS | add |
new Role | 2021-11-04 17:27:00 |
| 18e81cdc-4e98-4e29-a639-e7d10c5a6226 | Cognitive Services LUIS Reader | Has access to Read and Test functions under LUIS. | add |
new Role | 2021-11-04 17:27:00 |
| 7628b7b8-a8b2-4cdc-b46f-e9b35248918e | Cognitive Services Language Reader | Has access to Read and Test functions under Language portal | add |
new Role | 2021-11-04 17:27:00 |
| f2310ca1-dc64-4889-bb49-c8e0fa3d47a8 | Cognitive Services Language Writer | Has access to all Read, Test, and Write functions under Language Portal | add |
new Role | 2021-11-04 17:27:00 |
| f07febfe-79bc-46b1-8b37-790e26e6e498 | Cognitive Services Language Owner | Has access to all Read, Test, Write, Deploy and Delete functions under Language portal | add |
new Role | 2021-11-04 17:27:00 |
| 6322a993-d5c9-4bed-b113-e49bbea25b27 | Cognitive Services LUIS Writer | Has access to all Read, Test, and Write functions under LUIS | add |
new Role | 2021-11-04 17:27:00 |
| b748a06d-6150-4f8a-aaa9-ce3940cd96cb | Azure Arc VMware VM Contributor | Arc VMware VM Contributor has permissions to perform all VM actions. | add |
new Role | 2021-10-28 15:43:30 |
| ce551c02-7c42-47e0-9deb-e3b6fc3a9a83 | Azure Arc VMware Private Cloud User | Azure Arc VMware Private Cloud User has permissions to use the VMware cloud resources to deploy VMs. | add |
new Role | 2021-10-28 15:43:30 |
| f2dc8367-1007-4938-bd23-fe263f013447 | Cognitive Services Speech User | Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models. | change |
Actions | 2021-10-26 15:38:27 |
| 0e75ca1e-0464-4b4d-8b93-68208a576181 | Cognitive Services Speech Contributor | Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice. | change |
Actions | 2021-10-26 15:38:27 |
| 8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204 | Azure Maps Data Contributor | Grants access to read, write, and delete access to map related data from an Azure maps account. | change |
DataActions | 2021-10-13 16:30:51 |
| dba33070-676a-4fb0-87fa-064dc56ff7fb | Azure Maps Contributor | Grants access all Azure Maps resource management. | add |
new Role | 2021-10-04 15:27:18 |
| 6be48352-4f82-47c9-ad5e-0acacefdb005 | Azure Maps Search and Render Data Reader | Grants access to very limited set of data APIs for common visual web SDK scenarios. Specifically, render and search data APIs. | add |
new Role | 2021-10-04 15:27:18 |
| 9980e02c-c2be-4d73-94e8-173b1dc7cf3c | Virtual Machine Contributor | Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | change |
Actions | 2021-10-01 15:34:12 |
| 60fc6e62-5479-42d4-8bf4-67625fcc2840 | Disk Pool Operator | Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool. | add |
new Role | 2021-09-14 15:45:54 |
| fd53cd77-2268-407a-8f46-7e7863d0f521 | SignalR REST API Owner | Full access to Azure SignalR Service REST APIs | change |
DisplayName, Description, DataActions | 2021-09-13 16:35:21 |
| 6ae96244-5829-4925-a7d3-5975537d91dd | Azure VM Managed identities restore Contributor | Azure VM Managed identities restore Contributors are allowed to perform Azure VM Restores with managed identities both user and system | add |
new Role | 2021-09-13 16:35:21 |
| 494ae006-db33-4328-bf46-533a6560a3ca | Site Recovery Operator | Lets you failover and failback but not perform other Site Recovery management operations | change |
Actions | 2021-09-10 15:51:14 |
| 1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf | Stream Analytics Query Tester | Lets you perform query testing without creating a stream analytics job first | change |
Actions | 2021-09-08 15:40:07 |
| a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b | Azure Spring Cloud Config Server Contributor | Allow read, write and delete access to Azure Spring Cloud Config Server | add |
new Role | 2021-09-06 17:54:17 |
| 6670b86e-a3f7-4917-ac9b-5d6ab1be4567 | Site Recovery Contributor | Lets you manage Site Recovery service except vault creation and role assignment | change |
Actions | 2021-09-02 16:18:17 |
| dbaa88c4-0c30-4179-9fb3-46319faa6149 | Site Recovery Reader | Lets you view Site Recovery status but not perform other management operations | change |
Actions | 2021-09-02 16:18:17 |
| 1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf | Stream Analytics Query Tester | Lets you perform query testing without creating a stream analytics job first | change |
Actions | 2021-09-01 15:00:06 |
| f353d9bd-d4a6-484e-a77a-8050b599b867 | Automation Contributor | Manage azure automation resources and other resources using azure automation. | change |
Actions | 2021-09-01 15:00:06 |
| d04c6db6-4947-4782-9e91-30a88feb7be7 | Azure Spring Cloud Config Server Reader | Allow read access to Azure Spring Cloud Config Server | add |
new Role | 2021-08-26 16:23:33 |
| f5880b48-c26d-48be-b172-7927bfa1c8f1 | Azure Spring Cloud Service Registry Contributor | Allow read, write and delete access to Azure Spring Cloud Service Registry | add |
new Role | 2021-08-20 15:48:24 |
| cff1b556-2399-4e7e-856d-a8f754be7b65 | Azure Spring Cloud Service Registry Reader | Allow read access to Azure Spring Cloud Service Registry | add |
new Role | 2021-08-20 15:48:24 |
| 9980e02c-c2be-4d73-94e8-173b1dc7cf3c | Virtual Machine Contributor | Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | change |
Actions | 2021-08-19 16:32:19 |
| 2837e146-70d7-4cfd-ad55-7efa6464f958 | CodeSigning Certificate Profile Signer | Sign files with a certificate profile. This role is in preview and subject to change. | add |
new Role | 2021-08-17 16:31:35 |
| 22926164-76b3-42b3-bc55-97df8dab3e41 | Grafana Admin | Built-in Grafana admin role | add |
new Role | 2021-08-13 17:07:50 |
| 60921a7e-fef1-4a43-9b16-a26c52ad4769 | Grafana Viewer | Built-in Grafana Viewer role | add |
new Role | 2021-08-13 17:07:50 |
| a79a5197-3a5c-4973-a920-486035ffd60f | Grafana Editor | Built-in Grafana Editor role | add |
new Role | 2021-08-13 17:07:50 |
| 39bc4728-0917-49c7-9d2c-d95423bc2eb4 | Security Reader | Security Reader Role | change |
Actions | 2021-08-12 19:47:01 |
| fb1c8493-542b-48eb-b624-b4c8fea62acd | Security Admin | Security Admin Role | change |
NotActions | 2021-08-12 19:47:01 |
| 85cb6faf-e071-4c9b-8136-154b5a04f717 | Kubernetes Extension Contributor | Can create, update, get, list and delete Kubernetes Extensions, and get extension async operations | add |
new Role | 2021-08-11 15:29:45 |
| 10745317-c249-44a1-a5ce-3a4353c0bbd8 | Device Provisioning Service Data Reader | Allows for full read access to Device Provisioning Service data-plane properties. | add |
new Role | 2021-08-09 22:29:09 |
| dfce44e4-17b7-4bd1-a6d1-04996ec95633 | Device Provisioning Service Data Contributor | Allows for full access to Device Provisioning Service data-plane operations. | add |
new Role | 2021-08-09 22:29:09 |
| f353d9bd-d4a6-484e-a77a-8050b599b867 | Automation Contributor | Manage azure automation resources and other resources using azure automation. | add |
new Role | 2021-08-09 19:32:28 |
| 15e0f5a1-3450-4248-8e25-e2afe88a9e85 | Test Base Reader | Let you view and download packages and test results. | change |
Actions | 2021-08-06 15:06:08 |
| 92aaf0da-9dab-42b6-94a3-d43ce8d16293 | Log Analytics Contributor | Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources. | change |
Description, Actions | 2021-08-06 15:06:08 |
| 1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf | Stream Analytics Query Tester | Lets you perform query testing without creating a stream analytics job first | change |
Actions | 2021-08-06 15:06:08 |
| 8d289c81-5878-46d4-8554-54e1e3d8b5cb | Azure Sentinel Reader | Azure Sentinel Reader | change |
Actions | 2021-08-05 14:48:34 |
| 3e150937-b8fe-4cfb-8069-0eaf05ecd056 | Azure Sentinel Responder | Azure Sentinel Responder | change |
Actions | 2021-08-05 14:48:34 |
| ab8e14d6-4a74-4a29-9ba8-549422addade | Azure Sentinel Contributor | Azure Sentinel Contributor | change |
Actions | 2021-08-05 14:48:34 |
| 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68 | Cognitive Services Contributor | Lets you create, read, update, delete and manage keys of Cognitive Services. | change |
Actions | 2021-08-03 20:37:08 |
| 1c0163c0-47e6-4577-8991-ea5c82e286e4 | Virtual Machine Administrator Login | View Virtual Machines in the portal and login as administrator | change |
Actions, DataActions | 2021-08-02 15:58:24 |
| fb879df8-f326-4884-b1cf-06f3ad86be52 | Virtual Machine User Login | View Virtual Machines in the portal and login as a regular user. | change |
Actions, DataActions | 2021-08-02 15:58:24 |
| 7e4f1700-ea5a-4f59-8f37-079cfe29dce3 | SignalR Service Owner | Full access to Azure SignalR Service REST APIs | change |
DisplayName, DataActions | 2021-07-29 15:40:44 |
| f2dc8367-1007-4938-bd23-fe263f013447 | Cognitive Services Speech User | Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models. | change |
Description, DataActions, NotDataActions | 2021-07-29 15:40:44 |
| 0e75ca1e-0464-4b4d-8b93-68208a576181 | Cognitive Services Speech Contributor | Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice. | change |
Description, DataActions | 2021-07-29 15:40:44 |
| 26e0b698-aa6d-4085-9386-aadae190014d | Azure Relay Listener | Allows for listen access to Azure Relay resources. | add |
new Role | 2021-07-21 16:02:28 |
| 2787bf04-f1f5-4bfe-8383-c8a24483ee38 | Azure Relay Owner | Allows for full access to Azure Relay resources. | add |
new Role | 2021-07-20 17:09:18 |
| 26baccc8-eea7-41f1-98f4-1762cc7f685d | Azure Relay Sender | Allows for send access to Azure Relay resources. | add |
new Role | 2021-07-20 17:09:18 |
| 3db33094-8700-4567-8da5-1501d4e7e843 | FHIR Data Exporter | Role allows user or principal to read and export FHIR Data | change |
DataActions | 2021-07-19 14:20:08 |
| e8113dce-c529-4d33-91fa-e9b972617508 | Azure Connected SQL Server Onboarding | Microsoft.AzureArcData service role to access the resources of Microsoft.AzureArcData stored with RPSAAS. | add |
new Role | 2021-07-19 14:20:08 |
| 8508508a-4469-4e45-963b-2518ee0bb728 | AgFood Platform Service Contributor | Provides contribute access to AgFood Platform Service | change |
NotDataActions | 2021-07-19 14:20:08 |
| f6c7c914-8db3-469d-8ca1-694a8f32e121 | AzureML Data Scientist | Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself. | add |
new Role | 2021-07-15 16:24:54 |
| 60fc6e62-5479-42d4-8bf4-67625fcc2840 | Disk Pool Operator | Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool. | remove |
decommissioned Role | 2021-07-12 16:24:45 |
| 39bc4728-0917-49c7-9d2c-d95423bc2eb4 | Security Reader | Security Reader Role | change |
Actions | 2021-07-12 16:24:45 |
| 5a1fc7df-4bf1-4951-a576-89034ee01acd | FHIR Data Contributor | Role allows user or principal full access to FHIR Data | change |
DataActions | 2021-07-09 14:39:01 |
| 3f88fce4-5892-4214-ae73-ba5294559913 | FHIR Data Writer | Role allows user or principal to read and write FHIR Data | change |
DataActions, NotDataActions | 2021-07-09 14:39:01 |
| a1705bd2-3a8f-45a5-8683-466fcfd5cc24 | FHIR Data Converter | Role allows user or principal to convert data from legacy format to FHIR | change |
DataActions | 2021-07-09 14:39:01 |
| 60fc6e62-5479-42d4-8bf4-67625fcc2840 | Disk Pool Operator | Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool. | add |
new Role | 2021-07-09 14:39:01 |
| 4c8d0bbc-75d3-4935-991f-5f3c56d81508 | FHIR Data Reader | Role allows user or principal to read FHIR Data | change |
DataActions | 2021-07-09 14:39:01 |
| fb1c8493-542b-48eb-b624-b4c8fea62acd | Security Admin | Security Admin Role | change |
Actions | 2021-07-08 14:19:50 |
| c8d4ff99-41c3-41a8-9f60-21dfdad59608 | AcrQuarantineWriter | acr quarantine data writer | change |
DataActions | 2021-07-07 15:26:33 |
| d5a91429-5739-47e2-a06b-3470a27159e7 | EventGrid Data Sender | Allows send access to event grid events. | add |
new Role | 2021-07-05 14:23:05 |
| cdda3590-29a3-44f6-95f2-9f980659eb04 | AcrQuarantineReader | acr quarantine data reader | change |
DataActions | 2021-06-24 14:29:36 |
| 6cef56e8-d556-48e5-a04f-b8e64114680f | AcrImageSigner | acr image signer | change |
DataActions | 2021-06-24 14:29:36 |
| 58a3b984-7adf-4c20-983a-32417c86fbc8 | DICOM Data Owner | Full access to DICOM data. | add |
new Role | 2021-06-18 14:19:53 |
| e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a | DICOM Data Reader | Read and search DICOM data. | add |
new Role | 2021-06-18 14:19:53 |
| 0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3 | Storage Table Data Contributor | Allows for read, write and delete access to Azure Storage tables and entities | add |
new Role | 2021-06-15 14:06:27 |
| 76199698-9eea-4c19-bc75-cec21354c6b6 | Storage Table Data Reader | Allows for read access to Azure Storage tables and entities | add |
new Role | 2021-06-15 14:06:27 |
| 5e467623-bb1f-42f4-a55d-6e525e11384b | Backup Contributor | Lets you manage backup service,but can't create vaults and give access to others | change |
Actions | 2021-06-14 13:58:52 |
| 00c29273-979b-4161-815c-10b084fb9324 | Backup Operator | Lets you manage backup services, except removal of backup, vault creation and giving access to others | change |
Actions | 2021-06-14 13:58:52 |
| a795c7a0-d4a2-40c1-ae25-d81f01202912 | Backup Reader | Can view backup services, but can't make changes | change |
Actions | 2021-06-10 15:19:34 |
| 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec | SQL DB Contributor | Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers. | change |
NotActions | 2021-06-10 15:19:34 |
| cd570a14-e51a-42ad-bac8-bafd67325302 | Azure Connected Machine Resource Administrator | Can read, write, delete and re-onboard Azure Connected Machines. | change |
Actions | 2021-06-09 16:50:31 |
| 8ebe5a00-799e-43f5-93ac-243d3dce84a7 | Search Index Data Contributor | Grants full access to Azure Cognitive Search index data. | add |
new Role | 2021-06-02 22:45:24 |
| 1407120a-92aa-4202-b7e9-c0e197c71c8f | Search Index Data Reader | Grants read access to Azure Cognitive Search index data. | add |
new Role | 2021-06-02 22:45:24 |
| a795c7a0-d4a2-40c1-ae25-d81f01202912 | Backup Reader | Can view backup services, but can't make changes | change |
Actions | 2021-05-25 14:52:54 |
| a37b566d-3efa-4beb-a2f2-698963fa42ce | Security Detonation Chamber Submission Manager | Allowed to create and manage submissions to Security Detonation Chamber | change |
DataActions | 2021-05-24 17:13:01 |
| 0b555d9b-b4a7-4f43-b330-627f0e5be8f0 | Security Detonation Chamber Submitter | Allowed to create submissions to Security Detonation Chamber | change |
DataActions | 2021-05-24 17:13:01 |
| 15e0f5a1-3450-4248-8e25-e2afe88a9e85 | Test Base Reader | Let you view and download packages and test results. | add |
new Role | 2021-05-12 14:41:18 |
| 99dba123-b5fe-44d5-874c-ced7199a5804 | Media Services Streaming Endpoints Administrator | Create, read, modify and delete Streaming Endpoints; read-only access to other Media Services resources. | add |
new Role | 2021-05-07 14:29:30 |
| e4395492-1534-4db2-bedf-88c14621589c | Media Services Media Operator | Create, read, modify, and delete of Assets, Asset Filters, Streaming Locators and Jobs; read-only access to other Media Services resources. | add |
new Role | 2021-05-07 14:29:30 |
| c4bba371-dacd-4a26-b320-7250bca963ae | Media Services Policy Administrator | Create, read, modify, and delete Account Filters, Streaming Policies, Content Key Policies and Transforms; read-only access to other Media Services resources. Cannot create Jobs, Assets or Streaming resources. | add |
new Role | 2021-05-07 14:29:30 |
| 532bc159-b25e-42c0-969e-a1d439f60d77 | Media Services Live Events Administrator | Create, read and modify Live Events, Assets, Asset Filters and Streaming Locators; read-only access to other Media Services resources. | add |
new Role | 2021-05-07 14:29:30 |
| 054126f8-9a2b-4f1c-a9ad-eca461f08466 | Media Services Account Administrator | Create, read, modify and delete Media Services accounts; read-only access to other Media Services resources. | add |
new Role | 2021-05-03 14:09:38 |
| cd570a14-e51a-42ad-bac8-bafd67325302 | Azure Connected Machine Resource Administrator | Can read, write, delete and re-onboard Azure Connected Machines. | change |
Actions | 2021-04-29 16:55:26 |
| 1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf | Stream Analytics Query Tester | Lets you perform query testing without creating a stream analytics job first | add |
new Role | 2021-04-27 15:39:18 |
| 7a6f0e70-c033-4fb1-828c-08514e5f4102 | Collaborative Runtime Operator | Can manage resources created by AICS at runtime | change |
Actions | 2021-04-26 14:08:50 |
| 4ea46cd5-c1b2-4a8e-910b-273211f9ce47 | Azure Iot Hubs Registry Contributor | Allows for full access to Azure IoT Hubs device registry. | add |
new Role | 2021-04-23 13:42:10 |
| 4fc6c259-987e-4a07-842e-c321cc9d413f | Azure Iot?Hubs?Data?Contributor | Allows for full access to Azure IoT Hubs data plane operations. | add |
new Role | 2021-04-23 13:42:10 |
| b447c946-2db7-41ec-983d-d8bf3b1c77e3 | Azure Iot Hubs Data Reader | Allows for full read access to Azure Iot Hubs data-plane properties | add |
new Role | 2021-04-23 13:42:10 |
| 494bdba2-168f-4f31-a0a1-191d2f7c028c | Azure Iot?Hubs?Twin?Contributor | Allows for read and write access to all Azure IoT Hubs device and module twins. | add |
new Role | 2021-04-23 13:42:10 |
| a2138dac-4907-4679-a376-736901ed8ad8 | AnyBuild Builder | Basic user role for AnyBuild. This role allows listing of agent information and execution of remote build capabilities. | add |
new Role | 2021-04-21 13:28:47 |
| 9894cab4-e18a-44aa-828b-cb588cd6f2d7 | Cognitive Services Face Recognizer | Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices. | add |
new Role | 2021-03-31 14:35:06 |
| 0e75ca1e-0464-4b4d-8b93-68208a576181 | Cognitive Services Speech Contributor | This is a role that can read, write and delete all speech resources. | add |
new Role | 2021-03-30 13:51:32 |
| f2dc8367-1007-4938-bd23-fe263f013447 | Cognitive Services Speech User | This is a role that can create, read, change and delete batch transcriptions, do real time transcriptions and list or get other speech resources. | add |
new Role | 2021-03-30 13:51:32 |
| b5537268-8956-4941-a8f0-646150406f0c | Azure Spring Cloud Data Reader | Allow read access to Azure Spring Cloud Data | add |
new Role | 2021-03-25 15:40:30 |
| cd570a14-e51a-42ad-bac8-bafd67325302 | Azure Connected Machine Resource Administrator | Can read, write, delete and re-onboard Azure Connected Machines. | change |
Actions | 2021-03-24 14:32:47 |
| 12cf5a90-567b-43ae-8102-96cf46c7d9b4 | Web PubSub Service Owner (Preview) | Full access to Azure Web PubSub Service REST APIs | add |
new Role | 2021-03-24 14:32:47 |
| bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf | Web PubSub Service Reader (Preview) | Read-only access to Azure Web PubSub Service REST APIs | add |
new Role | 2021-03-24 14:32:47 |
| b64e21ea-ac4e-4cdf-9dc9-5b892992bee7 | Azure Connected Machine Onboarding | Can onboard Azure Connected Machines. | change |
Actions | 2021-03-24 14:32:47 |
| 7e4f1700-ea5a-4f59-8f37-079cfe29dce3 | SignalR Service Owner (Preview) | Full access to Azure SignalR Service REST APIs | change |
DataActions | 2021-03-24 14:32:47 |
| daa9e50b-21df-454c-94a6-a8050adab352 | Collaborative Data Contributor | Can manage data packages of a collaborative. | change |
Actions | 2021-03-17 17:26:57 |
| d17ce0a2-0697-43bc-aac5-9113337ab61c | WorkloadBuilder Migration Agent Role | WorkloadBuilder Migration Agent Role. | add |
new Role | 2021-03-12 15:32:19 |
| 466ccd10-b268-4a11-b098-b4849f024126 | Cognitive Services QnA Maker Reader | Let's you read and test a KB only. | change |
DataActions | 2021-03-11 15:16:45 |
| f4cc2bf9-21be-47a1-bdf1-5c5804381025 | Cognitive Services QnA Maker Editor | Let's you create, edit, import and export a KB. You cannot publish or delete a KB. | change |
DataActions | 2021-03-11 15:16:45 |
| 056cd41c-7e88-42e1-933e-88ba6a50c9c3 | SQL Security Manager | Lets you manage the security-related policies of SQL servers and databases, but not access to them. | change |
Actions | 2021-03-09 14:37:39 |
| 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 | SQL Server Contributor | Lets you manage SQL servers and databases, but not access to them, and not their security -related policies. | change |
NotActions | 2021-03-09 14:37:39 |
| 7f646f1b-fa08-80eb-a33b-edd6ce5c915c | Experimentation Administrator | Experimentation Administrator | change |
Actions | 2021-03-08 14:55:25 |
| 352470b3-6a9c-4686-b503-35deb827e500 | Security Detonation Chamber Publisher | Allowed to publish and modify platforms, workflows and toolsets to Security Detonation Chamber | change |
DataActions | 2021-03-08 14:55:25 |
| 6188b7c9-7d01-4f99-a59f-c88b630326c0 | Experimentation Metric Contributor | Allows for creation, writes and reads to the metric set via the metrics service APIs. | change |
DisplayName, Actions, DataActions | 2021-03-08 14:55:25 |
| 7f646f1b-fa08-80eb-a22b-edd6ce5c915c | Experimentation Contributor | Experimentation Contributor | change |
DataActions | 2021-03-08 14:55:25 |
| ca0835dd-bacc-42dd-8ed2-ed5e7230d15b | Object Anchors Account Owner | Provides user with ingestion capabilities for an object anchors account. | add |
new Role | 2021-03-02 15:11:43 |
| 4a167cdf-cb95-4554-9203-2347fe489bd9 | Object Anchors Account Reader | Lets you read ingestion jobs for an object anchors account. | add |
new Role | 2021-03-02 15:11:43 |
| 28241645-39f8-410b-ad48-87863e2951d5 | Security Detonation Chamber Reader | Allowed to query submission info and files from Security Detonation Chamber | add |
new Role | 2021-03-01 15:42:30 |
| 230815da-be43-4aae-9cb4-875f7bd000aa | Cosmos DB Operator | Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings. | change |
NotActions | 2021-02-26 14:41:31 |
| 056cd41c-7e88-42e1-933e-88ba6a50c9c3 | SQL Security Manager | Lets you manage the security-related policies of SQL servers and databases, but not access to them. | change |
Actions | 2021-02-15 15:24:20 |
| 1e241071-0855-49ea-94dc-649edcd759de | EventGrid Contributor | Lets you manage EventGrid operations. | change |
Actions | 2021-02-11 14:23:07 |
| 1e241071-0855-49ea-94dc-649edcd759de | EventGrid Contributor | Lets you manage EventGrid operations. | add |
new Role | 2021-02-09 14:46:34 |
| 27f8b550-c507-4db9-86f2-f4b8e816d59d | Autonomous Development Platform Data Owner (Preview) | Grants full access to Autonomous Development Platform data. | change |
DataActions | 2021-02-09 14:46:34 |
| b8b15564-4fa6-4a59-ab12-03e1d9594795 | Autonomous Development Platform Data Contributor (Preview) | Grants permissions to upload and manage new Autonomous Development Platform measurements. | change |
DataActions | 2021-02-09 14:46:34 |
| d63b75f7-47ea-4f27-92ac-e0d173aaf093 | Autonomous Development Platform Data Reader (Preview) | Grants read access to Autonomous Development Platform data. | change |
DataActions | 2021-02-09 14:46:34 |
| 7a6f0e70-c033-4fb1-828c-08514e5f4102 | Collaborative Runtime Operator | Can manage resources created by AICS at runtime | change |
Actions | 2021-02-08 14:18:19 |
| 0e5f05e5-9ab9-446b-b98d-1e2157c94125 | Quota Request Operator Role | Role to read and create Quota Requests and get Quota Request Status. | change |
Actions | 2021-02-05 15:19:18 |
| ba92f5b4-2d11-453d-a403-e96b0029c9fe | Storage Blob Data Contributor | Allows for read, write and delete access to Azure Storage blob containers and data | change |
DataActions | 2021-02-04 14:17:50 |
| 7f646f1b-fa08-80eb-a33b-edd6ce5c915c | Experimentation Administrator | Experimentation Administrator | change |
DataActions | 2021-02-03 15:09:04 |
| 0e5f05e5-9ab9-446b-b98d-1e2157c94125 | Quota Request Operator Role | Role to read and create Quota Requests and get Quota Request Status. | add |
new Role | 2021-02-03 15:09:04 |
| 6188b7c9-7d01-4f99-a59f-c88b630326c0 | Metric Contributor | Allows for creation, writes and reads to the metric set via the metrics service APIs. | change |
DataActions | 2021-01-29 15:07:15 |
| f4c81013-99ee-4d62-a7ee-b3f1f648599a | Azure Sentinel Automation Contributor | Azure Sentinel Automation Contributor | change |
Actions | 2021-01-26 16:07:29 |
| 974c5e8b-45b9-4653-ba55-5f855dd0fb88 | Storage Queue Data Contributor | Allows for read, write, and delete access to Azure Storage queues and queue messages | change |
DataActions | 2021-01-25 16:07:06 |
| 0b555d9b-b4a7-4f43-b330-627f0e5be8f0 | Security Detonation Chamber Submitter | Allowed to create submissions to Security Detonation Chamber | change |
DataActions | 2021-01-25 16:07:06 |
| 352470b3-6a9c-4686-b503-35deb827e500 | Security Detonation Chamber Publisher | Allowed to publish and modify platforms, workflows and toolsets to Security Detonation Chamber | change |
DataActions | 2021-01-25 16:07:06 |
| a37b566d-3efa-4beb-a2f2-698963fa42ce | Security Detonation Chamber Submission Manager | Allowed to create and manage submissions to Security Detonation Chamber | change |
DataActions | 2021-01-25 16:07:06 |
| f4c81013-99ee-4d62-a7ee-b3f1f648599a | Azure Sentinel Automation Contributor | Azure Sentinel Automation Contributor | add |
new Role | 2021-01-25 16:07:06 |
| a1705bd2-3a8f-45a5-8683-466fcfd5cc24 | FHIR Data Converter | Role allows user or principal to convert data from legacy format to FHIR | add |
new Role | 2021-01-25 16:07:06 |
| 5432c526-bc82-444a-b7ba-57c5b0b5b34f | CosmosRestoreOperator | Can perform restore action for Cosmos DB database account | add |
new Role | 2021-01-22 09:15:20 |
| ae349356-3a1b-4a5e-921d-050484c6347e | Application Insights Component Contributor | Can manage Application Insights components | change |
Actions | 2021-01-20 16:06:17 |
| 00c29273-979b-4161-815c-10b084fb9324 | Backup Operator | Lets you manage backup services, except removal of backup, vault creation and giving access to others | change |
Actions | 2021-01-19 16:07:23 |
| 7a6f0e70-c033-4fb1-828c-08514e5f4102 | Collaborative Runtime Operator | Can manage resources created by AICS at runtime | add |
new Role | 2021-01-19 16:07:23 |
| 7f646f1b-fa08-80eb-a22b-edd6ce5c915c | Experimentation Contributor | Experimentation Contributor | change |
Actions | 2021-01-18 16:05:49 |
| 352470b3-6a9c-4686-b503-35deb827e500 | Security Detonation Chamber Publisher | Allowed to publish and modify platforms, workflows and toolsets to Security Detonation Chamber | add |
new Role | 2021-01-18 16:05:49 |
| 7f646f1b-fa08-80eb-a33b-edd6ce5c915c | Experimentation Administrator | Experimentation Administrator | change |
Actions | 2021-01-18 16:05:49 |
| a37b566d-3efa-4beb-a2f2-698963fa42ce | Security Detonation Chamber Submission Manager | Allowed to create and manage submissions to Security Detonation Chamber | add |
new Role | 2021-01-18 16:05:49 |
| 49632ef5-d9ac-41f4-b8e7-bbe587fa74a1 | Experimentation Reader | Experimentation Reader | change |
Actions | 2021-01-12 16:06:58 |
| 5548b2cf-c94c-4228-90ba-30851930a12f | Microsoft.Kubernetes connected cluster role | Microsoft.Kubernetes connected cluster role. | add |
new Role | 2021-01-08 16:05:47 |
| 7efff54f-a5b4-42b5-a1c5-5411624893ce | Disk Snapshot Contributor | Provides permission to backup vault to manage disk snapshots. | change |
Actions | 2021-01-06 16:06:44 |
| b8b15564-4fa6-4a59-ab12-03e1d9594795 | Autonomous Development Platform Data Contributor (Preview) | Grants permissions to upload and manage new Autonomous Development Platform measurements. | change |
Description, DataActions, NotDataActions | 2021-01-05 16:06:49 |
| 39bc4728-0917-49c7-9d2c-d95423bc2eb4 | Security Reader | Security Reader Role | change |
Actions | 2021-01-04 16:05:39 |
| e147488a-f6f5-4113-8e2d-b22465e65bf6 | Key Vault Crypto Service Encryption User (preview) | Read metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the 'Azure role-based access control' permission model. | change |
DisplayName, Actions | 2020-12-18 16:05:51 |
| b50d9833-a0cb-478e-945f-707fcc997c13 | Disk Restore Operator | Provides permission to backup vault to perform disk restore. | change |
Actions | 2020-12-18 16:05:51 |
| 7efff54f-a5b4-42b5-a1c5-5411624893ce | Disk Snapshot Contributor | Provides permission to backup vault to manage disk snapshots. | change |
Actions | 2020-12-18 16:05:51 |
| 3e5e47e6-65f7-47ef-90b5-e5dd4d455f24 | Disk Backup Reader | Provides permission to backup vault to perform disk backup. | change |
Actions | 2020-12-18 16:05:51 |
| 3e5e47e6-65f7-47ef-90b5-e5dd4d455f24 | Disk Backup Reader | Provides permission to backup vault to perform disk backup. | add |
new Role | 2020-12-15 16:36:19 |
| 7efff54f-a5b4-42b5-a1c5-5411624893ce | Disk Snapshot Contributor | Provides permission to backup vault to manage disk snapshots. | add |
new Role | 2020-12-15 16:36:19 |
| d63b75f7-47ea-4f27-92ac-e0d173aaf093 | Autonomous Development Platform Data Reader (Preview) | Grants read access to Autonomous Development Platform data. | add |
new Role | 2020-12-15 16:36:19 |
| 27f8b550-c507-4db9-86f2-f4b8e816d59d | Autonomous Development Platform Data Owner (Preview) | Grants full access to Autonomous Development Platform data. | add |
new Role | 2020-12-15 16:36:19 |
| b8b15564-4fa6-4a59-ab12-03e1d9594795 | Autonomous Development Platform Data Contributor (Preview) | Grants permissions to manage Autonomous Development Platform data entities, but does not allow accessing the underlying data. Note that entity deletion is not permitted by this role. | add |
new Role | 2020-12-15 16:36:19 |
| b50d9833-a0cb-478e-945f-707fcc997c13 | Disk Restore Operator | Provides permission to backup vault to perform disk restore. | add |
new Role | 2020-12-15 16:36:19 |
| 2ad6aaab-ead9-4eaa-8ac5-da422f562408 | Desktop Virtualization Session Host Operator | Operator of the Desktop Virtualization Session Host. | add |
new Role | 2020-12-14 15:13:28 |
| 49a72310-ab8d-41df-bbb0-79b649203868 | Desktop Virtualization Reader | Reader of Desktop Virtualization. | add |
new Role | 2020-12-14 15:13:28 |
| 21efdde3-836f-432b-bf3d-3e8e734d4b2b | Desktop Virtualization Workspace Contributor | Contributor of the Desktop Virtualization Workspace. | add |
new Role | 2020-12-14 15:13:28 |
| 082f0a83-3be5-4ba1-904c-961cca79b387 | Desktop Virtualization Contributor | Contributor of Desktop Virtualization. | add |
new Role | 2020-12-14 15:13:28 |
| e307426c-f9b6-4e81-87de-d99efb3c32bc | Desktop Virtualization Host Pool Contributor | Contributor of the Desktop Virtualization Host Pool. | add |
new Role | 2020-12-14 15:13:28 |
| ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6 | Desktop Virtualization User Session Operator | Operator of the Desktop Virtualization Uesr Session. | add |
new Role | 2020-12-14 15:13:28 |
| 0fa44ee9-7a7d-466b-9bb2-2bf446b1204d | Desktop Virtualization Workspace Reader | Reader of the Desktop Virtualization Workspace. | add |
new Role | 2020-12-14 15:13:28 |
| aebf23d0-b568-4e86-b8f9-fe83a2c6ab55 | Desktop Virtualization Application Group Reader | Reader of the Desktop Virtualization Application Group. | add |
new Role | 2020-12-14 15:13:28 |
| 86240b0e-9422-4c43-887b-b61143f32ba8 | Desktop Virtualization Application Group Contributor | Contributor of the Desktop Virtualization Application Group. | add |
new Role | 2020-12-14 15:13:28 |
| c7aa55d3-1abb-444a-a5ca-5e51e485d6ec | Integration Service Environment Developer | Allows developers to create and update workflows, integration accounts and API connections in integration service environments. | change |
Actions | 2020-12-14 15:13:28 |
| ceadfde2-b300-400a-ab7b-6143895aa822 | Desktop Virtualization Host Pool Reader | Reader of the Desktop Virtualization Host Pool. | add |
new Role | 2020-12-14 15:13:28 |
| 056cd41c-7e88-42e1-933e-88ba6a50c9c3 | SQL Security Manager | Lets you manage the security-related policies of SQL servers and databases, but not access to them. | change |
Actions | 2020-12-10 15:11:36 |
| 3e150937-b8fe-4cfb-8069-0eaf05ecd056 | Azure Sentinel Responder | Azure Sentinel Responder | change |
Actions | 2020-12-08 15:44:03 |
| 434105ed-43f6-45c7-a02f-909b2ba83430 | Cost Management Contributor | Can view costs and manage cost configuration (e.g. budgets, exports) | change |
Actions | 2020-12-08 15:44:03 |
| 72fafb9e-0641-4937-9268-a91bfd8191a3 | Cost Management Reader | Can view cost data and configuration (e.g. budgets, exports) | change |
Actions | 2020-12-08 15:44:03 |
| ca6382a4-1721-4bcf-a114-ff0c70227b6b | Application Group Contributor | Contributor of the Application Group. | change |
Actions | 2020-12-07 15:13:35 |
| ca6382a4-1721-4bcf-a114-ff0c70227b6b | Application Group Contributor | Contributor of the Application Group. | add |
new Role | 2020-12-04 15:12:58 |
| 6188b7c9-7d01-4f99-a59f-c88b630326c0 | Metric Contributor | Allows for creation, writes and reads to the metric set via the metrics service APIs. | change |
DataActions | 2020-11-24 15:34:53 |
| c8d896ba-346d-4f50-bc1d-7d1c84130446 | Project Babylon Data Reader | The Microsoft.ProjectBabylon data reader can read catalog data objects. This role is in preview and subject to change. | change |
DisplayName, Description, Actions | 2020-11-23 14:37:57 |
| 05b7651b-dc44-475e-b74d-df3db49fae0f | Project Babylon Data Source Administrator | The Microsoft.ProjectBabylon data source administrator can manage data sources and data scans. This role is in preview and subject to change. | change |
DisplayName, Description, Actions | 2020-11-23 14:37:57 |
| 9ef4ef9c-a049-46b0-82ab-dd8ac094c889 | Project Babylon Data Curator | The Microsoft.ProjectBabylon data curator can create, read, modify and delete catalog data objects and establish relationships between objects. This role is in preview and subject to change. | change |
DisplayName, Description, Actions | 2020-11-23 14:37:57 |
| 200bba9e-f0c8-430f-892b-6f0794863803 | Purview Data Source Administrator Role Preview | The Microsoft.Purview data source administrator can manage data sources and data scans | change |
Actions | 2020-11-19 14:28:56 |
| ff100721-1b9d-43d8-af52-42b69c1272db | Purview Data Reader Role Preview | The Microsoft.Purview data reader can read catalog data objects | change |
Actions | 2020-11-19 14:28:56 |
| e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1 | Storage Account Backup Contributor Role | Storage Account Backup Contributors are allowed to perform backup and restore of Storage Account. | change |
Actions | 2020-11-19 14:28:56 |
| 8a3c2885-9b38-4fd2-9d99-91af537c1347 | Purview Data Curator Role Preview | The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects | change |
Actions | 2020-11-19 14:28:56 |
| 749f88d5-cbae-40b8-bcfc-e573ddc772fa | Monitoring Contributor | Can read all monitoring data and update monitoring settings. | change |
Actions | 2020-11-18 18:53:03 |
| 6188b7c9-7d01-4f99-a59f-c88b630326c0 | Metric Contributor | Allows for creation, writes and reads to the metric set via the metrics service APIs. | change |
DisplayName, DataActions | 2020-11-18 18:53:03 |
| f2f79976-90be-4501-89c6-7caf12474683 | Azure Data Cloud Lifter Management | Grants full access to manage all resources in managed Resource Group. | remove |
decommissioned Role | 2020-11-18 18:53:03 |
| c8d896ba-346d-4f50-bc1d-7d1c84130446 | Project Babylon Data Reader Role Preview | The Microsoft.ProjectBabylon data reader can read catalog data objects | add |
new Role | 2020-11-16 13:39:23 |
| ff100721-1b9d-43d8-af52-42b69c1272db | Purview Data Reader Role Preview | The Microsoft.Purview data reader can read catalog data objects | add |
new Role | 2020-11-16 13:39:23 |
| 05b7651b-dc44-475e-b74d-df3db49fae0f | Project Babylon Data Source Administrator Role Preview | The Microsoft.ProjectBabylon data source administrator can manage data sources and data scans | add |
new Role | 2020-11-16 13:39:23 |
| e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1 | Storage Account Backup Contributor Role | Storage Account Backup Contributors are allowed to perform backup and restore of Storage Account. | change |
Actions | 2020-11-16 13:39:23 |
| 200bba9e-f0c8-430f-892b-6f0794863803 | Purview Data Source Administrator Role Preview | The Microsoft.Purview data source administrator can manage data sources and data scans | add |
new Role | 2020-11-16 13:39:23 |
| 9ef4ef9c-a049-46b0-82ab-dd8ac094c889 | Project Babylon Data Curator Role Preview | The Microsoft.ProjectBabylon data curator can create, read, modify and delete catalog data objects and establish relationships between objects | add |
new Role | 2020-11-16 13:39:23 |
| 8a3c2885-9b38-4fd2-9d99-91af537c1347 | Purview Data Curator Role Preview | The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects | add |
new Role | 2020-11-16 13:39:23 |
| e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1 | Storage Account Backup Contributor Role | Storage Account Backup Contributors are allowed to perform backup and restore of Storage Account. | add |
new Role | 2020-11-13 14:22:44 |
| 6188b7c9-7d01-4f99-a59f-c88b630326c0 | Metric Contributor Service Role | Allows for creation, writes and reads to the metric set via the metrics service APIs. | add |
new Role | 2020-11-12 14:32:48 |
| b24988ac-6180-42a0-ab88-20f7382dd24c | Contributor | Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC. | change |
NotActions | 2020-11-11 15:02:47 |
| 3e150937-b8fe-4cfb-8069-0eaf05ecd056 | Azure Sentinel Responder | Azure Sentinel Responder | change |
NotActions | 2020-11-09 14:42:02 |
| ab8e14d6-4a74-4a29-9ba8-549422addade | Azure Sentinel Contributor | Azure Sentinel Contributor | change |
Actions | 2020-11-04 15:39:11 |
| 3e150937-b8fe-4cfb-8069-0eaf05ecd056 | Azure Sentinel Responder | Azure Sentinel Responder | change |
Actions | 2020-11-04 15:39:11 |
| 8d289c81-5878-46d4-8554-54e1e3d8b5cb | Azure Sentinel Reader | Azure Sentinel Reader | change |
Actions | 2020-11-04 15:39:11 |
| 5b999177-9696-4545-85c7-50de3797e5a1 | Azure Arc Kubernetes Writer | Lets you update everything in cluster/namespace, except (cluster)roles and (cluster)role bindings. | change |
DataActions, NotDataActions | 2020-11-03 14:38:31 |
| dffb1e0c-446f-4dde-a09f-99eb5cc68b96 | Azure Arc Kubernetes Admin | Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. | change |
DataActions, NotDataActions | 2020-11-03 14:38:31 |
| 63f0a09d-1495-4db4-a681-037d84835eb4 | Azure Arc Kubernetes Viewer | Lets you view all resources in cluster/namespace, except secrets. | change |
DataActions, NotDataActions | 2020-11-03 14:38:31 |
| 635dd51f-9968-44d3-b7fb-6d9a6bd613ae | AzureML Metrics Writer (preview) | Lets you write metrics to AzureML workspace | add |
new Role | 2020-10-29 15:20:50 |
| f2f79976-90be-4501-89c6-7caf12474683 | Azure Data Cloud Lifter Management | Grants full access to manage all resources in managed Resource Group. | change |
Actions | 2020-10-28 15:04:35 |
| 8508508a-4469-4e45-963b-2518ee0bb728 | AgFood Platform Service Contributor | Provides contribute access to AgFood Platform Service | change |
NotDataActions | 2020-10-27 14:13:08 |
| f7b75c60-3036-4b75-91c3-6b41c27c1689 | Reservation Purchaser | Lets you purchase reservations | add |
new Role | 2020-10-26 14:19:04 |
| fd53cd77-2268-407a-8f46-7e7863d0f521 | SignalR Serverless Contributor (Preview) | Lets your app access service in serverless mode with AAD auth options. | change |
Description, DataActions | 2020-10-23 13:31:33 |
| 7f6c6a51-bcf8-42ba-9220-52d62157d7db | Azure Kubernetes Service RBAC Reader | Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. | change |
Description, Actions, DataActions, NotDataActions | 2020-10-23 13:31:33 |
| a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb | Azure Kubernetes Service RBAC Writer | Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces. | change |
Description, Actions, DataActions, NotDataActions | 2020-10-23 13:31:33 |
| 420fcaa2-552c-430f-98ca-3264be4806c7 | SignalR App Server (Preview) | Lets your app server access SignalR Service with AAD auth options. | change |
DataActions | 2020-10-23 13:31:33 |
| 7e4f1700-ea5a-4f59-8f37-079cfe29dce3 | SignalR Service Owner (Preview) | Full access to Azure SignalR Service REST APIs | change |
DataActions | 2020-10-23 13:31:33 |
| 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 | SQL Server Contributor | Lets you manage SQL servers and databases, but not access to them, and not their security -related policies. | change |
NotActions | 2020-10-20 13:29:34 |
| 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec | SQL DB Contributor | Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers. | change |
NotActions | 2020-10-20 13:29:34 |
| 056cd41c-7e88-42e1-933e-88ba6a50c9c3 | SQL Security Manager | Lets you manage the security-related policies of SQL servers and databases, but not access to them. | change |
Actions | 2020-10-20 13:29:34 |
| f2f79976-90be-4501-89c6-7caf12474683 | Azure Data Cloud Lifter Management | Grants full access to manage all resources in managed Resource Group. | add |
new Role | 2020-10-20 13:29:34 |
| 0b555d9b-b4a7-4f43-b330-627f0e5be8f0 | Security Detonation Chamber Submitter | Allowed to create submissions to Security Detonation Chamber | add |
new Role | 2020-10-19 15:27:07 |
| ddde6b66-c0df-4114-a159-3618637b3035 | SignalR Service Reader (Preview) | Read-only access to Azure SignalR Service REST APIs | add |
new Role | 2020-10-13 13:23:37 |
| 7e4f1700-ea5a-4f59-8f37-079cfe29dce3 | SignalR Service Owner (Preview) | Full access to Azure SignalR Service REST APIs | add |
new Role | 2020-10-13 13:23:37 |
| 82200a5b-e217-47a5-b665-6d8765ee745b | Services Hub Operator | Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors. | change |
Actions | 2020-10-07 08:52:18 |
| 4fe6d683-8411-4247-8525-b6b5b8a80669 | Microsoft.ScVmm service role | Microsoft.ScVmm service role. | remove |
decommissioned Role | 2020-09-23 13:42:44 |
| 18500a29-7fe2-46b2-a342-b16a415e101d | Managed HSM contributor | Lets you manage managed HSM pools, but not access to them. | add |
new Role | 2020-09-17 14:31:34 |
| 8508508a-4469-4e45-963b-2518ee0bb728 | AgFood Platform Service Contributor | Provides contribute access to AgFood Platform Service | add |
new Role | 2020-09-14 13:55:19 |
| 4fe6d683-8411-4247-8525-b6b5b8a80669 | Microsoft.ScVmm service role | Microsoft.ScVmm service role. | add |
new Role | 2020-09-14 13:55:19 |
| 5dffeca3-4936-4216-b2bc-10343a5abb25 | Schema Registry Contributor (Preview) | Read, write, and delete Schema Registry groups and schemas. | add |
new Role | 2020-09-14 13:55:19 |
| f8da80de-1ff9-4747-ad80-a19b7f6079e3 | AgFood Platform Service Admin | Provides admin access to AgFood Platform Service | add |
new Role | 2020-09-14 13:55:19 |
| 7ec7ccdc-f61e-41fe-9aaf-980df0a44eba | AgFood Platform Service Reader | Provides read access to AgFood Platform Service | add |
new Role | 2020-09-14 13:55:19 |
| 2c56ea50-c6b3-40a6-83c0-9d98858bc7d2 | Schema Registry Reader (Preview) | Read and list Schema Registry groups and schemas. | add |
new Role | 2020-09-14 13:55:19 |
| cb43c632-a144-4ec5-977c-e80c4affc34a | Cognitive Services Metrics Advisor Administrator | Full access to the project, including the system level configuration. | add |
new Role | 2020-09-10 14:55:48 |
| 3b20f47b-3825-43cb-8114-4bd2201156a8 | Cognitive Services Metrics Advisor User | Access to the project. | add |
new Role | 2020-09-10 14:55:48 |
| 02ca0879-e8e4-47a5-a61e-5c618b76e64a | Device Update Administrator | Gives you full access to management and content operations | add |
new Role | 2020-08-23 16:02:03 |
| e4237640-0e3d-4a46-8fda-70bc94856432 | Device Update Deployments Administrator | Gives you full access to management operations | add |
new Role | 2020-08-23 16:02:03 |
| 0378884a-3af5-44ab-8323-f5b22f9f3c98 | Device Update Content Administrator | Gives you full access to content operations | add |
new Role | 2020-08-23 16:02:03 |
| 49e2f5d2-7741-4835-8efa-19e1fe35e47f | Device Update Deployments Reader | Gives you read access to management operations, but does not allow making changes | add |
new Role | 2020-08-23 16:02:03 |
| d1ee9a80-8b14-47f0-bdc2-f4a351625a7b | Device Update Content Reader | Gives you read access to content operations, but does not allow making changes | add |
new Role | 2020-08-23 16:02:03 |
| e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f | Device Update Reader | Gives you read access to management and content operations, but does not allow making changes | add |
new Role | 2020-08-23 16:02:03 |
| daa9e50b-21df-454c-94a6-a8050adab352 | Collaborative Data Contributor | Can manage data packages of a collaborative. | add |
new Role | 2020-08-14 14:27:30 |
| 00493d72-78f6-4148-b6c5-d3ce8e4799dd | Azure Arc Enabled Kubernetes Cluster User Role | List cluster user credentials action. | add |
new Role | 2020-07-29 13:49:09 |
| fd53cd77-2268-407a-8f46-7e7863d0f521 | SignalR Serverless Contributor (Preview) | Lets your app access service in serverless mode. | add |
new Role | 2020-07-29 13:49:09 |
| 420fcaa2-552c-430f-98ca-3264be4806c7 | SignalR App Server (Preview) | Lets your app server access SignalR Service with AAD Auth options. | add |
new Role | 2020-07-29 13:49:09 |
| d18777c0-1514-4662-8490-608db7d334b6 | Object Understanding Account Reader | Lets you read ingestion jobs for an object understanding account. | add |
new Role | 2020-07-24 14:41:55 |
| 82200a5b-e217-47a5-b665-6d8765ee745b | Services Hub Operator | Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors. | add |
new Role | 2020-07-21 19:48:17 |
| 3498e952-d568-435e-9b2c-8d77e338d7f7 | Azure Kubernetes Service RBAC Admin | Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. | add |
new Role | 2020-07-03 14:58:03 |
| b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b | Azure Kubernetes Service RBAC Cluster Admin | Lets you manage all resources in the cluster. | add |
new Role | 2020-07-03 14:58:03 |
| a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb | Azure Kubernetes Service RBAC Writer | Lets you update everything in cluster/namespace, except resource quotas, namespaces, pod security policies, certificate signing requests, (cluster)roles and (cluster)role bindings. | add |
new Role | 2020-07-03 14:58:03 |
| 7f6c6a51-bcf8-42ba-9220-52d62157d7db | Azure Kubernetes Service RBAC Reader | Lets you view all resources in cluster/namespace, except secrets. | add |
new Role | 2020-07-03 14:58:03 |
| 63f0a09d-1495-4db4-a681-037d84835eb4 | Azure Arc Kubernetes Viewer | Lets you view all resources in cluster/namespace, except secrets. | add |
new Role | 2020-06-15 15:35:59 |
| 5b999177-9696-4545-85c7-50de3797e5a1 | Azure Arc Kubernetes Writer | Lets you update everything in cluster/namespace, except (cluster)roles and (cluster)role bindings. | add |
new Role | 2020-06-15 15:35:59 |
| 8393591c-06b9-48a2-a542-1bd6b377f6a2 | Azure Arc Kubernetes Cluster Admin | Lets you manage all resources in the cluster. | add |
new Role | 2020-06-15 15:35:59 |
| dffb1e0c-446f-4dde-a09f-99eb5cc68b96 | Azure Arc Kubernetes Admin | Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. | add |
new Role | 2020-06-15 15:35:59 |
| e147488a-f6f5-4113-8e2d-b22465e65bf6 | Key Vault Crypto Service Encryption (preview) | Can read metadata of keys and perform wrap/unwrap operations. | add |
new Role | 2020-05-21 16:07:05 |
| a4417e6f-fecd-4de8-b567-7b0420556985 | Key Vault Certificates Officer (preview) | Can perform any action on the certificates of a key vault, except manage permissions. | add |
new Role | 2020-05-19 20:42:36 |
| b86a8fe4-44ce-4948-aee5-eccb2c155cd7 | Key Vault Secrets Officer (preview) | Can perform any action on the secrets of a key vault, except manage permissions. | add |
new Role | 2020-05-19 20:42:36 |
| 14b46e9e-c2b7-41b4-b07b-48a6ebf60603 | Key Vault Crypto Officer (preview) | Can perform any action on the keys of a key vault, except manage permissions. | add |
new Role | 2020-05-19 20:42:36 |
| 12338af0-0e69-4776-bea7-57ae8d297424 | Key Vault Crypto User (preview) | Can perform cryptographic operations on keys and certificates. | add |
new Role | 2020-05-19 20:42:36 |
| 00482a5a-887f-4fb3-b363-3b7fe8e74483 | Key Vault Administrator (preview) | Can perform any action on certificates, keys and secrets of a key vault, except manage permissions. | add |
new Role | 2020-05-19 20:42:36 |
| 4633458b-17de-408a-b874-0445c86b69e6 | Key Vault Secrets User (preview) | Can read secret contents. | add |
new Role | 2020-05-19 20:42:36 |
| 21090545-7ca7-4776-b22c-e363652d74d2 | Key Vault Reader (preview) | Can read metadata of key vaults and its certificates, keys and secrets. Cannot read sensitive values such as secret contents or key material. | add |
new Role | 2020-05-19 20:42:36 |
| 88424f51-ebe7-446f-bc41-7fa16989e96c | Cognitive Services Custom Vision Labeler | View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags. | add |
new Role | 2020-05-09 14:57:51 |
| c1ff6cc2-c111-46fe-8896-e0ef812ad9f3 | Cognitive Services Custom Vision Contributor | Full access to the project, including the ability to view, create, edit, or delete projects. | add |
new Role | 2020-05-09 14:57:51 |
| 0a5ae4ab-0d65-4eeb-be61-29fc9b54394b | Cognitive Services Custom Vision Trainer | View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can't create or delete the project. | add |
new Role | 2020-05-09 14:57:51 |
| 93586559-c37d-4a6b-ba08-b9f0940c2d73 | Cognitive Services Custom Vision Reader | Read-only actions in the project. Readers can't create or update the project. | add |
new Role | 2020-05-09 14:57:51 |
| 5c4089e1-6d96-4d2f-b296-c1bc7137275f | Cognitive Services Custom Vision Deployment | Publish, unpublish or export models. Deployment can view the project but can't update. | add |
new Role | 2020-05-09 14:57:51 |
| 8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204 | Azure Maps Data Contributor | Grants access to read, write, and delete access to map related data from an Azure maps account. | add |
new Role | 2020-05-08 05:22:07 |
| f4cc2bf9-21be-47a1-bdf1-5c5804381025 | Cognitive Services QnA Maker Editor | Let's you create, edit, import and export a KB. You cannot publish or delete a KB. | change |
DisplayName | 2020-05-04 15:11:45 |
| 466ccd10-b268-4a11-b098-b4849f024126 | Cognitive Services QnA Maker Reader | Let's you read and test a KB only. | change |
DisplayName | 2020-05-04 15:11:45 |
| 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa | Azure Maps Data Reader | Grants access to read map related data from an Azure maps account. | change |
DisplayName | 2020-04-29 16:42:26 |
| aefefa01-2a29-4197-83a8-2828f33ce315 | Tenant registration role | Service role used by RP's for tenant level registration | remove |
decommissioned Role | 2020-04-24 19:20:22 |
| aefefa01-2a29-4197-83a8-2828f33ce315 | Tenant registration role | Service role used by RP's for tenant level registration | add |
new Role | 2020-04-23 15:06:19 |
| 70ea1423-466c-4e7b-a2ee-f1206ef2072d | Experiment Contributor | Experiment Contributor | remove |
decommissioned Role | 2020-04-23 15:06:19 |
| 49632ef5-d9ac-41f4-b8e7-bbe587fa74a1 | Experimentation Reader | Experimentation Reader | change |
DisplayName | 2020-04-23 15:06:19 |
| ed4b1625-bac7-4b49-8578-127fc3440d25 | Experiment Administrator | Experiment Administrator | remove |
decommissioned Role | 2020-04-23 15:06:19 |
| 4dd61c23-6743-42fe-a388-d8bdd41cb745 | Object Understanding Account Owner | Provides user with ingestion capabilities for Azure Object Understanding. | add |
new Role | 2020-04-23 15:06:19 |
| 49632ef5-d9ac-41f4-b8e7-bbe587fa74a1 | Experiment Operator | Experiment Operator | change |
DisplayName | 2020-03-28 01:22:25 |
| b879ac78-f1e6-448d-ab4c-5908cd5967c1 | VSOnline Virtual Network Service Role | This role will have access to customer's virtual networks, nics, and public ips. It used by VSOnline to deploy VMs into customer's virtual network | remove |
decommissioned Role | 2020-03-28 01:22:25 |
| 49632ef5-d9ac-41f4-b8e7-bbe587fa74a1 | Experimentation Operator | Experiment Operator | add |
new Role | 2020-03-26 18:26:05 |
| ed4b1625-bac7-4b49-8578-127fc3440d25 | Experiment Administrator | Experiment Administrator | add |
new Role | 2020-03-26 18:26:05 |
| 70ea1423-466c-4e7b-a2ee-f1206ef2072d | Experiment Contributor | Experiment Contributor | add |
new Role | 2020-03-26 18:26:05 |
| 3db33094-8700-4567-8da5-1501d4e7e843 | FHIR Data Exporter | Role allows user or principal to read FHIR Data | add |
new Role | 2020-03-18 07:39:13 |
| 4c8d0bbc-75d3-4935-991f-5f3c56d81508 | FHIR Data Reader | Role allows user or principal to read FHIR Data | add |
new Role | 2020-03-18 07:39:13 |
| 3f88fce4-5892-4214-ae73-ba5294559913 | FHIR Data Writer | Role allows user or principal to read and write FHIR Data | add |
new Role | 2020-03-18 07:39:13 |
| 5a1fc7df-4bf1-4951-a576-89034ee01acd | FHIR Data Contributor | Role allows user or principal full access to FHIR Data | add |
new Role | 2020-03-18 07:39:13 |
| b879ac78-f1e6-448d-ab4c-5908cd5967c1 | VSOnline Virtual Network Service Role | This role will have access to customer's virtual networks, nics, and public ips. It used by VSOnline to deploy VMs into customer's virtual network | add |
new Role | 2020-03-14 15:10:08 |
| 350f8d15-c687-4448-8ae1-157740a3936d | Hierarchy Settings Administrator | Allows users to edit and delete Hierarchy Settings | add |
new Role | 2020-03-14 15:10:08 |
| d57506d4-4c8d-48b1-8587-93c323f6a5a3 | Azure Digital Twins Reader (Preview) | Read-only role for Digital Twins data-plane properties | add |
new Role | 2020-03-11 05:47:56 |
| bcd981a7-7f74-457b-83e1-cceb9e632ffe | Azure Digital Twins Owner (Preview) | Full access role for Digital Twins data-plane | add |
new Role | 2020-03-11 05:47:56 |
| ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8 | Azure Kubernetes Service Contributor Role | Grants access to read and write Azure Kubernetes Service clusters | add |
new Role | 2020-02-28 09:58:27 |
| dd920d6d-f481-47f1-b461-f338c46b2d9f | Marketplace Admin | Administrator of marketplace resource provider | add |
new Role | 2020-02-27 09:26:20 |
| a41e2c5b-bd99-4a07-88f4-9bf657a760b8 | Integration Service Environment Contributor | Lets you manage integration service environments, but not access to them. | add |
new Role | 2020-02-21 00:11:51 |
| c7aa55d3-1abb-444a-a5ca-5e51e485d6ec | Integration Service Environment Developer | Allows developers to create and update workflows, integration accounts and API connections in integration service environments. | add |
new Role | 2020-02-21 00:11:51 |
| 4a9ae827-6dc8-4573-8ac7-8239d42aa03f | Tag Contributor | Lets you manage tags on entities, without providing access to the entities themselves. | add |
new Role | 2020-02-19 09:00:33 |
| 612c2aa1-cb24-443b-ac28-3ab7272de6f5 | Security Assessment Contributor | Lets you push assessments to Security Center | add |
new Role | 2020-02-13 13:58:05 |
| 34e09817-6cbe-4d01-b1a2-e0eac5743d41 | Kubernetes Cluster - Azure Arc Onboarding | Role definition to authorize any user/service to create connectedClusters resource | change |
DisplayName | 2020-02-11 08:11:18 |
| 641177b8-a67a-45b9-a033-47bc880bb21e | Managed Application Contributor Role | Allows for creating managed application resources. | add |
new Role | 2020-02-08 03:50:49 |
| 0b072326-6884-49b7-a53d-ae6aa62260ff | MLC Service Role | This role defines permissions for control plane actions by the Machine Learning Compute (MLC) service. | remove |
decommissioned Role | 2020-01-30 21:07:35 |
| 3df8b902-2a6f-47c7-8cc5-360e9b272a7e | Remote Rendering Administrator | Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering | add |
new Role | 2020-01-24 05:21:10 |
| d39065c4-c120-43c9-ab0a-63eed9795f0a | Remote Rendering Client | Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. | add |
new Role | 2020-01-24 05:21:10 |
| 7f646f1b-fa08-80eb-a33b-edd6ce5c915c | Experimentation Administrator | Experimentation Administrator | add |
new Role | 2019-12-19 07:49:46 |
| 466ccd10-b268-4a11-b098-b4849f024126 | QnA Maker Reader | add |
new Role | 2019-12-18 15:43:34 | |
| f4cc2bf9-21be-47a1-bdf1-5c5804381025 | QnA Maker Editor | add |
new Role | 2019-12-18 15:43:34 | |
| 7f646f1b-fa08-80eb-a22b-edd6ce5c915c | Experimentation Contributor | Experimentation Contributor | add |
new Role | 2019-12-17 15:43:46 |
| 34e09817-6cbe-4d01-b1a2-e0eac5743d41 | Kubernetes Cluster - Azure Arc Onborading | Role definition to authorize any user/service to create connectedClusters resource | change |
DisplayName | 2019-12-13 11:23:49 |
| 0b072326-6884-49b7-a53d-ae6aa62260ff | MLC Service Role | This role defines permissions for control plane actions by the Machine Learning Compute (MLC) service. | add |
new Role | 2019-11-26 15:41:35 |
| 36243c78-bf99-498c-9df9-86d9f8d28608 | Resource Policy Contributor | Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. | change |
DisplayName | 2019-11-20 21:32:41 |
| 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b | App Configuration Data Owner | Allows full access to App Configuration data. | add |
new Role | 2019-10-26 02:15:31 |
| 516239f1-63e1-4d78-a4de-a74fb236a071 | App Configuration Data Reader | Allows read access to App Configuration data. | add |
new Role | 2019-10-26 02:15:31 |
| 91c1777a-f3dc-4fae-b103-61d183457e46 | Managed Services Registration assignment Delete Role | Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. | add |
new Role | 2019-10-24 02:15:32 |
| b64e21ea-ac4e-4cdf-9dc9-5b892992bee7 | Azure Connected Machine Onboarding | Can onboard Azure Connected Machines. | add |
new Role | 2019-10-24 02:15:32 |
| cd570a14-e51a-42ad-bac8-bafd67325302 | Azure Connected Machine Resource Administrator | Can read, write, delete and re-onboard Azure Connected Machines. | add |
new Role | 2019-10-24 02:15:32 |
| 7f646f1b-fa07-40eb-a22b-edd6ce5c915c | Altretya test Service Role | Altretya test | remove |
decommissioned Role | 2019-10-24 02:15:32 |
| 7f646f1b-fa07-40eb-a22b-edd6ce5c915c | Altretya test Service Role | Altretya test | add |
new Role | 2019-10-07 13:33:12 |