last sync: 2023-Jun-07 17:44:45 UTC

Changes on Azure RBAC Role definitions

Id DisplayName Description Subject Details (UTC ymd) (i)
1f135831-5bbe-4924-9016-264044c00788 Windows365NetworkInterfaceContributor Create NICs and join it to virtual machine in another tenant. This role is used in Windows365 scenarios. change
2023-06-06 18:29:25
Actions
7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 Azure Center for SAP solutions administrator This role provides read and write access to all capabilities of Azure Center for SAP solutions. change
2023-06-06 18:29:25
Actions
05352d14-a920-4328-a0de-4cbe7430e26b Azure Center for SAP solutions reader This role provides read access to all capabilities of Azure Center for SAP solutions. change
2023-06-06 18:29:25
Actions
5e0bd9bd-7b93-4f28-af87-19fc36ad61bd Cognitive Services OpenAI User Ability to view files, models, deployments. Readers can't make any changes They can inference change
2023-05-31 17:45:21
DataActions
f6c7c914-8db3-469d-8ca1-694a8f32e121 AzureML Data Scientist Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself. change
2023-05-31 17:45:21
Actions, NotActions
ffc6bbe0-e443-4c3b-bf54-26581bb2f78e App Compliance Automation Reader Read, download the reports objects and related other resource objects. change
2023-05-30 17:42:57
Description, Actions
5e28a61e-8040-49db-b175-bb5b88af6239 Community Owner Role Community Owner Role to access the resources of Microsoft.Mission stored with RPSAAS. add
2023-05-29 17:43:01
Role
0f37683f-2463-46b6-9ce7-9b788b988ba2 App Compliance Automation Administrator Create, read, download, modify and delete reports objects and related other resource objects. change
2023-05-26 17:43:10
Actions
c0781e91-8102-4553-8951-97c6d4243cda Azure Arc ScVmm Private Cloud User Azure Arc ScVmm Private Cloud User has permissions to use the ScVmm resources to deploy VMs. change
2023-05-22 17:42:39
Actions
e582369a-e17b-42a5-b10c-874c387c530b Azure Arc ScVmm VM Contributor Arc ScVmm VM Contributor has permissions to perform all VM actions. change
2023-05-22 17:42:39
Actions
6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9 Azure Arc ScVmm Private Clouds Onboarding Azure Arc ScVmm Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vmm server instances to Azure. change
2023-05-22 17:42:39
Actions
00c29273-979b-4161-815c-10b084fb9324 Backup Operator Lets you manage backup services, except removal of backup, vault creation and giving access to others change
2023-05-22 17:42:39
Actions
a92dfd61-77f9-4aec-a531-19858b406c87 Azure Arc ScVmm Administrator role Arc ScVmm VM Administrator has permissions to perform all ScVmm actions. change
2023-05-22 17:42:39
Actions
a795c7a0-d4a2-40c1-ae25-d81f01202912 Backup Reader Can view backup services, but can't make changes change
2023-05-19 17:43:13
Actions
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backup service,but can't create vaults and give access to others change
2023-05-19 17:43:13
Actions
36243c78-bf99-498c-9df9-86d9f8d28608 Resource Policy Contributor Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. change
2023-05-17 17:42:19
Actions
0f37683f-2463-46b6-9ce7-9b788b988ba2 App Compliance Automation Administrator Create, read, download, modify and delete reports objects and related other resource objects. change
2023-05-17 17:42:19
Description, Actions
7ac06ca7-21ca-47e3-a67b-cbd6e6223baf Cognitive Search Serverless Data Contributor Create, read, modify and delete Cognitive Search serverless index schema and documents. This role is in preview and subject to change. add
2023-05-16 17:42:34
Role
79b01272-bf9f-4f4c-9517-5506269cf524 Cognitive Search Serverless Data Reader Read Cognitive Search serverless index schema and documents. This role is in preview and subject to change. add
2023-05-16 17:42:34
Role
d18ad5f3-1baf-4119-b49b-d944edb1f9d0 MySQL Backup And Export Operator Grants full access to manage backup and export resources change
2023-05-15 17:41:20
Actions
6d994134-994b-4a59-9974-f479f0b227fb Azure Sphere Publisher Allows user to read and download Azure Sphere resources and upload images. change
2023-05-15 17:41:20
Actions
c8ae6279-5a0b-4cb2-b3f0-d4d62845742c Azure Sphere Reader Allows user to read Azure Sphere resources. change
2023-05-15 17:41:20
Actions
e9b8712a-cbcf-4ea7-b0f7-e71b803401e6 SaaS Hub Contributor SaaS Hub contributor can manage SaaS Hub resource add
2023-05-15 17:41:20
Role
f5819b54-e033-4d82-ac66-4fec3cbf3f4c Azure Connected Machine Resource Manager Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group change
2023-05-12 17:41:49
Actions
3498e952-d568-435e-9b2c-8d77e338d7f7 Azure Kubernetes Service RBAC Admin Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. change
2023-05-10 17:43:09
DataActions, NotDataActions
0f37683f-2463-46b6-9ce7-9b788b988ba2 App Compliance Automation Administrator App Compliance Automation Administrator Role change
2023-05-09 17:44:18
Actions
6d994134-994b-4a59-9974-f479f0b227fb Azure Sphere Publisher Allows user to read and download Azure Sphere resources and upload images. add
2023-05-08 17:44:42
Role
c8ae6279-5a0b-4cb2-b3f0-d4d62845742c Azure Sphere Reader Allows user to read Azure Sphere resources. add
2023-05-08 17:44:42
Role
3498e952-d568-435e-9b2c-8d77e338d7f7 Azure Kubernetes Service RBAC Admin Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. change
2023-05-08 17:44:42
DataActions, NotDataActions
8b9dfcab-4b77-4632-a6df-94bd07820648 Azure Sphere Contributor Allows user read and write access to Azure Sphere resources. change
2023-05-08 17:44:42
Actions
8b9dfcab-4b77-4632-a6df-94bd07820648 Azure Sphere Contributor Allows user read and write access to Azure Sphere resources. add
2023-05-02 17:41:10
Role
7f6c6a51-bcf8-42ba-9220-52d62157d7db Azure Kubernetes Service RBAC Reader Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. change
2023-04-25 17:42:26
DataActions
a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb Azure Kubernetes Service RBAC Writer Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces. change
2023-04-25 17:42:26
DataActions
0f37683f-2463-46b6-9ce7-9b788b988ba2 App Compliance Automation Administrator App Compliance Automation Administrator Role change
2023-04-24 17:40:59
Actions
7eabc9a4-85f7-4f71-b8ab-75daaccc1033 Windows365NetworkUser Read the virtual network informations, and join the virtual network to virtual machine in another tenant. This role is used in Windows365 scenarios. change
2023-04-18 17:44:30
Actions
d5a2ae44-610b-4500-93be-660a0c5f5ca6 Kubernetes Agentless Operator Grants Microsoft Defender for Cloud access to Azure Kubernetes Services change
2023-04-17 17:43:03
Actions
ffc6bbe0-e443-4c3b-bf54-26581bb2f78e App Compliance Automation Reader App Compliance Automation Reader Role add
2023-04-14 17:43:17
Role
0f37683f-2463-46b6-9ce7-9b788b988ba2 App Compliance Automation Administrator App Compliance Automation Administrator Role add
2023-04-14 17:43:17
Role
5e0bd9bd-7b93-4f28-af87-19fc36ad61bd Cognitive Services OpenAI User Ability to view files, models, deployments. Readers can't make any changes They can inference change
2023-04-12 17:42:01
DataActions
b8eda974-7b85-4f76-af95-65846b26df6d Storage File Data Privileged Reader Customer has read access on Azure Storage file shares. change
2023-04-10 17:41:51
DataActions
69566ab7-960f-475b-8e7c-b3118f30c6bd Storage File Data Privileged Contributor Customer has read, write, delete and modify NTFS permission access on Azure Storage file shares. change
2023-04-10 17:41:51
DataActions
d5a2ae44-610b-4500-93be-660a0c5f5ca6 Kubernetes Agentless Operator Grants Microsoft Defender for Cloud access to Azure Kubernetes Services change
2023-04-07 17:41:18
Actions
d6470a16-71bd-43ab-86b3-6f3a73f4e787 Azure Maps Power BI Service Role This role can be used to assign read and batch actions on Azure Maps. add
2023-04-04 17:42:37
Role
69566ab7-960f-475b-8e7c-b3118f30c6bd Storage File Data Privileged Contributor Customer has read, write, delete and modify NTFS permission access on Azure Storage file shares. add
2023-04-03 17:54:29
Role
b8eda974-7b85-4f76-af95-65846b26df6d Storage File Data Privileged Reader Customer has read access on Azure Storage file shares. add
2023-04-03 17:54:29
Role
bda0d508-adf1-4af0-9c28-88919fc3ae06 Azure Stack HCI registration role Custom Azure role to allow subscription-level access to register Azure Stack HCI change
2023-03-29 17:43:30
Actions
45d50f46-0b78-4001-a660-4198cbe8cd05 DevCenter Dev Box User Provides access to create and manage dev boxes. change
2023-03-27 17:43:06
Actions, DataActions
3d55a8f6-4133-418d-8051-facdb1735758 Windows365SubscriptionReader Read subscriptions, images, azure firewalls. This role is used in Windows365 scenarios. add
2023-03-27 17:43:06
Role
1f135831-5bbe-4924-9016-264044c00788 Windows365NetworkInterfaceContributor Create NICs and join it to virtual machine in another tenant. This role is used in Windows365 scenarios. add
2023-03-27 17:43:06
Role
7eabc9a4-85f7-4f71-b8ab-75daaccc1033 Windows365NetworkUser Read the virtual network informations, and join the virtual network to virtual machine in another tenant. This role is used in Windows365 scenarios. add
2023-03-27 17:43:06
Role
9894cab4-e18a-44aa-828b-cb588cd6f2d7 Cognitive Services Face Recognizer Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices. change
2023-03-24 19:17:30
DataActions
ef1c2c96-4a77-49e8-b9a4-6179fe1d2fd2 API Management Workspace Reader Has read-only access to entities in the workspace. This role should be assigned on the workspace scope. add
2023-03-22 18:43:07
Role
56328988-075d-4c6a-8766-d93edd6725b6 API Management Workspace API Developer Has read access to entities in the workspace and read and write access to entities for editing APIs. This role should be assigned on the workspace scope. add
2023-03-22 18:43:07
Role
d59a3e9c-6d52-4a5a-aeed-6bf3cf0e31da API Management Service Workspace API Product Manager Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope. add
2023-03-22 18:43:07
Role
9565a273-41b9-4368-97d2-aeb0c976a9b3 API Management Service Workspace API Developer Has read access to tags and products and write access to allow: assigning APIs to products, assigning tags to products and APIs. This role should be assigned on the service scope. add
2023-03-22 18:43:07
Role
73c2c328-d004-4c5e-938c-35c6f5679a1f API Management Workspace API Product Manager Has read access to entities in the workspace and read and write access to entities for publishing APIs. This role should be assigned on the workspace scope. add
2023-03-22 18:43:07
Role
0c34c906-8d99-4cb7-8bb7-33f5b0a1a799 API Management Workspace Contributor Can manage the workspace and view, but not modify its members. This role should be assigned on the workspace scope. add
2023-03-22 18:43:07
Role
c4bc862a-3b64-4a35-a021-a380c159b042 Bayer Ag Powered Services GDU Solution Provide access to GDU Solution by Bayer Ag Powered Services change
2023-03-20 18:43:03
DisplayName, DataActions
ef29765d-0d37-4119-a4f8-f9f9902c9588 Bayer Ag Powered Services Imagery Solution Provide access to Imagery Solution by Bayer Ag Powered Services change
2023-03-20 18:43:03
DisplayName, DataActions
7392c568-9289-4bde-aaaa-b7131215889d Azure Extension for SQL Server Deployment Microsoft.AzureArcData service role to enable deployment of Azure Extension for SQL Server change
2023-03-17 18:44:06
Actions
bda0d508-adf1-4af0-9c28-88919fc3ae06 Azure Stack HCI registration role Custom Azure role to allow subscription-level access to register Azure Stack HCI change
2023-03-16 18:42:42
Actions
f6c7c914-8db3-469d-8ca1-694a8f32e121 AzureML Data Scientist Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself. change
2023-03-14 18:45:47
Actions
a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2 LocalNGFirewallAdministrator role Allows user to create, modify, describe, or delete NGFirewalls. change
2023-03-14 18:45:47
Actions
7392c568-9289-4bde-aaaa-b7131215889d Azure Extension for SQL Server Deployment Microsoft.AzureArcData service role to enable deployment of Azure Extension for SQL Server add
2023-03-10 20:21:10
Role
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them. change
2023-03-03 18:43:27
Actions
7628b7b8-a8b2-4cdc-b46f-e9b35248918e Cognitive Services Language Reader Has access to Read and Test functions under Language portal change
2023-03-01 18:49:20
DataActions
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backup service,but can't create vaults and give access to others change
2023-02-27 18:48:02
Actions
d5a2ae44-610b-4500-93be-660a0c5f5ca6 Kubernetes Agentless Operator Grants Microsoft Defender for Cloud access to Azure Kubernetes Services add
2023-02-24 18:48:53
Role
a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2 LocalNGFirewallAdministrator role Allows user to create, modify, describe, or delete NGFirewalls. change
2023-02-22 18:54:52
Actions
1d335eef-eee1-47fe-a9e0-53214eba8872 SqlMI Migration Role Role for SqlMI migration add
2023-02-22 18:54:52
Role
189207d4-bb67-4208-a635-b06afe8b2c57 SqlDb Migration Role Role for SqlDb migration add
2023-02-22 18:54:52
Role
ae8036db-e102-405b-a1b9-bae082ea436d SqlVM Migration Role Role for SqlVM migration add
2023-02-22 18:54:52
Role
bfc3b73d-c6ff-45eb-9a5f-40298295bf20 LocalRulestacksAdministrator role Allows users to create, modify, describe, or delete Rulestacks. change
2023-02-22 18:54:52
Actions
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backup service,but can't create vaults and give access to others change
2023-02-17 18:39:13
Actions
a9b99099-ead7-47db-8fcf-072597a61dfa Bayer Ag Powered Services CWUM Solution Service Role Provide access to CWUM Solution by Bayer Ag Powered Services add
2023-02-16 18:41:08
Role
d18ad5f3-1baf-4119-b49b-d944edb1f9d0 MySQL Backup And Export Operator Grants full access to manage backup and export resources add
2023-02-15 18:39:56
Role
bfc3b73d-c6ff-45eb-9a5f-40298295bf20 LocalRulestacksAdministrator role Allows users to create, modify, describe, or delete Rulestacks. add
2023-02-13 18:41:36
Role
4e9b8407-af2e-495b-ae54-bb60a55b1b5a Chamber Admin Lets you manage everything under your Modeling and Simulation Workbench chamber. change
2023-02-13 18:41:36
Actions, NotActions, DataActions
a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2 LocalNGFirewallAdministrator role Allows user to create, modify, describe, or delete NGFirewalls. add
2023-02-13 18:41:36
Role
4447db05-44ed-4da3-ae60-6cbece780e32 Chamber User Lets you view everything under your Modeling and Simulation Workbench chamber, but not make any changes. change
2023-02-13 18:41:36
Actions, DataActions
1afdec4b-e479-420e-99e7-f82237c7c5e6 Azure Kubernetes Service Cluster Monitoring User List cluster monitoring user credential action. change
2023-02-07 18:38:52
Actions
bda0d508-adf1-4af0-9c28-88919fc3ae06 Azure Stack HCI registration role Custom Azure role to allow subscription-level access to register Azure Stack HCI add
2023-02-06 18:40:05
Role
7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 Azure Center for SAP solutions administrator This role provides read and write access to all capabilities of Azure Center for SAP solutions. change
2023-02-06 18:40:05
Actions, DataActions
5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b App Configuration Data Owner Allows full access to App Configuration data. change
2023-02-06 18:40:05
DataActions
0f99d363-226e-4dca-9920-b807cf8e1a5f Azure Front Door Domain Reader Can view Azure Front Door domains, but can't make changes. add
2023-02-03 18:39:00
Role
3f2eb865-5811-4578-b90a-6fc6fa0df8e5 Azure Front Door Secret Contributor Can manage Azure Front Door secrets, but can't grant access to other users. add
2023-02-03 18:39:00
Role
0105a6b0-4bb9-43d2-982a-12806f9faddb Azure Center for SAP solutions Service role for management This role has permissions that the user assigned managed identity must have to enable registration for the existing systems. add
2023-02-03 18:39:00
Role
6d949e1d-41e2-46e3-8920-c6e4f31a8310 Azure Center for SAP solutions Management role This role has permissions which allow users to register existing systems, view and manage systems. add
2023-02-03 18:39:00
Role
0db238c4-885e-4c4f-a933-aa2cef684fca Azure Front Door Secret Reader Can view Azure Front Door secrets, but can't make changes. add
2023-02-03 18:39:00
Role
0ab34830-df19-4f8c-b84e-aa85b8afa6e8 Azure Front Door Domain Contributor Can manage Azure Front Door domains, but can't grant access to other users. add
2023-02-03 18:39:00
Role
05352d14-a920-4328-a0de-4cbe7430e26b Azure Center for SAP solutions reader This role provides read access to all capabilities of Azure Center for SAP solutions. change
2023-02-03 18:39:00
Actions
aabbc5dd-1af0-458b-a942-81af88f9c138 Azure Center for SAP solutions service role Azure Center for SAP solutions service role - This role is intended to be used for providing the permissions to user assigned managed identity. Azure Center for SAP solutions will use this identity to deploy and manage SAP systems. change
2023-02-03 18:39:00
Actions
f0310ce6-e953-4cf8-b892-fb1c87eaf7f6 Azure Usage Billing Data Sender Azure Usage Billing shared BuiltIn role to be used for all Customer Account Authentication add
2023-01-30 18:40:55
Role
8508508a-4469-4e45-963b-2518ee0bb728 AgFood Platform Service Contributor Provides contribute access to AgFood Platform Service change
2023-01-24 18:06:32
NotDataActions
ef29765d-0d37-4119-a4f8-f9f9902c9588 Bayer Ag Powered Services Imagery Solution Service Role Provide access to Imagery Solution by Bayer Ag Powered Services add
2023-01-19 18:07:47
Role
c4bc862a-3b64-4a35-a021-a380c159b042 Bayer Ag Powered Services GDU Solution Service Role Provide access to GDU Solution by Bayer Ag Powered Services add
2023-01-19 18:07:47
Role
aabbc5dd-1af0-458b-a942-81af88f9c138 Azure Center for SAP solutions service role Azure Center for SAP solutions service role - This role is intended to be used for providing the permissions to user assigned managed identity. Azure Center for SAP solutions will use this identity to deploy and manage SAP systems. change
2023-01-18 18:07:15
Actions
7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 Azure Center for SAP solutions administrator This role provides read and write access to all capabilities of Azure Center for SAP solutions. change
2023-01-18 18:07:15
Actions
05352d14-a920-4328-a0de-4cbe7430e26b Azure Center for SAP solutions reader This role provides read access to all capabilities of Azure Center for SAP solutions. change
2023-01-18 18:07:15
Actions
4447db05-44ed-4da3-ae60-6cbece780e32 Chamber User Lets you view everything under your Modeling and Simulation Workbench chamber, but not make any changes. change
2023-01-16 18:05:52
Description, Actions, DataActions
230815da-be43-4aae-9cb4-875f7bd000aa Cosmos DB Operator Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings. change
2023-01-16 18:05:52
NotActions
4e9b8407-af2e-495b-ae54-bb60a55b1b5a Chamber Admin Lets you manage everything under your Modeling and Simulation Workbench chamber. change
2023-01-16 18:05:52
Description, Actions, NotActions, DataActions
45d50f46-0b78-4001-a660-4198cbe8cd05 DevCenter Dev Box User Provides access to create and manage dev boxes. change
2023-01-12 18:29:24
DataActions
ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b ContainerApp Reader View all containerapp resources, but does not allow you to make any changes. add
2023-01-02 18:09:36
Role
8508508a-4469-4e45-963b-2518ee0bb728 AgFood Platform Service Contributor Provides contribute access to AgFood Platform Service change
2022-12-13 17:44:15
NotDataActions
7ec7ccdc-f61e-41fe-9aaf-980df0a44eba AgFood Platform Service Reader Provides read access to AgFood Platform Service change
2022-12-13 17:44:15
DataActions
e8ddcd69-c73f-4f9f-9844-4100522f16ad Workbook Contributor Can save shared workbooks. change
2022-12-12 17:45:20
Actions
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them. change
2022-12-12 17:45:20
Actions
b279062a-9be3-42a0-92ae-8b3cf002ec4d Workbook Reader Can read workbooks. change
2022-12-12 17:45:20
Actions
51d6186e-6489-4900-b93f-92e23144cca5 Microsoft Sentinel Playbook Operator Microsoft Sentinel Playbook Operator change
2022-12-08 17:44:50
Actions
4ba50f17-9666-485c-a643-ff00808643f0 FHIR SMART User Role allows user to access FHIR Service according to SMART on FHIR specification change
2022-12-08 17:44:50
DataActions
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator. change
2022-12-08 17:44:50
Actions, DataActions
0e5f05e5-9ab9-446b-b98d-1e2157c94125 Quota Request Operator Read and create quota requests, get quota request status, and create support tickets. change
2022-12-08 17:44:50
DisplayName, Description, Actions
1afdec4b-e479-420e-99e7-f82237c7c5e6 Azure Kubernetes Service Cluster Monitoring User List cluster monitoring user credential action. add
2022-11-16 17:42:38
Role
f5819b54-e033-4d82-ac66-4fec3cbf3f4c Azure Connected Machine Resource Manager Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group change
2022-11-16 17:42:38
Actions
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them. change
2022-11-16 17:42:38
Actions
f5819b54-e033-4d82-ac66-4fec3cbf3f4c Azure Connected Machine Resource Manager Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group add
2022-11-15 17:42:13
Role
05352d14-a920-4328-a0de-4cbe7430e26b Azure Center for SAP solutions reader This role provides read access to all capabilities of Azure Center for SAP solutions. add
2022-11-14 17:43:02
Role
ce551c02-7c42-47e0-9deb-e3b6fc3a9a83 Azure Arc VMware Private Cloud User Azure Arc VMware Private Cloud User has permissions to use the VMware cloud resources to deploy VMs. change
2022-11-14 17:43:02
Actions
36e80216-a7e8-4f42-a7e1-f12c98cbaf8a Impact Reporter Allows access to create/report, read and delete impacts add
2022-11-14 17:43:02
Role
aabbc5dd-1af0-458b-a942-81af88f9c138 Azure Center for SAP solutions service role Azure Center for SAP solutions service role - This role is intended to be used for providing the permissions to user assigned managed identity. Azure Center for SAP solutions will use this identity to deploy and manage SAP systems. add
2022-11-14 17:43:02
Role
7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7 Azure Center for SAP solutions administrator This role provides read and write access to all capabilities of Azure Center for SAP solutions. add
2022-11-14 17:43:02
Role
68ff5d27-c7f5-4fa9-a21c-785d0df7bd9e Impact Reader Allows read-only access to reported impacts and impact categories add
2022-11-14 17:43:02
Role
2837e146-70d7-4cfd-ad55-7efa6464f958 CodeSigning Certificate Profile Signer Sign files with a certificate profile. This role is in preview and subject to change. change
2022-11-03 17:41:51
Actions
4339b7cf-9826-4e41-b4ed-c7f4505dac08 Code Signing Identity Verifier Manage identity or business verification requests. This role is in preview and subject to change. change
2022-11-02 17:41:52
Actions
fbc52c3f-28ad-4303-a892-8a056630b8f1 Azure Traffic Controller Configuration Manager Allows access to traffic controller resource. Also allows all confiuration Updates on traffic controller add
2022-10-28 16:42:56
Role
5e0bd9bd-7b93-4f28-af87-19fc36ad61bd Cognitive Services OpenAI User Ability to view files, models, deployments. Readers can't make any changes They can inference add
2022-10-27 16:42:48
Role
a001fd3d-188f-4b5d-821b-7da978bf7442 Cognitive Services OpenAI Contributor Full access including the ability to fine-tune, deploy and generate text add
2022-10-27 16:42:48
Role
6b77f0a0-0d89-41cc-acd1-579c22c17a67 AgFood Platform Sensor Partner Contributor Provides contribute access to manage sensor related entities in AgFood Platform Service change
2022-10-27 16:42:48
DataActions, NotDataActions
4447db05-44ed-4da3-ae60-6cbece780e32 Chamber User Lets you view everything under your HPC Workbench chamber, but not make any changes. change
2022-10-27 16:42:48
Actions
4ba50f17-9666-485c-a643-ff00808643f0 FHIR SMART User Role allows user to access FHIR Service according to SMART on FHIR specification add
2022-10-26 16:44:05
Role
51d6186e-6489-4900-b93f-92e23144cca5 Microsoft Sentinel Playbook Operator Microsoft Sentinel Playbook Operator change
2022-10-24 16:44:14
Actions
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backup service,but can't create vaults and give access to others change
2022-10-14 16:34:33
Actions
00c29273-979b-4161-815c-10b084fb9324 Backup Operator Lets you manage backup services, except removal of backup, vault creation and giving access to others change
2022-10-14 16:34:33
Actions
a795c7a0-d4a2-40c1-ae25-d81f01202912 Backup Reader Can view backup services, but can't make changes change
2022-10-14 16:34:33
Actions
b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b Azure Kubernetes Service RBAC Cluster Admin Lets you manage all resources in the cluster. change
2022-10-13 16:34:55
Actions
7f6c6a51-bcf8-42ba-9220-52d62157d7db Azure Kubernetes Service RBAC Reader Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. change
2022-10-13 16:34:55
Actions
3498e952-d568-435e-9b2c-8d77e338d7f7 Azure Kubernetes Service RBAC Admin Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. change
2022-10-13 16:34:55
Actions
a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb Azure Kubernetes Service RBAC Writer Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces. change
2022-10-13 16:34:55
Actions
18e40d4e-8d2e-438d-97e1-9528336e149c Deployment Environments User Provides access to manage environment resources. change
2022-10-12 16:34:55
DisplayName, Description, Actions
331c37c6-af14-46d9-b9f4-e1909e1b95a0 DevCenter Project Admin Provides access to manage project resources. change
2022-10-12 16:34:55
DataActions
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backup service,but can't create vaults and give access to others change
2022-09-28 16:34:30
Actions
a795c7a0-d4a2-40c1-ae25-d81f01202912 Backup Reader Can view backup services, but can't make changes change
2022-09-28 16:34:30
Actions
331c37c6-af14-46d9-b9f4-e1909e1b95a0 DevCenter Project Admin Provides access to manage project resources. change
2022-09-27 16:35:31
DataActions
e503ece1-11d0-4e8e-8e2c-7a6c3bf38815 AzureML Compute Operator Can access and perform CRUD operations on Machine Learning Services managed compute resources (including Notebook VMs). add
2022-09-27 16:35:31
Role
67d33e57-3129-45e6-bb0b-7cc522f762fa Azure Arc VMware Private Clouds Onboarding Azure Arc VMware Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vCenter instances to Azure. change
2022-09-27 16:35:31
Actions
1823dd4f-9b8c-4ab6-ab4e-7397a3684615 AzureML Registry User Can perform all actions on Machine Learning Services Registry assets as well as get Registry resources. add
2022-09-27 16:35:31
Role
18e40d4e-8d2e-438d-97e1-9528336e149c Microsoft.DevCenter Deployment Environments User Microsoft.DevCenter Deployment Environments User. add
2022-09-26 16:35:37
Role
00c29273-979b-4161-815c-10b084fb9324 Backup Operator Lets you manage backup services, except removal of backup, vault creation and giving access to others change
2022-09-26 16:35:37
Actions
51d6186e-6489-4900-b93f-92e23144cca5 Microsoft Sentinel Playbook Operator Microsoft Sentinel Playbook Operator change
2022-09-26 16:35:37
Actions
a99b0159-1064-4c22-a57b-c9b3caa1c054 Azure Spring Apps Remote Debugging Role Azure Spring Apps Remote Debugging Role add
2022-09-23 16:35:48
Role
80558df3-64f9-4c0f-b32d-e5094b036b0b Azure Spring Apps Connect Role Azure Spring Apps Connect Role add
2022-09-23 16:35:48
Role
51d6186e-6489-4900-b93f-92e23144cca5 Microsoft Sentinel Playbook Operator Microsoft Sentinel Playbook Operator add
2022-09-20 16:36:14
Role
ac63b705-f282-497d-ac71-919bf39d939d Management Group Reader Management Group Reader Role change
2022-09-19 16:35:35
Actions
5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c Management Group Contributor Management Group Contributor Role change
2022-09-19 16:35:35
Actions
7e4f1700-ea5a-4f59-8f37-079cfe29dce3 SignalR Service Owner Full access to Azure SignalR Service REST APIs change
2022-09-15 16:34:33
DataActions
b8b15564-4fa6-4a59-ab12-03e1d9594795 Autonomous Development Platform Data Contributor (Preview) Grants permissions to upload and manage new Autonomous Development Platform measurements. change
2022-09-15 16:34:33
DataActions
c6decf44-fd0a-444c-a844-d653c394e7ab Data Labeling - Labeler Can label data in Labeling. add
2022-09-09 16:35:25
Role
392ae280-861d-42bd-9ea5-08ee6d83b80e Template Spec Reader Allows read access to Template Specs at the assigned scope. add
2022-09-08 16:34:42
Role
bcd981a7-7f74-457b-83e1-cceb9e632ffe Azure Digital Twins Data Owner Full access role for Digital Twins data-plane change
2022-09-08 16:34:42
DisplayName, DataActions
1c9b6475-caf0-4164-b5a1-2142a7116f4b Template Spec Contributor Allows full access to Template Spec operations at the assigned scope. add
2022-09-08 16:34:42
Role
d57506d4-4c8d-48b1-8587-93c323f6a5a3 Azure Digital Twins Data Reader Read-only role for Digital Twins data-plane properties change
2022-09-08 16:34:42
DisplayName, DataActions
f58310d9-a9f6-439a-9e8d-f62e7b41a168 Role Based Access Control Administrator (Preview) Manage access to Azure resources by assigning roles using Azure RBAC. This role does not allow you to manage access using other ways, such as Azure Policy. add
2022-09-07 16:35:18
Role
43d0d8ad-25c7-4714-9337-8ba259a9fe05 Monitoring Reader Can read all monitoring data. change
2022-09-06 17:33:15
DataActions
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings. change
2022-09-06 17:33:15
DataActions
2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b Web Plan Contributor Lets you manage the web plans for websites, but not access to them. change
2022-09-05 16:34:39
Actions
434fb43a-c01c-447e-9f67-c3ad923cfaba Azure Kubernetes Fleet Manager RBAC Admin This role grants admin access - provides write permissions on most objects within a a namespace, with the exception of ResourceQuota object and the namespace object itself. Applying this role at cluster scope will give access across all namespaces. change
2022-08-29 16:36:36
DataActions
5af6afb3-c06c-4fa4-8848-71a8aee05683 Azure Kubernetes Fleet Manager RBAC Writer Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces. change
2022-08-29 16:36:36
Description, DataActions
30b27cfc-9c84-438e-b0ce-70e35255df80 Azure Kubernetes Fleet Manager RBAC Reader Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. change
2022-08-29 16:36:36
DataActions
ba79058c-0414-4a34-9e42-c3399d80cd5a Kubernetes Namespace User Allows a user to read namespace resources and retrieve kubeconfig for the cluster add
2022-08-24 16:35:21
Role
63bb64ad-9799-4770-b5c3-24ed299a07bf Azure Kubernetes Fleet Manager Contributor Role Grants access to read and write Azure Kubernetes Fleet Manager clusters add
2022-08-22 16:34:26
Role
5af6afb3-c06c-4fa4-8848-71a8aee05683 Azure Kubernetes Fleet Manager RBAC Writer Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces. add
2022-08-22 16:34:26
Role
434fb43a-c01c-447e-9f67-c3ad923cfaba Azure Kubernetes Fleet Manager RBAC Admin This role grants admin access - provides write permissions on most objects within a a namespace, with the exception of ResourceQuota object and the namespace object itself. Applying this role at cluster scope will give access across all namespaces. add
2022-08-22 16:34:26
Role
b0d8363b-8ddd-447d-831f-62ca05bff136 Monitoring Data Reader Can read all monitoring data. add
2022-08-22 16:34:26
Role
18ab4d3d-a1bf-4477-8ad9-8359bc988f69 Azure Kubernetes Fleet Manager RBAC Cluster Admin Lets you manage all resources in the fleet manager cluster. add
2022-08-22 16:34:26
Role
30b27cfc-9c84-438e-b0ce-70e35255df80 Azure Kubernetes Fleet Manager RBAC Reader Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. add
2022-08-22 16:34:26
Role
a2c4a527-7dc0-4ee3-897b-403ade70fafb Video Indexer Restricted Viewer Has access to view and search through all video's insights and transcription in the Video Indexer portal. No access to model customization, embedding of widget, downloading videos, or sharing the account. add
2022-08-10 16:33:37
Role
ab8e14d6-4a74-4a29-9ba8-549422addade Microsoft Sentinel Contributor Microsoft Sentinel Contributor change
2022-08-02 16:33:17
DisplayName, Description, NotActions
3e150937-b8fe-4cfb-8069-0eaf05ecd056 Microsoft Sentinel Responder Microsoft Sentinel Responder change
2022-08-02 16:33:17
DisplayName, Description, NotActions
8d289c81-5878-46d4-8554-54e1e3d8b5cb Microsoft Sentinel Reader Microsoft Sentinel Reader change
2022-08-02 16:33:17
NotActions
4339b7cf-9826-4e41-b4ed-c7f4505dac08 Code Signing Identity Verifier Manage identity or business verification requests. This role is in preview and subject to change. add
2022-07-29 16:32:42
Role
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backup service,but can't create vaults and give access to others change
2022-07-25 16:32:45
Actions
45d50f46-0b78-4001-a660-4198cbe8cd05 DevCenter Dev Box User Provides access to create and manage dev boxes. change
2022-07-25 16:32:45
Actions, DataActions
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings. change
2022-07-25 16:32:45
DataActions
331c37c6-af14-46d9-b9f4-e1909e1b95a0 DevCenter Project Admin Provides access to manage project resources. change
2022-07-25 16:32:45
Actions, NotActions, DataActions
a8281131-f312-4f34-8d98-ae12be9f0d23 Elastic San Volume Group Owner Lets you manage a volume group in elastic san account change
2022-07-21 16:31:45
Actions
af6a70f8-3c9f-4105-acf1-d719e9fca4ca Elastic San Reader Read Azure Elastic SAN and all sub-resources change
2022-07-21 16:31:45
Actions
40c5ff49-9181-41f8-ae61-143b0e78555e Desktop Virtualization Power On Off Contributor This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. add
2022-07-18 16:33:50
Role
a959dbd1-f747-45e3-8ba6-dd80f235f97c Desktop Virtualization Virtual Machine Contributor This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines. add
2022-07-18 16:33:50
Role
489581de-a3bd-480d-9518-53dea7416b33 Desktop Virtualization Power On Contributor This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to start virtual machines. add
2022-07-18 16:33:50
Role
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator. change
2022-07-13 16:33:16
Actions, DataActions
43d0d8ad-25c7-4714-9337-8ba259a9fe05 Monitoring Reader Can read all monitoring data. change
2022-07-07 16:32:17
DataActions
76cc9ee4-d5d3-4a45-a930-26add3d73475 Access Review Operator Service Role Lets you grant Access Review System app permissions to discover and revoke access as needed by the access review process. add
2022-07-04 16:35:09
Role
a8281131-f312-4f34-8d98-ae12be9f0d23 Elastic San Volume Group Owner Lets you manage a volume group in elastic san account add
2022-07-04 16:35:09
Role
80dcbedb-47ef-405d-95bd-188a1b4ac406 Elastic San Contributor Lets you manage elastic san accounts change
2022-06-29 16:32:23
Actions
361898ef-9ed1-48c2-849c-a832951106bb Domain Services Reader Can view Azure AD Domain Services and related network configurations change
2022-06-27 16:32:39
Actions
eeaeda52-9324-47f6-8069-5d5bade478b2 Domain Services Contributor Can manage Azure AD Domain Services and related network configurations change
2022-06-27 16:32:39
Actions
eeaeda52-9324-47f6-8069-5d5bade478b2 Domain Services Contributor Can manage Azure AD Domain Services and related network configurations change
2022-06-22 16:32:37
Actions
361898ef-9ed1-48c2-849c-a832951106bb Domain Services Reader Can view Azure AD Domain Services and related network configurations change
2022-06-22 16:32:37
Actions
7628b7b8-a8b2-4cdc-b46f-e9b35248918e Cognitive Services Language Reader Has access to Read and Test functions under Language portal change
2022-06-17 16:31:04
DataActions
d24ecba3-c1f4-40fa-a7bb-4588a071e8fd VM Scanner Operator Role that provides access to disk snapshot for security analysis. add
2022-06-08 16:32:24
Role
af6a70f8-3c9f-4105-acf1-d719e9fca4ca Elastic San Reader Read Azure Elastic SAN and all sub-resources add
2022-06-01 16:31:39
Role
b8b15564-4fa6-4a59-ab12-03e1d9594795 Autonomous Development Platform Data Contributor (Preview) Grants permissions to upload and manage new Autonomous Development Platform measurements. change
2022-05-31 16:32:29
DataActions
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator. change
2022-05-30 16:30:40
Actions, DataActions
80dcbedb-47ef-405d-95bd-188a1b4ac406 Elastic San Contributor Lets you manage elastic san accounts add
2022-05-26 16:30:22
Role
f2dc8367-1007-4938-bd23-fe263f013447 Cognitive Services Speech User Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models. change
2022-05-20 16:30:38
Actions
0e75ca1e-0464-4b4d-8b93-68208a576181 Cognitive Services Speech Contributor Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice. change
2022-05-20 16:30:38
Actions
0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8 Azure Kubernetes Service Cluster Admin Role List cluster admin credential action. change
2022-05-17 16:30:38
Actions
c031e6a8-4391-4de0-8d69-4706a7ed3729 API Management Developer Portal Content Editor Can customize the developer portal, edit its content, and publish it. add
2022-05-11 16:32:15
Role
8d289c81-5878-46d4-8554-54e1e3d8b5cb Microsoft Sentinel Reader Microsoft Sentinel Reader change
2022-05-09 16:29:26
DisplayName, Description, Actions
6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9 Azure Arc ScVmm Private Clouds Onboarding Azure Arc ScVmm Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vmm server instances to Azure. add
2022-05-05 21:31:23
Role
a92dfd61-77f9-4aec-a531-19858b406c87 Azure Arc ScVmm Administrator role Arc ScVmm VM Administrator has permissions to perform all ScVmm actions. add
2022-05-05 21:31:23
Role
e582369a-e17b-42a5-b10c-874c387c530b Azure Arc ScVmm VM Contributor Arc ScVmm VM Contributor has permissions to perform all VM actions. add
2022-05-05 21:31:23
Role
c0781e91-8102-4553-8951-97c6d4243cda Azure Arc ScVmm Private Cloud User Azure Arc ScVmm Private Cloud User has permissions to use the ScVmm resources to deploy VMs. add
2022-05-05 21:31:23
Role
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator. change
2022-05-04 16:30:32
Actions
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator. change
2022-05-03 16:57:51
Actions
6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 SQL Server Contributor Lets you manage SQL servers and databases, but not access to them, and not their security -related policies. change
2022-04-29 18:06:01
NotActions
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them. change
2022-04-28 17:39:09
Actions
4465e953-8ced-4406-a58e-0f6e3f3b530b FHIR Data Importer Role allows user or principal to read and import FHIR Data add
2022-04-21 16:39:45
Role
e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1 Storage Account Backup Contributor Lets you perform backup and restore operations using Azure Backup on the storage account. change
2022-04-20 16:54:13
DisplayName, Description, Actions
602da2ba-a5c2-41da-b01d-5360126ab525 Virtual Machine Local User Login View Virtual Machines in the portal and login as a local user configured on the arc server change
2022-04-18 16:32:42
Actions
f7b75c60-3036-4b75-91c3-6b41c27c1689 Reservation Purchaser Lets you purchase reservations change
2022-04-14 16:55:58
Actions
cd08ab90-6b14-449c-ad9a-8f8e549482c6 Scheduled Patching Contributor Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments change
2022-04-13 16:45:15
Actions
cd08ab90-6b14-449c-ad9a-8f8e549482c6 Scheduled Patching Contributor Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments add
2022-04-11 16:38:49
Role
602da2ba-a5c2-41da-b01d-5360126ab525 Virtual Machine Local User Login View Virtual Machines in the portal and login as a local user configured on the arc server add
2022-04-07 17:18:35
Role
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator. change
2022-04-05 17:06:52
Actions
331c37c6-af14-46d9-b9f4-e1909e1b95a0 DevCenter Project Admin Provides access to manage project resources. add
2022-04-01 20:29:16
Role
45d50f46-0b78-4001-a660-4198cbe8cd05 DevCenter Dev Box User Provides access to create and manage dev boxes. add
2022-03-31 18:06:31
Role
7628b7b8-a8b2-4cdc-b46f-e9b35248918e Cognitive Services Language Reader Has access to Read and Test functions under Language portal change
2022-03-30 16:45:33
DataActions, NotDataActions
f2310ca1-dc64-4889-bb49-c8e0fa3d47a8 Cognitive Services Language Writer Has access to all Read, Test, and Write functions under Language Portal change
2022-03-30 16:45:33
DataActions, NotDataActions
f07febfe-79bc-46b1-8b37-790e26e6e498 Cognitive Services Language Owner Has access to all Read, Test, Write, Deploy and Delete functions under Language portal change
2022-03-30 16:45:33
DataActions, NotDataActions
1ef6a3be-d0ac-425d-8c01-acb62866290b Compute Gallery Sharing Admin This role allows user to share gallery to another subscription/tenant or share it to the public. add
2022-03-28 17:59:08
Role
18ed5180-3e48-46fd-8541-4ea054d57064 Azure Kubernetes Service Policy Add-on Deployment Deploy the Azure Policy add-on on Azure Kubernetes Service clusters change
2022-03-16 17:58:57
Actions
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator. change
2022-03-16 17:58:57
Actions
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings. change
2022-03-11 18:17:07
Actions
0e75ca1e-0464-4b4d-8b93-68208a576181 Cognitive Services Speech Contributor Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice. change
2022-03-10 18:07:12
DataActions
6b77f0a0-0d89-41cc-acd1-579c22c17a67 AgFood Platform Sensor Partner Contributor Provides contribute access to manage sensor related entities in AgFood Platform Service add
2022-03-09 19:15:11
Role
18500a29-7fe2-46b2-a342-b16a415e101d Managed HSM contributor Lets you manage managed HSM pools, but not access to them. change
2022-03-08 17:46:41
Actions
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings. change
2022-03-08 17:46:41
Actions
959f8984-c045-4866-89c7-12bf9737be2e Data Operator for Managed Disks Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication. add
2022-03-01 18:03:34
Role
0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d DNS Resolver Contributor Lets you manage DNS resolver resources change
2022-03-01 18:03:34
Actions
0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d DNS Resolver Contributor Lets you manage DNS resolver resources add
2022-02-28 17:26:57
Role
361898ef-9ed1-48c2-849c-a832951106bb Domain Services Reader Can view Azure AD Domain Services and related network configurations add
2022-02-23 18:03:00
Role
eeaeda52-9324-47f6-8069-5d5bade478b2 Domain Services Contributor Can manage Azure AD Domain Services and related network configurations add
2022-02-23 18:03:00
Role
088ab73d-1256-47ae-bea9-9de8e7131f31 Guest Configuration Resource Contributor Lets you read, write Guest Configuration Resource. change
2022-02-11 18:30:29
Description, Actions
18ed5180-3e48-46fd-8541-4ea054d57064 Azure Kubernetes Service Policy Add-on Deployment Deploy the Azure Policy add-on on Azure Kubernetes Service clusters change
2022-02-10 17:19:06
Actions
18ed5180-3e48-46fd-8541-4ea054d57064 Azure Kubernetes Service Policy Add-on Deployment Deploy the Azure Policy add-on on Azure Kubernetes Service clusters add
2022-02-08 18:24:32
Role
a6333a3e-0164-44c3-b281-7a577aff287f Windows Admin Center Administrator Login Let's you manage the OS of your resource via Windows Admin Center as an administrator. add
2022-02-07 17:17:23
Role
00493d72-78f6-4148-b6c5-d3ce8e4799dd Azure Arc Enabled Kubernetes Cluster User Role List cluster user credentials action. change
2022-02-02 17:45:29
Actions
f2dc8367-1007-4938-bd23-fe263f013447 Cognitive Services Speech User Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models. change
2022-01-28 19:51:28
DataActions, NotDataActions
4447db05-44ed-4da3-ae60-6cbece780e32 Chamber User Lets you view everything under your HPC Workbench chamber, but not make any changes. change
2022-01-27 17:51:50
Actions
871e35f6-b5c1-49cc-a043-bde969a0f2cd CDN Endpoint Reader Can view CDN endpoints, but can't make changes. change
2022-01-27 17:51:50
Actions
f4c81013-99ee-4d62-a7ee-b3f1f648599a Microsoft Sentinel Automation Contributor Microsoft Sentinel Automation Contributor change
2022-01-26 17:48:32
DisplayName, Description, Actions
4447db05-44ed-4da3-ae60-6cbece780e32 Chamber User Lets you view everything under your HPC Workbench chamber, but not make any changes. add
2022-01-20 18:36:47
Role
4e9b8407-af2e-495b-ae54-bb60a55b1b5a Chamber Admin Lets you manage everything under your HPC Workbench chamber. add
2022-01-20 18:36:47
Role
088ab73d-1256-47ae-bea9-9de8e7131f31 Guest Configuration Resource Contributor Grants access to read or write to Guest Configuration resources. add
2022-01-14 17:44:10
Role
67d33e57-3129-45e6-bb0b-7cc522f762fa Azure Arc VMware Private Clouds Onboarding Azure Arc VMware Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vCenter instances to Azure. add
2022-01-14 17:44:10
Role
49e2f5d2-7741-4835-8efa-19e1fe35e47f Device Update Deployments Reader Gives you read access to management operations, but does not allow making changes change
2022-01-13 19:18:33
DataActions
e4237640-0e3d-4a46-8fda-70bc94856432 Device Update Deployments Administrator Gives you full access to management operations change
2022-01-13 19:18:33
DataActions
14b46e9e-c2b7-41b4-b07b-48a6ebf60603 Key Vault Crypto Officer Perform any action on the keys of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. change
2022-01-07 18:14:37
DisplayName, DataActions
b8b15564-4fa6-4a59-ab12-03e1d9594795 Autonomous Development Platform Data Contributor (Preview) Grants permissions to upload and manage new Autonomous Development Platform measurements. change
2022-01-04 13:44:22
Actions, DataActions, NotDataActions
d63b75f7-47ea-4f27-92ac-e0d173aaf093 Autonomous Development Platform Data Reader (Preview) Grants read access to Autonomous Development Platform data. change
2022-01-04 13:44:22
Actions, DataActions
27f8b550-c507-4db9-86f2-f4b8e816d59d Autonomous Development Platform Data Owner (Preview) Grants full access to Autonomous Development Platform data. change
2022-01-04 13:44:22
Actions, DataActions
3913510d-42f4-4e42-8a64-420c390055eb Monitoring Metrics Publisher Enables publishing metrics against Azure resources change
2022-01-04 11:26:52
DataActions
e8ddcd69-c73f-4f9f-9844-4100522f16ad Workbook Contributor Can save shared workbooks. change
2022-01-04 11:26:52
Actions
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings. change
2022-01-04 11:26:52
Actions
b279062a-9be3-42a0-92ae-8b3cf002ec4d Workbook Reader Can read workbooks. change
2022-01-04 11:26:52
Actions
00c29273-979b-4161-815c-10b084fb9324 Backup Operator Lets you manage backup services, except removal of backup, vault creation and giving access to others change
2021-12-16 17:24:54
Actions
cd570a14-e51a-42ad-bac8-bafd67325302 Azure Connected Machine Resource Administrator Can read, write, delete and re-onboard Azure Connected Machines. change
2021-12-15 17:18:05
Actions
fb879df8-f326-4884-b1cf-06f3ad86be52 Virtual Machine User Login View Virtual Machines in the portal and login as a regular user. change
2021-11-18 17:19:50
Actions
1c0163c0-47e6-4577-8991-ea5c82e286e4 Virtual Machine Administrator Login View Virtual Machines in the portal and login as administrator change
2021-11-18 17:19:50
Actions
12cf5a90-567b-43ae-8102-96cf46c7d9b4 Web PubSub Service Owner (Preview) Full access to Azure Web PubSub Service REST APIs change
2021-11-16 16:27:38
DataActions
420fcaa2-552c-430f-98ca-3264be4806c7 SignalR App Server Lets your app server access SignalR Service with AAD auth options. change
2021-11-16 16:27:38
DisplayName, DataActions
bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf Web PubSub Service Reader (Preview) Read-only access to Azure Web PubSub Service REST APIs change
2021-11-16 16:27:38
DataActions
fb1c8493-542b-48eb-b624-b4c8fea62acd Security Admin Security Admin Role change
2021-11-15 17:00:51
NotActions
f69b8690-cc87-41d6-b77a-a4bc3c0a966f Lab Services Contributor The lab services contributor role add
2021-11-11 17:21:27
Role
2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc Lab Services Reader The lab services reader role add
2021-11-11 17:21:27
Role
a36e6959-b6be-4b12-8e9f-ef4b474d304d Lab Operator The lab operator role add
2021-11-11 17:21:27
Role
b2de6794-95db-4659-8781-7e080d3f2b9d Cognitive Services Immersive Reader User Provides access to create Immersive Reader sessions and call APIs add
2021-11-11 17:21:27
Role
5daaa2af-1fe8-407c-9122-bba179798270 Lab Contributor The lab contributor role add
2021-11-11 17:21:27
Role
b97fb8bc-a8b2-4522-a38b-dd33c7e65ead Lab Creator Lets you create new labs under your Azure Lab Accounts. change
2021-11-11 17:21:27
Actions, DataActions
ce40b423-cede-4313-a93f-9b28290b72e1 Lab Assistant The lab assistant role add
2021-11-11 17:21:27
Role
0c8b84dc-067c-4039-9615-fa1a4b77c726 PlayFab Contributor Provides contributor access to PlayFab resources add
2021-11-10 17:42:24
Role
3ae3fb29-0000-4ccd-bf80-542e7b26e081 Load Test Reader View and list all load tests and load test resources but can not make any changes add
2021-11-10 17:42:24
Role
45bb0b16-2f0c-4e78-afaa-a07599b003f6 Load Test Owner Execute all operations on load test resources and load tests add
2021-11-09 16:56:00
Role
749a398d-560b-491b-bb21-08924219302e Load Test Contributor View, create, update, delete and execute load tests. View and list load test resources but can not make any changes. add
2021-11-09 16:56:00
Role
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings. change
2021-11-08 16:50:39
Actions
a9a19cc5-31f4-447c-901f-56c0bb18fcaf PlayFab Reader Provides read access to PlayFab resources add
2021-11-08 16:50:39
Role
ddc140ed-e463-4246-9145-7c664192013f Azure Arc VMware Administrator role Arc VMware VM Contributor has permissions to perform all connected VMwarevSphere actions. add
2021-11-05 17:28:15
Role
f07febfe-79bc-46b1-8b37-790e26e6e498 Cognitive Services Language Owner Has access to all Read, Test, Write, Deploy and Delete functions under Language portal add
2021-11-04 17:27:00
Role
f72c8140-2111-481c-87ff-72b910f6e3f8 Cognitive Services LUIS Owner Has access to all Read, Test, Write, Deploy and Delete functions under LUIS add
2021-11-04 17:27:00
Role
18e81cdc-4e98-4e29-a639-e7d10c5a6226 Cognitive Services LUIS Reader Has access to Read and Test functions under LUIS. add
2021-11-04 17:27:00
Role
7628b7b8-a8b2-4cdc-b46f-e9b35248918e Cognitive Services Language Reader Has access to Read and Test functions under Language portal add
2021-11-04 17:27:00
Role
f2310ca1-dc64-4889-bb49-c8e0fa3d47a8 Cognitive Services Language Writer Has access to all Read, Test, and Write functions under Language Portal add
2021-11-04 17:27:00
Role
6322a993-d5c9-4bed-b113-e49bbea25b27 Cognitive Services LUIS Writer Has access to all Read, Test, and Write functions under LUIS add
2021-11-04 17:27:00
Role
b748a06d-6150-4f8a-aaa9-ce3940cd96cb Azure Arc VMware VM Contributor Arc VMware VM Contributor has permissions to perform all VM actions. add
2021-10-28 15:43:30
Role
ce551c02-7c42-47e0-9deb-e3b6fc3a9a83 Azure Arc VMware Private Cloud User Azure Arc VMware Private Cloud User has permissions to use the VMware cloud resources to deploy VMs. add
2021-10-28 15:43:30
Role
f2dc8367-1007-4938-bd23-fe263f013447 Cognitive Services Speech User Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models. change
2021-10-26 15:38:27
Actions
0e75ca1e-0464-4b4d-8b93-68208a576181 Cognitive Services Speech Contributor Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice. change
2021-10-26 15:38:27
Actions
8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204 Azure Maps Data Contributor Grants access to read, write, and delete access to map related data from an Azure maps account. change
2021-10-13 16:30:51
DataActions
dba33070-676a-4fb0-87fa-064dc56ff7fb Azure Maps Contributor Grants access all Azure Maps resource management. add
2021-10-04 15:27:18
Role
6be48352-4f82-47c9-ad5e-0acacefdb005 Azure Maps Search and Render Data Reader Grants access to very limited set of data APIs for common visual web SDK scenarios. Specifically, render and search data APIs. add
2021-10-04 15:27:18
Role
9980e02c-c2be-4d73-94e8-173b1dc7cf3c Virtual Machine Contributor Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. change
2021-10-01 15:34:12
Actions
60fc6e62-5479-42d4-8bf4-67625fcc2840 Disk Pool Operator Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool. add
2021-09-14 15:45:54
Role
fd53cd77-2268-407a-8f46-7e7863d0f521 SignalR REST API Owner Full access to Azure SignalR Service REST APIs change
2021-09-13 16:35:21
DisplayName, Description, DataActions
6ae96244-5829-4925-a7d3-5975537d91dd Azure VM Managed identities restore Contributor Azure VM Managed identities restore Contributors are allowed to perform Azure VM Restores with managed identities both user and system add
2021-09-13 16:35:21
Role
494ae006-db33-4328-bf46-533a6560a3ca Site Recovery Operator Lets you failover and failback but not perform other Site Recovery management operations change
2021-09-10 15:51:14
Actions
1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf Stream Analytics Query Tester Lets you perform query testing without creating a stream analytics job first change
2021-09-08 15:40:07
Actions
a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b Azure Spring Cloud Config Server Contributor Allow read, write and delete access to Azure Spring Cloud Config Server add
2021-09-06 17:54:17
Role
dbaa88c4-0c30-4179-9fb3-46319faa6149 Site Recovery Reader Lets you view Site Recovery status but not perform other management operations change
2021-09-02 16:18:17
Actions
6670b86e-a3f7-4917-ac9b-5d6ab1be4567 Site Recovery Contributor Lets you manage Site Recovery service except vault creation and role assignment change
2021-09-02 16:18:17
Actions
1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf Stream Analytics Query Tester Lets you perform query testing without creating a stream analytics job first change
2021-09-01 15:00:06
Actions
f353d9bd-d4a6-484e-a77a-8050b599b867 Automation Contributor Manage azure automation resources and other resources using azure automation. change
2021-09-01 15:00:06
Actions
d04c6db6-4947-4782-9e91-30a88feb7be7 Azure Spring Cloud Config Server Reader Allow read access to Azure Spring Cloud Config Server add
2021-08-26 16:23:33
Role
cff1b556-2399-4e7e-856d-a8f754be7b65 Azure Spring Cloud Service Registry Reader Allow read access to Azure Spring Cloud Service Registry add
2021-08-20 15:48:24
Role
f5880b48-c26d-48be-b172-7927bfa1c8f1 Azure Spring Cloud Service Registry Contributor Allow read, write and delete access to Azure Spring Cloud Service Registry add
2021-08-20 15:48:24
Role
9980e02c-c2be-4d73-94e8-173b1dc7cf3c Virtual Machine Contributor Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. change
2021-08-19 16:32:19
Actions
2837e146-70d7-4cfd-ad55-7efa6464f958 CodeSigning Certificate Profile Signer Sign files with a certificate profile. This role is in preview and subject to change. add
2021-08-17 16:31:35
Role
a79a5197-3a5c-4973-a920-486035ffd60f Grafana Editor Built-in Grafana Editor role add
2021-08-13 17:07:50
Role
22926164-76b3-42b3-bc55-97df8dab3e41 Grafana Admin Built-in Grafana admin role add
2021-08-13 17:07:50
Role
60921a7e-fef1-4a43-9b16-a26c52ad4769 Grafana Viewer Built-in Grafana Viewer role add
2021-08-13 17:07:50
Role
fb1c8493-542b-48eb-b624-b4c8fea62acd Security Admin Security Admin Role change
2021-08-12 19:47:01
NotActions
39bc4728-0917-49c7-9d2c-d95423bc2eb4 Security Reader Security Reader Role change
2021-08-12 19:47:01
Actions
85cb6faf-e071-4c9b-8136-154b5a04f717 Kubernetes Extension Contributor Can create, update, get, list and delete Kubernetes Extensions, and get extension async operations add
2021-08-11 15:29:45
Role
10745317-c249-44a1-a5ce-3a4353c0bbd8 Device Provisioning Service Data Reader Allows for full read access to Device Provisioning Service data-plane properties. add
2021-08-09 22:29:09
Role
dfce44e4-17b7-4bd1-a6d1-04996ec95633 Device Provisioning Service Data Contributor Allows for full access to Device Provisioning Service data-plane operations. add
2021-08-09 22:29:09
Role
f353d9bd-d4a6-484e-a77a-8050b599b867 Automation Contributor Manage azure automation resources and other resources using azure automation. add
2021-08-09 19:32:28
Role
15e0f5a1-3450-4248-8e25-e2afe88a9e85 Test Base Reader Let you view and download packages and test results. change
2021-08-06 15:06:08
Actions
1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf Stream Analytics Query Tester Lets you perform query testing without creating a stream analytics job first change
2021-08-06 15:06:08
Actions
92aaf0da-9dab-42b6-94a3-d43ce8d16293 Log Analytics Contributor Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources. change
2021-08-06 15:06:08
Description, Actions
ab8e14d6-4a74-4a29-9ba8-549422addade Azure Sentinel Contributor Azure Sentinel Contributor change
2021-08-05 14:48:34
Actions
8d289c81-5878-46d4-8554-54e1e3d8b5cb Azure Sentinel Reader Azure Sentinel Reader change
2021-08-05 14:48:34
Actions
3e150937-b8fe-4cfb-8069-0eaf05ecd056 Azure Sentinel Responder Azure Sentinel Responder change
2021-08-05 14:48:34
Actions
25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68 Cognitive Services Contributor Lets you create, read, update, delete and manage keys of Cognitive Services. change
2021-08-03 20:37:08
Actions
fb879df8-f326-4884-b1cf-06f3ad86be52 Virtual Machine User Login View Virtual Machines in the portal and login as a regular user. change
2021-08-02 15:58:24
Actions, DataActions
1c0163c0-47e6-4577-8991-ea5c82e286e4 Virtual Machine Administrator Login View Virtual Machines in the portal and login as administrator change
2021-08-02 15:58:24
Actions, DataActions
f2dc8367-1007-4938-bd23-fe263f013447 Cognitive Services Speech User Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can't create, delete or modify the data/test/model/endpoint for custom models. change
2021-07-29 15:40:44
Description, DataActions, NotDataActions
0e75ca1e-0464-4b4d-8b93-68208a576181 Cognitive Services Speech Contributor Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice. change
2021-07-29 15:40:44
Description, DataActions
7e4f1700-ea5a-4f59-8f37-079cfe29dce3 SignalR Service Owner Full access to Azure SignalR Service REST APIs change
2021-07-29 15:40:44
DisplayName, DataActions
26e0b698-aa6d-4085-9386-aadae190014d Azure Relay Listener Allows for listen access to Azure Relay resources. add
2021-07-21 16:02:28
Role
26baccc8-eea7-41f1-98f4-1762cc7f685d Azure Relay Sender Allows for send access to Azure Relay resources. add
2021-07-20 17:09:18
Role
2787bf04-f1f5-4bfe-8383-c8a24483ee38 Azure Relay Owner Allows for full access to Azure Relay resources. add
2021-07-20 17:09:18
Role
8508508a-4469-4e45-963b-2518ee0bb728 AgFood Platform Service Contributor Provides contribute access to AgFood Platform Service change
2021-07-19 14:20:08
NotDataActions
3db33094-8700-4567-8da5-1501d4e7e843 FHIR Data Exporter Role allows user or principal to read and export FHIR Data change
2021-07-19 14:20:08
DataActions
e8113dce-c529-4d33-91fa-e9b972617508 Azure Connected SQL Server Onboarding Microsoft.AzureArcData service role to access the resources of Microsoft.AzureArcData stored with RPSAAS. add
2021-07-19 14:20:08
Role
f6c7c914-8db3-469d-8ca1-694a8f32e121 AzureML Data Scientist Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself. add
2021-07-15 16:24:54
Role
60fc6e62-5479-42d4-8bf4-67625fcc2840 Disk Pool Operator Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool. remove
2021-07-12 16:24:45
Role
39bc4728-0917-49c7-9d2c-d95423bc2eb4 Security Reader Security Reader Role change
2021-07-12 16:24:45
Actions
4c8d0bbc-75d3-4935-991f-5f3c56d81508 FHIR Data Reader Role allows user or principal to read FHIR Data change
2021-07-09 14:39:01
DataActions
a1705bd2-3a8f-45a5-8683-466fcfd5cc24 FHIR Data Converter Role allows user or principal to convert data from legacy format to FHIR change
2021-07-09 14:39:01
DataActions
5a1fc7df-4bf1-4951-a576-89034ee01acd FHIR Data Contributor Role allows user or principal full access to FHIR Data change
2021-07-09 14:39:01
DataActions
3f88fce4-5892-4214-ae73-ba5294559913 FHIR Data Writer Role allows user or principal to read and write FHIR Data change
2021-07-09 14:39:01
DataActions, NotDataActions
60fc6e62-5479-42d4-8bf4-67625fcc2840 Disk Pool Operator Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool. add
2021-07-09 14:39:01
Role
fb1c8493-542b-48eb-b624-b4c8fea62acd Security Admin Security Admin Role change
2021-07-08 14:19:50
Actions
c8d4ff99-41c3-41a8-9f60-21dfdad59608 AcrQuarantineWriter acr quarantine data writer change
2021-07-07 15:26:33
DataActions
d5a91429-5739-47e2-a06b-3470a27159e7 EventGrid Data Sender Allows send access to event grid events. add
2021-07-05 14:23:05
Role
cdda3590-29a3-44f6-95f2-9f980659eb04 AcrQuarantineReader acr quarantine data reader change
2021-06-24 14:29:36
DataActions
6cef56e8-d556-48e5-a04f-b8e64114680f AcrImageSigner acr image signer change
2021-06-24 14:29:36
DataActions
e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a DICOM Data Reader Read and search DICOM data. add
2021-06-18 14:19:53
Role
58a3b984-7adf-4c20-983a-32417c86fbc8 DICOM Data Owner Full access to DICOM data. add
2021-06-18 14:19:53
Role
76199698-9eea-4c19-bc75-cec21354c6b6 Storage Table Data Reader Allows for read access to Azure Storage tables and entities add
2021-06-15 14:06:27
Role
0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3 Storage Table Data Contributor Allows for read, write and delete access to Azure Storage tables and entities add
2021-06-15 14:06:27
Role
00c29273-979b-4161-815c-10b084fb9324 Backup Operator Lets you manage backup services, except removal of backup, vault creation and giving access to others change
2021-06-14 13:58:52
Actions
5e467623-bb1f-42f4-a55d-6e525e11384b Backup Contributor Lets you manage backup service,but can't create vaults and give access to others change
2021-06-14 13:58:52
Actions
a795c7a0-d4a2-40c1-ae25-d81f01202912 Backup Reader Can view backup services, but can't make changes change
2021-06-10 15:19:34
Actions
9b7fa17d-e63e-47b0-bb0a-15c516ac86ec SQL DB Contributor Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers. change
2021-06-10 15:19:34
NotActions
cd570a14-e51a-42ad-bac8-bafd67325302 Azure Connected Machine Resource Administrator Can read, write, delete and re-onboard Azure Connected Machines. change
2021-06-09 16:50:31
Actions
8ebe5a00-799e-43f5-93ac-243d3dce84a7 Search Index Data Contributor Grants full access to Azure Cognitive Search index data. add
2021-06-02 22:45:24
Role
1407120a-92aa-4202-b7e9-c0e197c71c8f Search Index Data Reader Grants read access to Azure Cognitive Search index data. add
2021-06-02 22:45:24
Role
a795c7a0-d4a2-40c1-ae25-d81f01202912 Backup Reader Can view backup services, but can't make changes change
2021-05-25 14:52:54
Actions
0b555d9b-b4a7-4f43-b330-627f0e5be8f0 Security Detonation Chamber Submitter Allowed to create submissions to Security Detonation Chamber change
2021-05-24 17:13:01
DataActions
a37b566d-3efa-4beb-a2f2-698963fa42ce Security Detonation Chamber Submission Manager Allowed to create and manage submissions to Security Detonation Chamber change
2021-05-24 17:13:01
DataActions
15e0f5a1-3450-4248-8e25-e2afe88a9e85 Test Base Reader Let you view and download packages and test results. add
2021-05-12 14:41:18
Role
99dba123-b5fe-44d5-874c-ced7199a5804 Media Services Streaming Endpoints Administrator Create, read, modify and delete Streaming Endpoints; read-only access to other Media Services resources. add
2021-05-07 14:29:30
Role
e4395492-1534-4db2-bedf-88c14621589c Media Services Media Operator Create, read, modify, and delete of Assets, Asset Filters, Streaming Locators and Jobs; read-only access to other Media Services resources. add
2021-05-07 14:29:30
Role
c4bba371-dacd-4a26-b320-7250bca963ae Media Services Policy Administrator Create, read, modify, and delete Account Filters, Streaming Policies, Content Key Policies and Transforms; read-only access to other Media Services resources. Cannot create Jobs, Assets or Streaming resources. add
2021-05-07 14:29:30
Role
532bc159-b25e-42c0-969e-a1d439f60d77 Media Services Live Events Administrator Create, read and modify Live Events, Assets, Asset Filters and Streaming Locators; read-only access to other Media Services resources. add
2021-05-07 14:29:30
Role
054126f8-9a2b-4f1c-a9ad-eca461f08466 Media Services Account Administrator Create, read, modify and delete Media Services accounts; read-only access to other Media Services resources. add
2021-05-03 14:09:38
Role
cd570a14-e51a-42ad-bac8-bafd67325302 Azure Connected Machine Resource Administrator Can read, write, delete and re-onboard Azure Connected Machines. change
2021-04-29 16:55:26
Actions
1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf Stream Analytics Query Tester Lets you perform query testing without creating a stream analytics job first add
2021-04-27 15:39:18
Role
7a6f0e70-c033-4fb1-828c-08514e5f4102 Collaborative Runtime Operator Can manage resources created by AICS at runtime change
2021-04-26 14:08:50
Actions
b447c946-2db7-41ec-983d-d8bf3b1c77e3 Azure Iot Hubs Data Reader Allows for full read access to Azure Iot Hubs data-plane properties add
2021-04-23 13:42:10
Role
494bdba2-168f-4f31-a0a1-191d2f7c028c Azure Iot?Hubs?Twin?Contributor Allows for read and write access to all Azure IoT Hubs device and module twins. add
2021-04-23 13:42:10
Role
4fc6c259-987e-4a07-842e-c321cc9d413f Azure Iot?Hubs?Data?Contributor Allows for full access to Azure IoT Hubs data plane operations. add
2021-04-23 13:42:10
Role
4ea46cd5-c1b2-4a8e-910b-273211f9ce47 Azure Iot Hubs Registry Contributor Allows for full access to Azure IoT Hubs device registry. add
2021-04-23 13:42:10
Role
a2138dac-4907-4679-a376-736901ed8ad8 AnyBuild Builder Basic user role for AnyBuild. This role allows listing of agent information and execution of remote build capabilities. add
2021-04-21 13:28:47
Role
9894cab4-e18a-44aa-828b-cb588cd6f2d7 Cognitive Services Face Recognizer Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices. add
2021-03-31 14:35:06
Role
0e75ca1e-0464-4b4d-8b93-68208a576181 Cognitive Services Speech Contributor This is a role that can read, write and delete all speech resources. add
2021-03-30 13:51:32
Role
f2dc8367-1007-4938-bd23-fe263f013447 Cognitive Services Speech User This is a role that can create, read, change and delete batch transcriptions, do real time transcriptions and list or get other speech resources. add
2021-03-30 13:51:32
Role
b5537268-8956-4941-a8f0-646150406f0c Azure Spring Cloud Data Reader Allow read access to Azure Spring Cloud Data add
2021-03-25 15:40:30
Role
bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf Web PubSub Service Reader (Preview) Read-only access to Azure Web PubSub Service REST APIs add
2021-03-24 14:32:47
Role
b64e21ea-ac4e-4cdf-9dc9-5b892992bee7 Azure Connected Machine Onboarding Can onboard Azure Connected Machines. change
2021-03-24 14:32:47
Actions
cd570a14-e51a-42ad-bac8-bafd67325302 Azure Connected Machine Resource Administrator Can read, write, delete and re-onboard Azure Connected Machines. change
2021-03-24 14:32:47
Actions
12cf5a90-567b-43ae-8102-96cf46c7d9b4 Web PubSub Service Owner (Preview) Full access to Azure Web PubSub Service REST APIs add
2021-03-24 14:32:47
Role
7e4f1700-ea5a-4f59-8f37-079cfe29dce3 SignalR Service Owner (Preview) Full access to Azure SignalR Service REST APIs change
2021-03-24 14:32:47
DataActions
daa9e50b-21df-454c-94a6-a8050adab352 Collaborative Data Contributor Can manage data packages of a collaborative. change
2021-03-17 17:26:57
Actions
d17ce0a2-0697-43bc-aac5-9113337ab61c WorkloadBuilder Migration Agent Role WorkloadBuilder Migration Agent Role. add
2021-03-12 15:32:19
Role
f4cc2bf9-21be-47a1-bdf1-5c5804381025 Cognitive Services QnA Maker Editor Let's you create, edit, import and export a KB. You cannot publish or delete a KB. change
2021-03-11 15:16:45
DataActions
466ccd10-b268-4a11-b098-b4849f024126 Cognitive Services QnA Maker Reader Let's you read and test a KB only. change
2021-03-11 15:16:45
DataActions
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them. change
2021-03-09 14:37:39
Actions
6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 SQL Server Contributor Lets you manage SQL servers and databases, but not access to them, and not their security -related policies. change
2021-03-09 14:37:39
NotActions
352470b3-6a9c-4686-b503-35deb827e500 Security Detonation Chamber Publisher Allowed to publish and modify platforms, workflows and toolsets to Security Detonation Chamber change
2021-03-08 14:55:25
DataActions
6188b7c9-7d01-4f99-a59f-c88b630326c0 Experimentation Metric Contributor Allows for creation, writes and reads to the metric set via the metrics service APIs. change
2021-03-08 14:55:25
DisplayName, Actions, DataActions
7f646f1b-fa08-80eb-a22b-edd6ce5c915c Experimentation Contributor Experimentation Contributor change
2021-03-08 14:55:25
DataActions
7f646f1b-fa08-80eb-a33b-edd6ce5c915c Experimentation Administrator Experimentation Administrator change
2021-03-08 14:55:25
Actions
4a167cdf-cb95-4554-9203-2347fe489bd9 Object Anchors Account Reader Lets you read ingestion jobs for an object anchors account. add
2021-03-02 15:11:43
Role
ca0835dd-bacc-42dd-8ed2-ed5e7230d15b Object Anchors Account Owner Provides user with ingestion capabilities for an object anchors account. add
2021-03-02 15:11:43
Role
28241645-39f8-410b-ad48-87863e2951d5 Security Detonation Chamber Reader Allowed to query submission info and files from Security Detonation Chamber add
2021-03-01 15:42:30
Role
230815da-be43-4aae-9cb4-875f7bd000aa Cosmos DB Operator Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings. change
2021-02-26 14:41:31
NotActions
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them. change
2021-02-15 15:24:20
Actions
1e241071-0855-49ea-94dc-649edcd759de EventGrid Contributor Lets you manage EventGrid operations. change
2021-02-11 14:23:07
Actions
b8b15564-4fa6-4a59-ab12-03e1d9594795 Autonomous Development Platform Data Contributor (Preview) Grants permissions to upload and manage new Autonomous Development Platform measurements. change
2021-02-09 14:46:34
DataActions
d63b75f7-47ea-4f27-92ac-e0d173aaf093 Autonomous Development Platform Data Reader (Preview) Grants read access to Autonomous Development Platform data. change
2021-02-09 14:46:34
DataActions
27f8b550-c507-4db9-86f2-f4b8e816d59d Autonomous Development Platform Data Owner (Preview) Grants full access to Autonomous Development Platform data. change
2021-02-09 14:46:34
DataActions
1e241071-0855-49ea-94dc-649edcd759de EventGrid Contributor Lets you manage EventGrid operations. add
2021-02-09 14:46:34
Role
7a6f0e70-c033-4fb1-828c-08514e5f4102 Collaborative Runtime Operator Can manage resources created by AICS at runtime change
2021-02-08 14:18:19
Actions
0e5f05e5-9ab9-446b-b98d-1e2157c94125 Quota Request Operator Role Role to read and create Quota Requests and get Quota Request Status. change
2021-02-05 15:19:18
Actions
ba92f5b4-2d11-453d-a403-e96b0029c9fe Storage Blob Data Contributor Allows for read, write and delete access to Azure Storage blob containers and data change
2021-02-04 14:17:50
DataActions
7f646f1b-fa08-80eb-a33b-edd6ce5c915c Experimentation Administrator Experimentation Administrator change
2021-02-03 15:09:04
DataActions
0e5f05e5-9ab9-446b-b98d-1e2157c94125 Quota Request Operator Role Role to read and create Quota Requests and get Quota Request Status. add
2021-02-03 15:09:04
Role
6188b7c9-7d01-4f99-a59f-c88b630326c0 Metric Contributor Allows for creation, writes and reads to the metric set via the metrics service APIs. change
2021-01-29 15:07:15
DataActions
f4c81013-99ee-4d62-a7ee-b3f1f648599a Azure Sentinel Automation Contributor Azure Sentinel Automation Contributor change
2021-01-26 16:07:29
Actions
352470b3-6a9c-4686-b503-35deb827e500 Security Detonation Chamber Publisher Allowed to publish and modify platforms, workflows and toolsets to Security Detonation Chamber change
2021-01-25 16:07:06
DataActions
a1705bd2-3a8f-45a5-8683-466fcfd5cc24 FHIR Data Converter Role allows user or principal to convert data from legacy format to FHIR add
2021-01-25 16:07:06
Role
a37b566d-3efa-4beb-a2f2-698963fa42ce Security Detonation Chamber Submission Manager Allowed to create and manage submissions to Security Detonation Chamber change
2021-01-25 16:07:06
DataActions
974c5e8b-45b9-4653-ba55-5f855dd0fb88 Storage Queue Data Contributor Allows for read, write, and delete access to Azure Storage queues and queue messages change
2021-01-25 16:07:06
DataActions
f4c81013-99ee-4d62-a7ee-b3f1f648599a Azure Sentinel Automation Contributor Azure Sentinel Automation Contributor add
2021-01-25 16:07:06
Role
0b555d9b-b4a7-4f43-b330-627f0e5be8f0 Security Detonation Chamber Submitter Allowed to create submissions to Security Detonation Chamber change
2021-01-25 16:07:06
DataActions
5432c526-bc82-444a-b7ba-57c5b0b5b34f CosmosRestoreOperator Can perform restore action for Cosmos DB database account add
2021-01-22 09:15:20
Role
ae349356-3a1b-4a5e-921d-050484c6347e Application Insights Component Contributor Can manage Application Insights components change
2021-01-20 16:06:17
Actions
7a6f0e70-c033-4fb1-828c-08514e5f4102 Collaborative Runtime Operator Can manage resources created by AICS at runtime add
2021-01-19 16:07:23
Role
00c29273-979b-4161-815c-10b084fb9324 Backup Operator Lets you manage backup services, except removal of backup, vault creation and giving access to others change
2021-01-19 16:07:23
Actions
7f646f1b-fa08-80eb-a33b-edd6ce5c915c Experimentation Administrator Experimentation Administrator change
2021-01-18 16:05:49
Actions
a37b566d-3efa-4beb-a2f2-698963fa42ce Security Detonation Chamber Submission Manager Allowed to create and manage submissions to Security Detonation Chamber add
2021-01-18 16:05:49
Role
352470b3-6a9c-4686-b503-35deb827e500 Security Detonation Chamber Publisher Allowed to publish and modify platforms, workflows and toolsets to Security Detonation Chamber add
2021-01-18 16:05:49
Role
7f646f1b-fa08-80eb-a22b-edd6ce5c915c Experimentation Contributor Experimentation Contributor change
2021-01-18 16:05:49
Actions
49632ef5-d9ac-41f4-b8e7-bbe587fa74a1 Experimentation Reader Experimentation Reader change
2021-01-12 16:06:58
Actions
5548b2cf-c94c-4228-90ba-30851930a12f Microsoft.Kubernetes connected cluster role Microsoft.Kubernetes connected cluster role. add
2021-01-08 16:05:47
Role
7efff54f-a5b4-42b5-a1c5-5411624893ce Disk Snapshot Contributor Provides permission to backup vault to manage disk snapshots. change
2021-01-06 16:06:44
Actions
b8b15564-4fa6-4a59-ab12-03e1d9594795 Autonomous Development Platform Data Contributor (Preview) Grants permissions to upload and manage new Autonomous Development Platform measurements. change
2021-01-05 16:06:49
Description, DataActions, NotDataActions
39bc4728-0917-49c7-9d2c-d95423bc2eb4 Security Reader Security Reader Role change
2021-01-04 16:05:39
Actions
b50d9833-a0cb-478e-945f-707fcc997c13 Disk Restore Operator Provides permission to backup vault to perform disk restore. change
2020-12-18 16:05:51
Actions
7efff54f-a5b4-42b5-a1c5-5411624893ce Disk Snapshot Contributor Provides permission to backup vault to manage disk snapshots. change
2020-12-18 16:05:51
Actions
3e5e47e6-65f7-47ef-90b5-e5dd4d455f24 Disk Backup Reader Provides permission to backup vault to perform disk backup. change
2020-12-18 16:05:51
Actions
e147488a-f6f5-4113-8e2d-b22465e65bf6 Key Vault Crypto Service Encryption User (preview) Read metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the 'Azure role-based access control' permission model. change
2020-12-18 16:05:51
DisplayName, Actions
b50d9833-a0cb-478e-945f-707fcc997c13 Disk Restore Operator Provides permission to backup vault to perform disk restore. add
2020-12-15 16:36:19
Role
7efff54f-a5b4-42b5-a1c5-5411624893ce Disk Snapshot Contributor Provides permission to backup vault to manage disk snapshots. add
2020-12-15 16:36:19
Role
3e5e47e6-65f7-47ef-90b5-e5dd4d455f24 Disk Backup Reader Provides permission to backup vault to perform disk backup. add
2020-12-15 16:36:19
Role
27f8b550-c507-4db9-86f2-f4b8e816d59d Autonomous Development Platform Data Owner (Preview) Grants full access to Autonomous Development Platform data. add
2020-12-15 16:36:19
Role
b8b15564-4fa6-4a59-ab12-03e1d9594795 Autonomous Development Platform Data Contributor (Preview) Grants permissions to manage Autonomous Development Platform data entities, but does not allow accessing the underlying data. Note that entity deletion is not permitted by this role. add
2020-12-15 16:36:19
Role
d63b75f7-47ea-4f27-92ac-e0d173aaf093 Autonomous Development Platform Data Reader (Preview) Grants read access to Autonomous Development Platform data. add
2020-12-15 16:36:19
Role
86240b0e-9422-4c43-887b-b61143f32ba8 Desktop Virtualization Application Group Contributor Contributor of the Desktop Virtualization Application Group. add
2020-12-14 15:13:28
Role
082f0a83-3be5-4ba1-904c-961cca79b387 Desktop Virtualization Contributor Contributor of Desktop Virtualization. add
2020-12-14 15:13:28
Role
21efdde3-836f-432b-bf3d-3e8e734d4b2b Desktop Virtualization Workspace Contributor Contributor of the Desktop Virtualization Workspace. add
2020-12-14 15:13:28
Role
2ad6aaab-ead9-4eaa-8ac5-da422f562408 Desktop Virtualization Session Host Operator Operator of the Desktop Virtualization Session Host. add
2020-12-14 15:13:28
Role
ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6 Desktop Virtualization User Session Operator Operator of the Desktop Virtualization Uesr Session. add
2020-12-14 15:13:28
Role
0fa44ee9-7a7d-466b-9bb2-2bf446b1204d Desktop Virtualization Workspace Reader Reader of the Desktop Virtualization Workspace. add
2020-12-14 15:13:28
Role
e307426c-f9b6-4e81-87de-d99efb3c32bc Desktop Virtualization Host Pool Contributor Contributor of the Desktop Virtualization Host Pool. add
2020-12-14 15:13:28
Role
c7aa55d3-1abb-444a-a5ca-5e51e485d6ec Integration Service Environment Developer Allows developers to create and update workflows, integration accounts and API connections in integration service environments. change
2020-12-14 15:13:28
Actions
49a72310-ab8d-41df-bbb0-79b649203868 Desktop Virtualization Reader Reader of Desktop Virtualization. add
2020-12-14 15:13:28
Role
aebf23d0-b568-4e86-b8f9-fe83a2c6ab55 Desktop Virtualization Application Group Reader Reader of the Desktop Virtualization Application Group. add
2020-12-14 15:13:28
Role
ceadfde2-b300-400a-ab7b-6143895aa822 Desktop Virtualization Host Pool Reader Reader of the Desktop Virtualization Host Pool. add
2020-12-14 15:13:28
Role
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them. change
2020-12-10 15:11:36
Actions
434105ed-43f6-45c7-a02f-909b2ba83430 Cost Management Contributor Can view costs and manage cost configuration (e.g. budgets, exports) change
2020-12-08 15:44:03
Actions
3e150937-b8fe-4cfb-8069-0eaf05ecd056 Azure Sentinel Responder Azure Sentinel Responder change
2020-12-08 15:44:03
Actions
72fafb9e-0641-4937-9268-a91bfd8191a3 Cost Management Reader Can view cost data and configuration (e.g. budgets, exports) change
2020-12-08 15:44:03
Actions
ca6382a4-1721-4bcf-a114-ff0c70227b6b Application Group Contributor Contributor of the Application Group. change
2020-12-07 15:13:35
Actions
ca6382a4-1721-4bcf-a114-ff0c70227b6b Application Group Contributor Contributor of the Application Group. add
2020-12-04 15:12:58
Role
dd920d6d-f481-47f1-b461-f338c46b2d9f Marketplace Admin Administrator of marketplace resource provider remove
2020-11-28 17:50:16
Role
6188b7c9-7d01-4f99-a59f-c88b630326c0 Metric Contributor Allows for creation, writes and reads to the metric set via the metrics service APIs. change
2020-11-24 15:34:53
DataActions
05b7651b-dc44-475e-b74d-df3db49fae0f Project Babylon Data Source Administrator The Microsoft.ProjectBabylon data source administrator can manage data sources and data scans. This role is in preview and subject to change. change
2020-11-23 14:37:57
DisplayName, Description, Actions
9ef4ef9c-a049-46b0-82ab-dd8ac094c889 Project Babylon Data Curator The Microsoft.ProjectBabylon data curator can create, read, modify and delete catalog data objects and establish relationships between objects. This role is in preview and subject to change. change
2020-11-23 14:37:57
DisplayName, Description, Actions
c8d896ba-346d-4f50-bc1d-7d1c84130446 Project Babylon Data Reader The Microsoft.ProjectBabylon data reader can read catalog data objects. This role is in preview and subject to change. change
2020-11-23 14:37:57
DisplayName, Description, Actions
ff100721-1b9d-43d8-af52-42b69c1272db Purview Data Reader Role Preview The Microsoft.Purview data reader can read catalog data objects change
2020-11-19 14:28:56
Actions
200bba9e-f0c8-430f-892b-6f0794863803 Purview Data Source Administrator Role Preview The Microsoft.Purview data source administrator can manage data sources and data scans change
2020-11-19 14:28:56
Actions
e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1 Storage Account Backup Contributor Role Storage Account Backup Contributors are allowed to perform backup and restore of Storage Account. change
2020-11-19 14:28:56
Actions
8a3c2885-9b38-4fd2-9d99-91af537c1347 Purview Data Curator Role Preview The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects change
2020-11-19 14:28:56
Actions
749f88d5-cbae-40b8-bcfc-e573ddc772fa Monitoring Contributor Can read all monitoring data and update monitoring settings. change
2020-11-18 18:53:03
Actions
6188b7c9-7d01-4f99-a59f-c88b630326c0 Metric Contributor Allows for creation, writes and reads to the metric set via the metrics service APIs. change
2020-11-18 18:53:03
DisplayName, DataActions
f2f79976-90be-4501-89c6-7caf12474683 Azure Data Cloud Lifter Management Grants full access to manage all resources in managed Resource Group. remove
2020-11-18 18:53:03
Role
200bba9e-f0c8-430f-892b-6f0794863803 Purview Data Source Administrator Role Preview The Microsoft.Purview data source administrator can manage data sources and data scans add
2020-11-16 13:39:23
Role
05b7651b-dc44-475e-b74d-df3db49fae0f Project Babylon Data Source Administrator Role Preview The Microsoft.ProjectBabylon data source administrator can manage data sources and data scans add
2020-11-16 13:39:23
Role
ff100721-1b9d-43d8-af52-42b69c1272db Purview Data Reader Role Preview The Microsoft.Purview data reader can read catalog data objects add
2020-11-16 13:39:23
Role
8a3c2885-9b38-4fd2-9d99-91af537c1347 Purview Data Curator Role Preview The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects add
2020-11-16 13:39:23
Role
c8d896ba-346d-4f50-bc1d-7d1c84130446 Project Babylon Data Reader Role Preview The Microsoft.ProjectBabylon data reader can read catalog data objects add
2020-11-16 13:39:23
Role
9ef4ef9c-a049-46b0-82ab-dd8ac094c889 Project Babylon Data Curator Role Preview The Microsoft.ProjectBabylon data curator can create, read, modify and delete catalog data objects and establish relationships between objects add
2020-11-16 13:39:23
Role
e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1 Storage Account Backup Contributor Role Storage Account Backup Contributors are allowed to perform backup and restore of Storage Account. change
2020-11-16 13:39:23
Actions
e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1 Storage Account Backup Contributor Role Storage Account Backup Contributors are allowed to perform backup and restore of Storage Account. add
2020-11-13 14:22:44
Role
6188b7c9-7d01-4f99-a59f-c88b630326c0 Metric Contributor Service Role Allows for creation, writes and reads to the metric set via the metrics service APIs. add
2020-11-12 14:32:48
Role
b24988ac-6180-42a0-ab88-20f7382dd24c Contributor Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC. change
2020-11-11 15:02:47
NotActions
3e150937-b8fe-4cfb-8069-0eaf05ecd056 Azure Sentinel Responder Azure Sentinel Responder change
2020-11-09 14:42:02
NotActions
ab8e14d6-4a74-4a29-9ba8-549422addade Azure Sentinel Contributor Azure Sentinel Contributor change
2020-11-04 15:39:11
Actions
8d289c81-5878-46d4-8554-54e1e3d8b5cb Azure Sentinel Reader Azure Sentinel Reader change
2020-11-04 15:39:11
Actions
3e150937-b8fe-4cfb-8069-0eaf05ecd056 Azure Sentinel Responder Azure Sentinel Responder change
2020-11-04 15:39:11
Actions
63f0a09d-1495-4db4-a681-037d84835eb4 Azure Arc Kubernetes Viewer Lets you view all resources in cluster/namespace, except secrets. change
2020-11-03 14:38:31
DataActions, NotDataActions
5b999177-9696-4545-85c7-50de3797e5a1 Azure Arc Kubernetes Writer Lets you update everything in cluster/namespace, except (cluster)roles and (cluster)role bindings. change
2020-11-03 14:38:31
DataActions, NotDataActions
dffb1e0c-446f-4dde-a09f-99eb5cc68b96 Azure Arc Kubernetes Admin Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. change
2020-11-03 14:38:31
DataActions, NotDataActions
635dd51f-9968-44d3-b7fb-6d9a6bd613ae AzureML Metrics Writer (preview) Lets you write metrics to AzureML workspace add
2020-10-29 15:20:50
Role
f2f79976-90be-4501-89c6-7caf12474683 Azure Data Cloud Lifter Management Grants full access to manage all resources in managed Resource Group. change
2020-10-28 15:04:35
Actions
8508508a-4469-4e45-963b-2518ee0bb728 AgFood Platform Service Contributor Provides contribute access to AgFood Platform Service change
2020-10-27 14:13:08
NotDataActions
f7b75c60-3036-4b75-91c3-6b41c27c1689 Reservation Purchaser Lets you purchase reservations add
2020-10-26 14:19:04
Role
a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb Azure Kubernetes Service RBAC Writer Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces. change
2020-10-23 13:31:33
Description, Actions, DataActions, NotDataActions
420fcaa2-552c-430f-98ca-3264be4806c7 SignalR App Server (Preview) Lets your app server access SignalR Service with AAD auth options. change
2020-10-23 13:31:33
DataActions
7e4f1700-ea5a-4f59-8f37-079cfe29dce3 SignalR Service Owner (Preview) Full access to Azure SignalR Service REST APIs change
2020-10-23 13:31:33
DataActions
7f6c6a51-bcf8-42ba-9220-52d62157d7db Azure Kubernetes Service RBAC Reader Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. change
2020-10-23 13:31:33
Description, Actions, DataActions, NotDataActions
fd53cd77-2268-407a-8f46-7e7863d0f521 SignalR Serverless Contributor (Preview) Lets your app access service in serverless mode with AAD auth options. change
2020-10-23 13:31:33
Description, DataActions
9b7fa17d-e63e-47b0-bb0a-15c516ac86ec SQL DB Contributor Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers. change
2020-10-20 13:29:34
NotActions
f2f79976-90be-4501-89c6-7caf12474683 Azure Data Cloud Lifter Management Grants full access to manage all resources in managed Resource Group. add
2020-10-20 13:29:34
Role
6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 SQL Server Contributor Lets you manage SQL servers and databases, but not access to them, and not their security -related policies. change
2020-10-20 13:29:34
NotActions
056cd41c-7e88-42e1-933e-88ba6a50c9c3 SQL Security Manager Lets you manage the security-related policies of SQL servers and databases, but not access to them. change
2020-10-20 13:29:34
Actions
0b555d9b-b4a7-4f43-b330-627f0e5be8f0 Security Detonation Chamber Submitter Allowed to create submissions to Security Detonation Chamber add
2020-10-19 15:27:07
Role
ddde6b66-c0df-4114-a159-3618637b3035 SignalR Service Reader (Preview) Read-only access to Azure SignalR Service REST APIs add
2020-10-13 13:23:37
Role
7e4f1700-ea5a-4f59-8f37-079cfe29dce3 SignalR Service Owner (Preview) Full access to Azure SignalR Service REST APIs add
2020-10-13 13:23:37
Role
82200a5b-e217-47a5-b665-6d8765ee745b Services Hub Operator Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors. change
2020-10-07 08:52:18
Actions
4fe6d683-8411-4247-8525-b6b5b8a80669 Microsoft.ScVmm service role Microsoft.ScVmm service role. remove
2020-09-23 13:42:44
Role
18500a29-7fe2-46b2-a342-b16a415e101d Managed HSM contributor Lets you manage managed HSM pools, but not access to them. add
2020-09-17 14:31:34
Role
8508508a-4469-4e45-963b-2518ee0bb728 AgFood Platform Service Contributor Provides contribute access to AgFood Platform Service add
2020-09-14 13:55:19
Role
4fe6d683-8411-4247-8525-b6b5b8a80669 Microsoft.ScVmm service role Microsoft.ScVmm service role. add
2020-09-14 13:55:19
Role
5dffeca3-4936-4216-b2bc-10343a5abb25 Schema Registry Contributor (Preview) Read, write, and delete Schema Registry groups and schemas. add
2020-09-14 13:55:19
Role
7ec7ccdc-f61e-41fe-9aaf-980df0a44eba AgFood Platform Service Reader Provides read access to AgFood Platform Service add
2020-09-14 13:55:19
Role
f8da80de-1ff9-4747-ad80-a19b7f6079e3 AgFood Platform Service Admin Provides admin access to AgFood Platform Service add
2020-09-14 13:55:19
Role
2c56ea50-c6b3-40a6-83c0-9d98858bc7d2 Schema Registry Reader (Preview) Read and list Schema Registry groups and schemas. add
2020-09-14 13:55:19
Role
cb43c632-a144-4ec5-977c-e80c4affc34a Cognitive Services Metrics Advisor Administrator Full access to the project, including the system level configuration. add
2020-09-10 14:55:48
Role
3b20f47b-3825-43cb-8114-4bd2201156a8 Cognitive Services Metrics Advisor User Access to the project. add
2020-09-10 14:55:48
Role
02ca0879-e8e4-47a5-a61e-5c618b76e64a Device Update Administrator Gives you full access to management and content operations add
2020-08-23 16:02:03
Role
0378884a-3af5-44ab-8323-f5b22f9f3c98 Device Update Content Administrator Gives you full access to content operations add
2020-08-23 16:02:03
Role
e4237640-0e3d-4a46-8fda-70bc94856432 Device Update Deployments Administrator Gives you full access to management operations add
2020-08-23 16:02:03
Role
e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f Device Update Reader Gives you read access to management and content operations, but does not allow making changes add
2020-08-23 16:02:03
Role
d1ee9a80-8b14-47f0-bdc2-f4a351625a7b Device Update Content Reader Gives you read access to content operations, but does not allow making changes add
2020-08-23 16:02:03
Role
49e2f5d2-7741-4835-8efa-19e1fe35e47f Device Update Deployments Reader Gives you read access to management operations, but does not allow making changes add
2020-08-23 16:02:03
Role
daa9e50b-21df-454c-94a6-a8050adab352 Collaborative Data Contributor Can manage data packages of a collaborative. add
2020-08-14 14:27:30
Role
fd53cd77-2268-407a-8f46-7e7863d0f521 SignalR Serverless Contributor (Preview) Lets your app access service in serverless mode. add
2020-07-29 13:49:09
Role
00493d72-78f6-4148-b6c5-d3ce8e4799dd Azure Arc Enabled Kubernetes Cluster User Role List cluster user credentials action. add
2020-07-29 13:49:09
Role
420fcaa2-552c-430f-98ca-3264be4806c7 SignalR App Server (Preview) Lets your app server access SignalR Service with AAD Auth options. add
2020-07-29 13:49:09
Role
d18777c0-1514-4662-8490-608db7d334b6 Object Understanding Account Reader Lets you read ingestion jobs for an object understanding account. add
2020-07-24 14:41:55
Role
82200a5b-e217-47a5-b665-6d8765ee745b Services Hub Operator Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors. add
2020-07-21 19:48:17
Role
a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb Azure Kubernetes Service RBAC Writer Lets you update everything in cluster/namespace, except resource quotas, namespaces, pod security policies, certificate signing requests, (cluster)roles and (cluster)role bindings. add
2020-07-03 14:58:03
Role
b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b Azure Kubernetes Service RBAC Cluster Admin Lets you manage all resources in the cluster. add
2020-07-03 14:58:03
Role
7f6c6a51-bcf8-42ba-9220-52d62157d7db Azure Kubernetes Service RBAC Reader Lets you view all resources in cluster/namespace, except secrets. add
2020-07-03 14:58:03
Role
3498e952-d568-435e-9b2c-8d77e338d7f7 Azure Kubernetes Service RBAC Admin Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. add
2020-07-03 14:58:03
Role
dffb1e0c-446f-4dde-a09f-99eb5cc68b96 Azure Arc Kubernetes Admin Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. add
2020-06-15 15:35:59
Role
63f0a09d-1495-4db4-a681-037d84835eb4 Azure Arc Kubernetes Viewer Lets you view all resources in cluster/namespace, except secrets. add
2020-06-15 15:35:59
Role
8393591c-06b9-48a2-a542-1bd6b377f6a2 Azure Arc Kubernetes Cluster Admin Lets you manage all resources in the cluster. add
2020-06-15 15:35:59
Role
5b999177-9696-4545-85c7-50de3797e5a1 Azure Arc Kubernetes Writer Lets you update everything in cluster/namespace, except (cluster)roles and (cluster)role bindings. add
2020-06-15 15:35:59
Role
e147488a-f6f5-4113-8e2d-b22465e65bf6 Key Vault Crypto Service Encryption (preview) Can read metadata of keys and perform wrap/unwrap operations. add
2020-05-21 16:07:05
Role
14b46e9e-c2b7-41b4-b07b-48a6ebf60603 Key Vault Crypto Officer (preview) Can perform any action on the keys of a key vault, except manage permissions. add
2020-05-19 20:42:36
Role
00482a5a-887f-4fb3-b363-3b7fe8e74483 Key Vault Administrator (preview) Can perform any action on certificates, keys and secrets of a key vault, except manage permissions. add
2020-05-19 20:42:36
Role
12338af0-0e69-4776-bea7-57ae8d297424 Key Vault Crypto User (preview) Can perform cryptographic operations on keys and certificates. add
2020-05-19 20:42:36
Role
b86a8fe4-44ce-4948-aee5-eccb2c155cd7 Key Vault Secrets Officer (preview) Can perform any action on the secrets of a key vault, except manage permissions. add
2020-05-19 20:42:36
Role
21090545-7ca7-4776-b22c-e363652d74d2 Key Vault Reader (preview) Can read metadata of key vaults and its certificates, keys and secrets. Cannot read sensitive values such as secret contents or key material. add
2020-05-19 20:42:36
Role
4633458b-17de-408a-b874-0445c86b69e6 Key Vault Secrets User (preview) Can read secret contents. add
2020-05-19 20:42:36
Role
a4417e6f-fecd-4de8-b567-7b0420556985 Key Vault Certificates Officer (preview) Can perform any action on the certificates of a key vault, except manage permissions. add
2020-05-19 20:42:36
Role
c1ff6cc2-c111-46fe-8896-e0ef812ad9f3 Cognitive Services Custom Vision Contributor Full access to the project, including the ability to view, create, edit, or delete projects. add
2020-05-09 14:57:51
Role
0a5ae4ab-0d65-4eeb-be61-29fc9b54394b Cognitive Services Custom Vision Trainer View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can't create or delete the project. add
2020-05-09 14:57:51
Role
88424f51-ebe7-446f-bc41-7fa16989e96c Cognitive Services Custom Vision Labeler View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags. add
2020-05-09 14:57:51
Role
5c4089e1-6d96-4d2f-b296-c1bc7137275f Cognitive Services Custom Vision Deployment Publish, unpublish or export models. Deployment can view the project but can't update. add
2020-05-09 14:57:51
Role
93586559-c37d-4a6b-ba08-b9f0940c2d73 Cognitive Services Custom Vision Reader Read-only actions in the project. Readers can't create or update the project. add
2020-05-09 14:57:51
Role
8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204 Azure Maps Data Contributor Grants access to read, write, and delete access to map related data from an Azure maps account. add
2020-05-08 05:22:07
Role
466ccd10-b268-4a11-b098-b4849f024126 Cognitive Services QnA Maker Reader Let's you read and test a KB only. change
2020-05-04 15:11:45
DisplayName
f4cc2bf9-21be-47a1-bdf1-5c5804381025 Cognitive Services QnA Maker Editor Let's you create, edit, import and export a KB. You cannot publish or delete a KB. change
2020-05-04 15:11:45
DisplayName
423170ca-a8f6-4b0f-8487-9e4eb8f49bfa Azure Maps Data Reader Grants access to read map related data from an Azure maps account. change
2020-04-29 16:42:26
DisplayName
aefefa01-2a29-4197-83a8-2828f33ce315 Tenant registration role Service role used by RP's for tenant level registration remove
2020-04-24 19:20:22
Role
70ea1423-466c-4e7b-a2ee-f1206ef2072d Experiment Contributor Experiment Contributor remove
2020-04-23 15:06:19
Role
49632ef5-d9ac-41f4-b8e7-bbe587fa74a1 Experimentation Reader Experimentation Reader change
2020-04-23 15:06:19
DisplayName
aefefa01-2a29-4197-83a8-2828f33ce315 Tenant registration role Service role used by RP's for tenant level registration add
2020-04-23 15:06:19
Role
ed4b1625-bac7-4b49-8578-127fc3440d25 Experiment Administrator Experiment Administrator remove
2020-04-23 15:06:19
Role
4dd61c23-6743-42fe-a388-d8bdd41cb745 Object Understanding Account Owner Provides user with ingestion capabilities for Azure Object Understanding. add
2020-04-23 15:06:19
Role
49632ef5-d9ac-41f4-b8e7-bbe587fa74a1 Experiment Operator Experiment Operator change
2020-03-28 01:22:25
DisplayName
b879ac78-f1e6-448d-ab4c-5908cd5967c1 VSOnline Virtual Network Service Role This role will have access to customer's virtual networks, nics, and public ips. It used by VSOnline to deploy VMs into customer's virtual network remove
2020-03-28 01:22:25
Role
49632ef5-d9ac-41f4-b8e7-bbe587fa74a1 Experimentation Operator Experiment Operator add
2020-03-26 18:26:05
Role
ed4b1625-bac7-4b49-8578-127fc3440d25 Experiment Administrator Experiment Administrator add
2020-03-26 18:26:05
Role
70ea1423-466c-4e7b-a2ee-f1206ef2072d Experiment Contributor Experiment Contributor add
2020-03-26 18:26:05
Role
4c8d0bbc-75d3-4935-991f-5f3c56d81508 FHIR Data Reader Role allows user or principal to read FHIR Data add
2020-03-18 07:39:13
Role
3f88fce4-5892-4214-ae73-ba5294559913 FHIR Data Writer Role allows user or principal to read and write FHIR Data add
2020-03-18 07:39:13
Role
3db33094-8700-4567-8da5-1501d4e7e843 FHIR Data Exporter Role allows user or principal to read FHIR Data add
2020-03-18 07:39:13
Role
5a1fc7df-4bf1-4951-a576-89034ee01acd FHIR Data Contributor Role allows user or principal full access to FHIR Data add
2020-03-18 07:39:13
Role
b879ac78-f1e6-448d-ab4c-5908cd5967c1 VSOnline Virtual Network Service Role This role will have access to customer's virtual networks, nics, and public ips. It used by VSOnline to deploy VMs into customer's virtual network add
2020-03-14 15:10:08
Role
350f8d15-c687-4448-8ae1-157740a3936d Hierarchy Settings Administrator Allows users to edit and delete Hierarchy Settings add
2020-03-14 15:10:08
Role
bcd981a7-7f74-457b-83e1-cceb9e632ffe Azure Digital Twins Owner (Preview) Full access role for Digital Twins data-plane add
2020-03-11 05:47:56
Role
d57506d4-4c8d-48b1-8587-93c323f6a5a3 Azure Digital Twins Reader (Preview) Read-only role for Digital Twins data-plane properties add
2020-03-11 05:47:56
Role
ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8 Azure Kubernetes Service Contributor Role Grants access to read and write Azure Kubernetes Service clusters add
2020-02-28 09:58:27
Role
dd920d6d-f481-47f1-b461-f338c46b2d9f Marketplace Admin Administrator of marketplace resource provider add
2020-02-27 09:26:20
Role
a41e2c5b-bd99-4a07-88f4-9bf657a760b8 Integration Service Environment Contributor Lets you manage integration service environments, but not access to them. add
2020-02-21 00:11:51
Role
c7aa55d3-1abb-444a-a5ca-5e51e485d6ec Integration Service Environment Developer Allows developers to create and update workflows, integration accounts and API connections in integration service environments. add
2020-02-21 00:11:51
Role
4a9ae827-6dc8-4573-8ac7-8239d42aa03f Tag Contributor Lets you manage tags on entities, without providing access to the entities themselves. add
2020-02-19 09:00:33
Role
612c2aa1-cb24-443b-ac28-3ab7272de6f5 Security Assessment Contributor Lets you push assessments to Security Center add
2020-02-13 13:58:05
Role
34e09817-6cbe-4d01-b1a2-e0eac5743d41 Kubernetes Cluster - Azure Arc Onboarding Role definition to authorize any user/service to create connectedClusters resource change
2020-02-11 08:11:18
DisplayName
641177b8-a67a-45b9-a033-47bc880bb21e Managed Application Contributor Role Allows for creating managed application resources. add
2020-02-08 03:50:49
Role
0b072326-6884-49b7-a53d-ae6aa62260ff MLC Service Role This role defines permissions for control plane actions by the Machine Learning Compute (MLC) service. remove
2020-01-30 21:07:35
Role
d39065c4-c120-43c9-ab0a-63eed9795f0a Remote Rendering Client Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. add
2020-01-24 05:21:10
Role
3df8b902-2a6f-47c7-8cc5-360e9b272a7e Remote Rendering Administrator Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering add
2020-01-24 05:21:10
Role
7f646f1b-fa08-80eb-a33b-edd6ce5c915c Experimentation Administrator Experimentation Administrator add
2019-12-19 07:49:46
Role
466ccd10-b268-4a11-b098-b4849f024126 QnA Maker Reader add
2019-12-18 15:43:34
Role
f4cc2bf9-21be-47a1-bdf1-5c5804381025 QnA Maker Editor add
2019-12-18 15:43:34
Role
7f646f1b-fa08-80eb-a22b-edd6ce5c915c Experimentation Contributor Experimentation Contributor add
2019-12-17 15:43:46
Role
34e09817-6cbe-4d01-b1a2-e0eac5743d41 Kubernetes Cluster - Azure Arc Onborading Role definition to authorize any user/service to create connectedClusters resource change
2019-12-13 11:23:49
DisplayName
0b072326-6884-49b7-a53d-ae6aa62260ff MLC Service Role This role defines permissions for control plane actions by the Machine Learning Compute (MLC) service. add
2019-11-26 15:41:35
Role
36243c78-bf99-498c-9df9-86d9f8d28608 Resource Policy Contributor Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. change
2019-11-20 21:32:41
DisplayName
5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b App Configuration Data Owner Allows full access to App Configuration data. add
2019-10-26 02:15:31
Role
516239f1-63e1-4d78-a4de-a74fb236a071 App Configuration Data Reader Allows read access to App Configuration data. add
2019-10-26 02:15:31
Role
91c1777a-f3dc-4fae-b103-61d183457e46 Managed Services Registration assignment Delete Role Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. add
2019-10-24 02:15:32
Role
b64e21ea-ac4e-4cdf-9dc9-5b892992bee7 Azure Connected Machine Onboarding Can onboard Azure Connected Machines. add
2019-10-24 02:15:32
Role
cd570a14-e51a-42ad-bac8-bafd67325302 Azure Connected Machine Resource Administrator Can read, write, delete and re-onboard Azure Connected Machines. add
2019-10-24 02:15:32
Role
7f646f1b-fa07-40eb-a22b-edd6ce5c915c Altretya test Service Role Altretya test remove
2019-10-24 02:15:32
Role
7f646f1b-fa07-40eb-a22b-edd6ce5c915c Altretya test Service Role Altretya test add
2019-10-07 13:33:12
Role